last executing test programs: 3.100352756s ago: executing program 2 (id=6939): r0 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e00000000000000001801", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) write$selinux_access(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a6c645f736f5f7420704a122f7362696e2f6468636c69656e742030"], 0x41) 3.0570522s ago: executing program 2 (id=6941): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50) 2.933750102s ago: executing program 2 (id=6944): close(0xffffffffffffffff) socket$packet(0x11, 0x3, 0x300) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b2620df1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc561a62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x4, 0x26d, &(0x7f00000005c0)="$eJzs281OE18Yx/EfL/8/CMJUURSM8YludDOBegUNgcTYRIPU+JKYDDLVpkNLOg2mxgg7t14HcenOxHgDbLwCF+7YuGRhHMNMLS2UqAuZaL+fzXnI4deck+dMcxadnXuvV8vF0C16dfX3mQalTe1KGfVrQIm+5tgf1/+r3aauTeQ/Xbxz/8HNXD4/v2i2kFu6njWz8Uvvn714c/lDffTu2/F3Q9rOPNr5kv28Pbk9tfNt6WkptFJolWrdPFuuVuvecuDbSiksu2a3A98LfStVQr/WMV8MqmtrDfMqK2MjazU/DM2rNKzsN6xetXqtYd4Tr1Qx13VtbET4mcLW4qKXS3sV+LNqtZw3J2n60ExhK5UFAQCAVHH/72Xc/3vB3v3/YfP57cT9HwAAAAAAAAAAAAAAAAAAAACAv8FuFDlRFDk/xv+k+A2fqPn3CUkjkkYlnZQ0JmlckiMpI+mUpNOSJiSdkXRW0qSkc5LOS5pq+6y094rDjur/AP3vCTz/vY3+97a2F3eHpdVX64X1QjIm87miSgrka0aOvsa9bErqhRv5+RmLZXRhdaOZ31gvDHTmZ+XsHZhu+dkkb535ofjctfJZOXsHrFs+2zU/rKtX2vKuHH18rKoCrcRncj//ctZs7lb+QH46/r9/nWstXfvnukfNJ/lfOB/RTNf+DGp6MN29Qwobz8teEPg1CgoKilaR9jcTjsN+09NeCQAAAAAAAAAAAAAAAADgdxzHzwnT3iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd9DwAA//+TC2AL") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x275a, 0x0) ftruncate(r1, 0x81ff) 2.813194734s ago: executing program 2 (id=6946): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000a80)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x4, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0xffffffff, 0xffffffff, 0x0, 0x0, {0x7, 0x0, 0xfffc, 0x0, 0x0, 0x7}, {0x7, 0x2, 0x2, 0x0, 0x0, 0x7}}}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x80000000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffffc, 0x6e, 0x0, 0x2, 0x4, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x800000, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa3, 0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x0, 0x0, 0x0, 0xfffffffe, 0x11, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0xffffffff, 0x3, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x1, 0x0, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0xffffff35, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x40001000, 0x0, 0xb8, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffeffa, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0xfffffffd, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x101, 0x7, 0x0, 0x2, 0x0, 0x0, 0x40000000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x8, 0x0, 0x0, 0x2, 0x0, 0x1, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100004, 0x0, 0xfffffffe, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1, 0xfffffffc]}, @TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x0, 0x5, 0x0, 0x2, 0xb, 0xfffffffb, 0x0, 0x7, 0x401, 0x1, 0xffff8000, 0x90, 0x9fd, 0x2, 0xb8, 0xca2, 0x6, 0x3c, 0x7, 0x1, 0xa89c, 0x400, 0xc, 0x492217a4, 0x80000007, 0x5, 0x1, 0x1ff, 0xe5, 0x2f, 0xd, 0x3, 0xa, 0x3, 0x1, 0x9, 0x11, 0x9, 0x1, 0x402, 0x7, 0xd, 0x3, 0xc0000, 0x8, 0x8, 0xffffff40, 0x100, 0x3, 0x5, 0x7, 0xe0b2, 0xfffffffe, 0x8fb, 0x84, 0x9, 0x4, 0x9, 0x80000001, 0x6, 0x0, 0x8, 0x800, 0x9, 0x1, 0x100, 0x401, 0x8, 0x3, 0xb5, 0x10001, 0x4, 0x4, 0x7f, 0x0, 0x8, 0x2, 0x7f, 0x80000001, 0x2, 0x4004, 0x0, 0x4, 0x8000, 0x0, 0x9, 0x80, 0x7, 0xe9, 0x1, 0x0, 0x3, 0xeb22, 0xd, 0x8000, 0xfffffff7, 0x7fff, 0x3, 0x3ff, 0x400000, 0x10, 0x5, 0x3, 0x10000, 0x5, 0xffffffff, 0x0, 0x2, 0x7, 0x5, 0x6, 0x5, 0x4, 0x2, 0x81, 0x0, 0x10, 0x6, 0x7fff, 0x800, 0xfffffff4, 0x10000, 0x5, 0x8, 0xba, 0x4, 0x89, 0x2, 0x6, 0x100, 0x9, 0xffffa3e0, 0xfffffffe, 0xff, 0x1, 0x2, 0xf, 0x24b9, 0x6, 0xe01, 0x1, 0x6430, 0xd, 0x8, 0x81, 0x3, 0x7eb7, 0x3, 0xfffffffe, 0x200, 0xfffffeff, 0x9, 0xff, 0xa, 0x6, 0x7, 0x100, 0x1, 0x3, 0x100, 0xb, 0x8, 0x101, 0x6, 0x2, 0xfffffc00, 0x81, 0x81, 0x200, 0x80000001, 0x1, 0x1, 0x9, 0x9, 0x4, 0xb, 0x80, 0x0, 0x0, 0x1, 0x10005, 0x2, 0x65, 0x4, 0xfffffa0c, 0x3, 0x0, 0x4, 0x4, 0x35bc0, 0x9, 0xfffffffa, 0x7, 0x5, 0x3, 0x5, 0x9, 0x8, 0x28, 0x3, 0x5, 0x10001, 0x2, 0xf, 0x0, 0x1, 0x40000723, 0x0, 0xe, 0xe, 0x4, 0x6, 0x7, 0x200, 0xfffffbff, 0x7, 0x3, 0x8, 0x6, 0xffffffff, 0x2, 0x7f, 0x2, 0x80000001, 0x0, 0x20000809, 0x0, 0xfffffffe, 0x928, 0x5, 0x2, 0x5, 0xd1b, 0xb87, 0x3, 0x8d8d, 0x55, 0x101, 0x8, 0x64e8, 0x8, 0x82c, 0x772, 0x80a, 0xfff, 0x6, 0x3f7, 0x4, 0x8, 0x8, 0x1, 0x5d, 0x9, 0xd, 0x80]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}}, 0x0) 2.758355669s ago: executing program 2 (id=6948): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="070000000400000008020000d9"], 0x50) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000800)={'veth1_macvtap\x00'}) socket$inet6_mptcp(0xa, 0x1, 0x106) syz_io_uring_setup(0xbc3, &(0x7f0000000540)={0x0, 0x1568, 0x10000, 0x2, 0x264}, 0x0, &(0x7f00000000c0)) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x8, 0x6}, 0x490, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="38000000031401000000000000000000030000000000000000000000080041007278650014003300626f6e64300000000000000000ffe5001635811d4856a765b19decfc6529ec58265d322fdc76b91ccafe826729a368895b26519c953d5853e9a32726f11508"], 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x100) sendmsg$NFT_BATCH(r2, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x80c1) ioctl$INCFS_IOC_FILL_BLOCKS(0xffffffffffffffff, 0x80106720, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1b, 0xc, &(0x7f00000004c0)=ANY=[@ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x32, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000580)='/sys/power/image_size', 0x1a1081, 0x18) ioctl$INCFS_IOC_FILL_BLOCKS(r1, 0x80106720, &(0x7f0000000380)={0x1, &(0x7f0000000300)=[{0x6, 0x5f, &(0x7f0000000000)="0c2383fb089d575dd376bc1a943885b89fb7cfb255cc7048e052da020bef9cd5bc150ff9db6433dfe034c105077264e2216f0150ae1966112eea1ad0d7b6cd79ddebd8ed563ec2dccb792265cc49e0d406bc45d919591bd7d3ea14c9d52590", 0x1, 0x1}]}) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80805, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r5}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r6, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r6, 0x7, &(0x7f0000000280)={0x1, 0x0, 0x2c, 0x9}) fcntl$lock(r6, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x1, 0x3d}) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r7, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) readv(r8, &(0x7f0000000440)=[{&(0x7f0000000340)=""/48, 0x30}], 0x50) 2.633785541s ago: executing program 2 (id=6950): bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_usb_connect(0x2, 0x0, 0x0, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x28, 0x0, &(0x7f0000000240)={0x0}}, 0x4040014) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000640)=[{{&(0x7f0000000100)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000240)=""/89, 0x59}, {&(0x7f00000002c0)=""/81, 0x51}, {&(0x7f0000000680)=""/78, 0x4e}, {&(0x7f0000000380)=""/35, 0x23}], 0x4, &(0x7f0000000540)=""/202, 0xca}, 0x1000}], 0x1, 0x2, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11000000040000000400000022"], 0x48) socket(0x2c, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="110000000400000004000000ff00000000000000", @ANYRES32, @ANYBLOB="0009a5043624f7f1d7691c180000000000110000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000001700)) r4 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r5, 0x5452, &(0x7f0000b28000)=0x3) fcntl$setsig(r5, 0xa, 0x12) poll(&(0x7f0000000000)=[{r6, 0x8000}], 0x1, 0xffffffffffbffff8) dup2(r5, r6) fcntl$setown(r5, 0x8, r4) tkill(r4, 0x13) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) socket$igmp(0x2, 0x3, 0x2) syz_emit_ethernet(0x30, &(0x7f0000000000)={@local, @broadcast, @void, {@arp={0x806, @generic={0x323, 0x88ca, 0x6, 0x3, 0x1, @multicast, '\x00\x00\x00', @random="aaa4b82ea643", "35de5e4cab02f18477f641"}}}}, 0x0) socket$kcm(0x2, 0x5, 0x84) 2.554790869s ago: executing program 3 (id=6951): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="160000000000000061b1000002"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, 0x0, &(0x7f0000000040)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={r2, 0x0, &(0x7f0000001740)=""/4085}, 0x20) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000bc0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r3 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000000)={0x2, 0x1, 0x0, 0x0, 0x9}, 0xc) setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, &(0x7f00000002c0)=0xe, 0x4) 2.337103741s ago: executing program 3 (id=6952): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00'}, 0x18) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0), 0x13f}}, 0x20) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) epoll_wait(r2, &(0x7f00000003c0)=[{}, {}, {}], 0x3, 0x6) fcntl$lock(r2, 0x25, &(0x7f00000000c0)) fcntl$setpipe(r2, 0x407, 0xbca) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r3, 0x26, &(0x7f0000000000)={0x1}) fcntl$lock(r3, 0x25, 0x0) close(r2) r4 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r3}, 0x8) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x8001, 0x7, 0x1, 0x10008, 0xffffffffffffffff, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x2, @void, @value, @value=r4}, 0x50) 2.184078855s ago: executing program 3 (id=6953): perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b2620df1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc561a62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x4, 0x26d, &(0x7f00000005c0)="$eJzs281OE18Yx/EfL/8/CMJUURSM8YludDOBegUNgcTYRIPU+JKYDDLVpkNLOg2mxgg7t14HcenOxHgDbLwCF+7YuGRhHMNMLS2UqAuZaL+fzXnI4deck+dMcxadnXuvV8vF0C16dfX3mQalTe1KGfVrQIm+5tgf1/+r3aauTeQ/Xbxz/8HNXD4/v2i2kFu6njWz8Uvvn714c/lDffTu2/F3Q9rOPNr5kv28Pbk9tfNt6WkptFJolWrdPFuuVuvecuDbSiksu2a3A98LfStVQr/WMV8MqmtrDfMqK2MjazU/DM2rNKzsN6xetXqtYd4Tr1Qx13VtbET4mcLW4qKXS3sV+LNqtZw3J2n60ExhK5UFAQCAVHH/72Xc/3vB3v3/YfP57cT9HwAAAAAAAAAAAAAAAAAAAACAv8FuFDlRFDk/xv+k+A2fqPn3CUkjkkYlnZQ0JmlckiMpI+mUpNOSJiSdkXRW0qSkc5LOS5pq+6y094rDjur/AP3vCTz/vY3+97a2F3eHpdVX64X1QjIm87miSgrka0aOvsa9bErqhRv5+RmLZXRhdaOZ31gvDHTmZ+XsHZhu+dkkb535ofjctfJZOXsHrFs+2zU/rKtX2vKuHH18rKoCrcRncj//ctZs7lb+QH46/r9/nWstXfvnukfNJ/lfOB/RTNf+DGp6MN29Qwobz8teEPg1CgoKilaR9jcTjsN+09NeCQAAAAAAAAAAAAAAAADgdxzHzwnT3iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd9DwAA//+TC2AL") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) ftruncate(0xffffffffffffffff, 0x81ff) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x824851, 0x0, 0x1, 0x0, &(0x7f0000000d40)) 2.108695213s ago: executing program 3 (id=6954): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x437, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r2, 0x50483}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x8, 0x6, @remote}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x1}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x97ff, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880) 2.010675342s ago: executing program 3 (id=6955): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = io_uring_setup(0x2623, &(0x7f00000001c0)={0x0, 0xd7ab, 0x0, 0x4, 0x192}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x20004002, &(0x7f0000b63fe4)={0xa, 0x2, 0x80000000}, 0x1c) close_range(r2, 0xffffffffffffffff, 0x0) 2.000986743s ago: executing program 3 (id=6956): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') syz_usb_disconnect(0xffffffffffffffff) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x103000, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000018000000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r3}, 0x18) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r2, 0x400455c8, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvtap0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4400000010000305fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="05030200157e0000140012800c0001006d616376746170000400028008000500", @ANYRES32=r4, @ANYBLOB="08000400"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x404c094) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x20080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x8) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001c00)=ANY=[@ANYBLOB="0b00000005080000070000000900000001000000", @ANYRES32, @ANYBLOB="0400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095000000000000002bfea6c65fa91fde51f7b07ebf0eeeb95785e36937b402d98741ef9c4f13d228ae1a39a07e2a960cef8d44d935d26c941b6484ca30f7743115f72b810ca7536fe36d7991f3f31ecfeb9b4bbfaf6fa4eda89edff753de203b8d996fc62d05666ef68f929689812c371432845f247c61feadb497c575f265b7faa7710a6db4a8994cec0c3637e7d5c915f5d2fdbb974ac3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r7, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r8}, 0x10) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r9}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) syz_open_procfs(r0, &(0x7f0000000100)='mountstats\x00') bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYRES64=r6], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r10 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) mq_timedreceive(r10, &(0x7f000001d600)=""/102378, 0x2000, 0x3, 0x0) 1.162784205s ago: executing program 1 (id=6970): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000900)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$inet(0xa, 0x801, 0x84) listen(r2, 0x8) socket$inet(0xa, 0x801, 0x84) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b7000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) accept(r1, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x0) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shutdown(r1, 0x2) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x2, 0x5c, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0xae}, @exit], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2a}, 0x94) 670.179184ms ago: executing program 0 (id=6985): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[], 0x122}, 0x1, 0x0, 0x0, 0x40}, 0x400c810) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TCSETSF(r1, 0x5457, &(0x7f0000000000)={0x0, 0x629, 0xffffffff, 0x0, 0x7, "7a58bea88a00"}) ioctl$TCSETSF(r1, 0x5404, &(0x7f00000001c0)={0x0, 0x101, 0xfffffc00, 0x2, 0xa, "54d2f6b4bdf74000000000000000e907d53db1"}) r2 = fsopen(&(0x7f00000000c0)='debugfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x8, 0x0, 0x0, 0x0) syz_socket_connect_nvme_tcp() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000000c0)='nsdelegate', &(0x7f0000000140)='&)\x00', 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040), &(0x7f0000001340), 0x2931b90f, r3}, 0x38) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000fe0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = dup2(r5, r3) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r7, 0x4058534c, &(0x7f00000000c0)={0x80, 0x2, {0x0, 0x0, 0x4}}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r6}, 0x10) mlockall(0x7) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x98) newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000) setresuid(r8, r8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) r9 = io_uring_setup(0x1684, &(0x7f0000000080)={0x0, 0xcc3d, 0x400, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r9, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) chmod(&(0x7f0000000080)='./file0\x00', 0x6) r10 = socket$inet_icmp(0x2, 0x2, 0x1) ioctl$AUTOFS_IOC_FAIL(r10, 0x9361, 0x80000001) 589.248692ms ago: executing program 0 (id=6986): r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) recvmmsg(r0, &(0x7f0000000680)=[{{&(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, &(0x7f0000000580)=[{&(0x7f00000000c0)=""/201, 0xc9}, {&(0x7f00000001c0)=""/242, 0xf2}, {&(0x7f00000002c0)=""/38, 0x26}, {&(0x7f0000000300)=""/114, 0x72}, {&(0x7f0000000380)=""/53, 0x35}, {&(0x7f00000003c0)=""/230, 0xe6}, {&(0x7f00000004c0)=""/114, 0x72}, {&(0x7f0000000540)=""/64, 0x40}], 0x8, &(0x7f0000000600)=""/117, 0x75}, 0x2}], 0x1, 0x10000, &(0x7f00000006c0)={0x0, 0x989680}) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000700)={'vcan0\x00', 0x0}) connect$can_j1939(r1, &(0x7f0000000740)={0x1d, r2, 0x0, {0x1, 0xff, 0x4}}, 0x18) (async) r3 = syz_io_uring_setup(0x510d, &(0x7f0000000780)={0x0, 0xffe7, 0x80, 0x0, 0x46}, &(0x7f0000000800), &(0x7f0000000840)) io_uring_register$IORING_REGISTER_PROBE(r3, 0x8, &(0x7f0000000880)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0xd) (async) ioctl$EVIOCGABS2F(r0, 0x8018456f, &(0x7f0000000900)=""/163) (async) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000a40)={{{@in=@local, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@dev}}, &(0x7f0000000b40)=0xe8) mount$9p_fd(0x0, &(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00), 0x201020, &(0x7f0000000b80)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@ignoreqv}, {@access_client}, {@dfltuid={'dfltuid', 0x3d, r5}}, {@version_L}, {@ignoreqv}, {@aname={'aname', 0x3d, '/selinux/commit_pending_bools\x00'}}, {@noxattr}, {@posixacl}], [{@dont_appraise}, {@measure}]}}) (async) syz_genetlink_get_family_id$mptcp(&(0x7f0000000c80), r0) r6 = io_uring_setup(0x7507, &(0x7f0000000cc0)={0x0, 0xb1d3, 0x400, 0x0, 0x151, 0x0, r3}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x10010, r6, 0x0) r7 = io_uring_setup(0x5a5c, &(0x7f0000000d40)={0x0, 0x9335, 0x200, 0x1, 0x347, 0x0, r6}) io_uring_register$IORING_UNREGISTER_BUFFERS(r7, 0x1, 0x0, 0x0) write$bt_hci(r0, &(0x7f0000000dc0)={0x1, @le_create_conn={{0x200d, 0x19}, {0x5, 0x6, 0xf9, 0x1, @none, 0x6, 0x1, 0xfff9, 0xc00, 0x1, 0x2, 0x6}}}, 0x1d) syz_genetlink_get_family_id$mptcp(&(0x7f0000000e00), r3) (async) openat$cgroup(r0, &(0x7f0000000e40)='syz0\x00', 0x200002, 0x0) socket$igmp6(0xa, 0x3, 0x2) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000011c0)={r0, 0x20, &(0x7f0000001180)={&(0x7f0000001080), 0x0, 0x0, &(0x7f00000010c0)=""/191, 0xbf}}, 0x10) r9 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001240)=@o_path={&(0x7f0000001200)='./file0\x00', 0x0, 0x10, r1}, 0x18) (async) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000001280)=@bloom_filter={0x1e, 0xb, 0x10001, 0x8, 0x4988c, r0, 0x2, '\x00', r2, r0, 0x2, 0x2, 0x5, 0x1, @value=r0}, 0x50) (async) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001380)={{r0, 0xffffffffffffffff}, &(0x7f0000001300), &(0x7f0000001340)='%-5lx \x00'}, 0x20) r12 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000013c0)={0xffffffffffffffff, 0xa}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0xa, 0xd, &(0x7f0000000e80)=@raw=[@map_idx={0x18, 0xb, 0x5, 0x0, 0xe}, @ldst={0x3, 0x1, 0x3, 0x0, 0xa, 0x40, 0xfffffffffffffffc}, @jmp={0x5, 0x0, 0xa, 0x1, 0x9, 0x30, 0x8}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf27c}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}], &(0x7f0000000f00)='syzkaller\x00', 0x7ff, 0x82, &(0x7f0000000f40)=""/130, 0x40f00, 0x16, '\x00', r4, @fallback=0x33, 0xffffffffffffffff, 0x8, &(0x7f0000001000)={0x2, 0x1}, 0x8, 0x10, &(0x7f0000001040)={0x3, 0xc, 0x0, 0x9}, 0x10, r8, 0xffffffffffffffff, 0x1, &(0x7f0000001400)=[r0, r0, r0, r0, r9, r10, r11, r0, r12], &(0x7f0000001440)=[{0x2, 0x3, 0xa, 0x1}]}, 0x94) fsetxattr$trusted_overlay_opaque(r11, &(0x7f0000001540), &(0x7f0000001580), 0x2, 0x1) (async) r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001600), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000001640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000001740)={&(0x7f00000015c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001700)={&(0x7f0000001680)={0x58, r13, 0x20, 0x70bd2b, 0xbf, {{}, {@val={0x8, 0x3, r14}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x2}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x3}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x3}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x74d}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x2}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x3}]}, 0x58}, 0x1, 0x0, 0x0, 0x48008}, 0x0) (async) io_uring_register$IORING_REGISTER_RESTRICTIONS(r7, 0xb, &(0x7f0000001780)=[@ioring_restriction_register_op={0x0, 0x16}, @ioring_restriction_sqe_flags_required={0x3, 0xa}, @ioring_restriction_sqe_flags_required={0x3, 0xa}], 0x3) socket$nl_generic(0x10, 0x3, 0x10) 514.567679ms ago: executing program 0 (id=6987): socket$inet6_udp(0xa, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x17, 0x7, &(0x7f00000008c0)=ANY=[@ANYRESHEX, @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r2}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="20000000180001000000000000000000020000000c00088008000c", @ANYRES32=0x0, @ANYBLOB="5958dd1f338442425310883cd2e4c779b0fffd7d881fbdf9e4c115c97f015ddfe54acd78ded0d20a6d60d22d1ea054c6e38f975ca96be1111215346bdb1c814411bdaddc63d0d42cc5bbd4fe2ef81f64021629b9dc47d75dc75439870478858ea1ea010057008cf31eefc0b93f71900016e56d8e118c7843ff7ac7cfc3c912bc6f51b1935377c41f16f3eab2a534"], 0x20}}, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800402, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==") sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000f5ffffffffffffff000a14000000060a0000000000000000000002"], 0x3c}}, 0x0) ioprio_set$uid(0x0, 0x0, 0x4000) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000000)='\x06\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb:\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x000xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0x1, 0x4) vmsplice(r3, &(0x7f0000000880)=[{&(0x7f0000000180)='\x00', 0x1}, {&(0x7f0000001300)="da", 0x1}, {&(0x7f0000000440)="15", 0x1}, {&(0x7f0000003040)="162dd3cad75f87", 0x7}], 0x4, 0x0) ioctl$sock_inet_udp_SIOCINQ(r3, 0x541b, 0x0) accept4$phonet_pipe(r3, &(0x7f0000000200), &(0x7f0000000240)=0x10, 0x80800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1d459d, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x183, 0x6}, 0x6025, 0x4005, 0xb, 0x0, 0x1, 0x1, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35, 0x0, 0x1}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000003110000000000000800000095"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x9}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xd4}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r7) sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000002c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100d0000000fbdbdf25010000001800018014000200766574683100000000000000000000001c0002800c00018008000100030000000c000180080001"], 0x48}, 0x1, 0x0, 0x0, 0x840}, 0x4008800) r9 = openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r9, &(0x7f0000000380)={0xc, 0x8, 0x144, {&(0x7f0000001140)}}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f0000000540)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000500)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r9, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e1d, 0x1, @loopback, 0x100009}, {0xa, 0x4e23, 0xfffffffc, @remote}, r10, 0x4}}, 0x48) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r11, 0x0, 0x80}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="000000000800c5ab4238dc04230f0000ffff00dd", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) 304.9637ms ago: executing program 4 (id=6992): socket$nl_generic(0x10, 0x3, 0x10) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='cachefiles_write\x00', r0, 0x0, 0x6}, 0x18) preadv2(0xffffffffffffffff, &(0x7f0000001540)=[{0x0}, {&(0x7f0000001380)=""/129, 0x7ffff000}], 0x2, 0x0, 0x0, 0x0) 303.95881ms ago: executing program 1 (id=6993): socket$inet6_udp(0xa, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x17, 0x7, &(0x7f00000008c0)=ANY=[@ANYRESHEX, @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r2}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="20000000180001000000000000000000020000000c00088008000c", @ANYRES32=0x0, @ANYBLOB="5958dd1f338442425310883cd2e4c779b0fffd7d881fbdf9e4c115c97f015ddfe54acd78ded0d20a6d60d22d1ea054c6e38f975ca96be1111215346bdb1c814411bdaddc63d0d42cc5bbd4fe2ef81f64021629b9dc47d75dc75439870478858ea1ea010057008cf31eefc0b93f71900016e56d8e118c7843ff7ac7cfc3c912bc6f51b1935377c41f16f3eab2a534"], 0x20}}, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800402, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==") sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000f5ffffffffffffff000a14000000060a0000000000000000000002"], 0x3c}}, 0x0) ioprio_set$uid(0x0, 0x0, 0x4000) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000000)='\x06\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb:\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x000x0}, 0x4000) setresuid(r8, r8, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) r9 = io_uring_setup(0x1684, &(0x7f0000000080)={0x0, 0xcc3d, 0x400, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r9, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) chmod(&(0x7f0000000080)='./file0\x00', 0x6) r10 = socket$inet_icmp(0x2, 0x2, 0x1) ioctl$AUTOFS_IOC_FAIL(r10, 0x9361, 0x80000001) 163.103734ms ago: executing program 4 (id=6997): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x101402, 0x0) prctl$PR_SET_IO_FLUSHER(0x34, 0x1) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="7a0a00ff00000000711080000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x5, 0x3, 0xc06a2f6, 0x1, 0x7}, 0x6, 0x0, 0xa, 0x4, 0x6, 0x8, 0x18, 0x9, 0x3, 0x4, {0x0, 0x2, 0x9, 0x800, 0x8704, 0x27000000}}}}]}, 0x78}}, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@newtfilter={0x34, 0x2c, 0xd2b, 0x800, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x10, 0xfff1}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x24044094) 90.761641ms ago: executing program 1 (id=6998): syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000800)='./file0\x00', 0x800, &(0x7f0000000280)=ANY=[@ANYBLOB="757466382c6869646500754d66382c6f76657272696465726f636b708e66662c6d61703d6e6f726d616c4173657373696f6e3d3078303430303030303030303030303033372c756e686964652c756e686964652c6f76657272696465726f636b7065726d2c6d61703d6f66662c6d61703d6e6f726d616c2c666f726f016b2c000000000000000000"], 0x2, 0x6b1, &(0x7f0000001100)="$eJzs3V1vG1kdx/HfOI7jZqFaAaqqKm1PW1ZKRXHHzjZVVCTWjMfJsLbHmnFQKyGtyjZZVXW60BaJ5mbJDQ/S8gYQN1zABS8Ciet9F9wgkFZwh7RcGM2TY8dPdddtd7ffT7Tr8Zn/nPOfGdd/TeI5FgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkOXUbLtsqeG1dm+byZxa4DfT5f/1RtcnvS3rarJwdea4khX9p2JRZ5Oms986Xn0m+t9lrSXP1lSMHoo6fOPMm7e+mc9l209J+Hlo3g4fPz18cLfb3Xv0DLFLmrv7V0m5bOlUek7GBG27LS/0vWZ12zVe6JutzU37+k49NHWv4YZ3wo7bNE7g5jp+YNadq6a8tbVh3NIdf7e1Xas23Kzx5ncrtr1pfriSnGhJpdDZ8RoNr7Udx0Sro5ib5uMfJwFutWnM/v3u3sasPYmCys8SVJkVVLErlXK5Uilv3ti6cdO284MNOUl5O2LZfRrZZOEvWnzJLOaNG1iAXFT//25JDRXV0q5uy4z9cVRTIF/NCetTWf1/67o7ddzB+p9V+bPS99PV5xTX/wvJswuT6v+EXIxMvMG4NdaE9vl+luOMjB7rqQ71QHfVVVd7erSAvo3MxYX08hJ+tuWqJU+hfHlqqqpt/enrSluMtrSpTdl6TzuqK5RRXZ4achXqjkJ15MavKEeBXFXVka9ARutydFVGZW1pSxsyclXSHfnaVUvbqqmq//Z6vX3dj4/7xpQclQWVJwSsDAZVpvQ0XMz/oKz+/+Sj5HVq5+0TqP+vl+R1sJI8fDItBvgC6KXX/4Nysze7+OIyAgAAAAAAi2ZpTe/GvxRf1nlJPdW9hmu/6rQAAAAAAMACWeqtaE1WdP0v6bwsrv8BAAAAAPiqseJ77CxJq/GH+q3jO6Ge5ZcASy8hRQAAAAAA8DnFd/5fKEi9eNKKi7Lmuv4HAAAAAABfAr8ZmGM/n82x28v+rJ/MBLhi/fXfKwqWraP27W9bB9WorXqQxnx2ssdO/Zx1Op2oN34oSIqfOe6atZZMjplOgtmfd/DT/Vlz/VvBiQQKS4MdTEjAikbezKfP9LEuJZtcSueZv3eYU7wmGWW17jXckuM3bpVVrZ7OddzbnZ8/vP8LKeh/0mH/fnev9P6H3XtxLkdR09FB1OlHQ+nkxh+M41yexPMtxPdcjNvjU6pnQ/621Vy14nHtbP+XVD3IDQ407QQcj/krXVb8qY3Lq0ns6mF/xv1o/4vR/pdL8Skb2vtg2TrOonxyz8ediAlZFOMsriQxV9avqPKPZLl/FnJW8TtLUqU0eg6GsqgMZjH7WFj/GTkWA1nED9magWOxEWXxt6ijCVlszJfFyBkBgFdlX+cVvwudVzyJeb8KFdO6m5WH7E3tuerO7Or+znB1f/L7Xi/eYEnKp3+bmDpKUdE7+roV16FCskv5c2Pe0e20rhQ14R3d/hzVLRrrL8ffgZSmPZLFZ71e71Y5Hvd3J6rqH4eGGxk3bFSWokN4/cnBT+MJ8CMf7H2w97BS2di037btGxUtx7uRPiyJ2gMAGDH7O3ZmRlhv61IScenev95KloYq3jf6Hyko6X19qK7u6Vr2FQIXx/e6OvAxhGvJVasGrlrNmTdvxd9LNxxb1rWJV3VxLR2IrfRjl5VtMlypj2M3XvBZAADg5bo8ow6Pr//Fofp/TetJxPq5sdfdw7U8vTruX9JPii3PTv6dRR8NAABeD27wqbXa+bUVBF77vfLWVrna2XFN4DvvmsCrbbvGa3XcwNmptrZd0w78ju/4DdMOtOLV3NCEu+22H3RM3Q9M2w+92/E3v5v0q99Dt1ltdTwnbDfcaugax291qk7H1LzQMe3dHzS8cMcN4o3Dtut4dc+pdjy/ZUJ/N3DckjGh6w4EejW31fHqXrTYMu3Aa1aDO+ZHfmO36ZqaGzqB1+74SYfZWF6r7gfNuNtSvjfu8wIAALx2Hj89fHC32917dHLhVHRpnrQcaULM6EJBj59GV+VRSz5dxRxBAAB8wRwX8Dk2Kr7AhAAAAAAAAAAAAAAAAAAAAAAAwIjZt/TNubA87mZBqd/ys9Npi36p41sMR/qxtOjE5lnIzbtVdkvE4YNPJsUUdPdUvyU7/IMxRy9tB//5NemNuEVJS37xY52acnJfxML39pMjOjEmWjl21Ur/XOSf459DQTNjHv55wqper9ebPsTK8DEsDO1gbtqgeUmPCnOfgsLISxTAV9X/AwAA//9MqDMq") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000000)=@nullb, 0x0, &(0x7f0000000100)='./file0\x00') 84.735161ms ago: executing program 4 (id=6999): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_flash={0x33, 0xea6, '.\x00'}}) 42.855876ms ago: executing program 4 (id=7000): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xb, 0x8, 0xc, 0xffffbffb, 0x1, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) io_uring_setup(0x6e8, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x1802, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r5, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}, 0x1, 0xff07}, 0x2000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48) r6 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r6, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, @dev={0xfe, 0x80, '\x00', 0x29}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x700, 0x8000, 0xfffffffc}}) 32.717387ms ago: executing program 1 (id=7001): socket$inet_tcp(0x2, 0x1, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x101) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x15}}, 0x6}, 0x1c) mkdir(0x0, 0x0) listxattr(0x0, &(0x7f00000006c0)=""/167, 0xa7) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000600)}], 0x1, 0x0, 0x480}, 0x0, 0x50, 0x1}) r1 = syz_io_uring_setup(0x223d, &(0x7f0000000100)={0x0, 0x2e7f, 0x800, 0x2, 0x5cc}, &(0x7f0000000280)=0x0, &(0x7f00000005c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffa, 0x0, 0x4) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x1, 0x0, 0xffffffffffffffff, 0x0, r1}) io_uring_enter(r1, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x70bd2e, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0xa, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0xe, 0x8}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x3c000001}, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='veth0_macvtap\x00', 0x10) r4 = fcntl$dupfd(r0, 0x0, r0) sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000600)={0x14, 0x0, 0x300, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x40001) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, 0x0, 0x0) 0s ago: executing program 4 (id=7002): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r2}, 0x10) syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x1000000, 0x2, 0x4}, 0x0, 0x0) kernel console output (not intermixed with test programs): 2 - 0 [ 277.239776][T22271] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.280927][T22335] loop4: detected capacity change from 0 to 1024 [ 277.298029][T22335] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 277.306880][T22335] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 277.320491][T22335] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.6055: bg 0: block 88: padding at end of block bitmap is not set [ 277.335386][ T12] bridge_slave_1: left allmulticast mode [ 277.341091][ T12] bridge_slave_1: left promiscuous mode [ 277.346941][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.354983][ T12] bridge_slave_0: left allmulticast mode [ 277.360714][ T12] bridge_slave_0: left promiscuous mode [ 277.366546][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.375678][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 277.427277][ T12] bond3 (unregistering): (slave ip6erspan0): Releasing active interface [ 277.445190][T22348] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6060'. [ 277.462423][T22348] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 277.497947][ T52] smc: removing ib device syz1 [ 277.503053][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 277.512820][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 277.522828][ T12] bond0 (unregistering): Released all slaves [ 277.531461][ T12] bond1 (unregistering): Released all slaves [ 277.540035][ T12] bond2 (unregistering): Released all slaves [ 277.548407][ T12] bond3 (unregistering): Released all slaves [ 277.556568][T22342] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 277.560867][T22271] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 277.564760][T22342] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 277.584082][T22271] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 277.611630][T22271] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 277.622107][T22271] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 277.719751][T22271] 8021q: adding VLAN 0 to HW filter on device bond0 [ 277.745177][T22365] loop1: detected capacity change from 0 to 1024 [ 277.755486][T22271] 8021q: adding VLAN 0 to HW filter on device team0 [ 277.764976][T22365] EXT4-fs: inline encryption not supported [ 277.765375][ T413] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.777960][ T413] bridge0: port 1(bridge_slave_0) entered forwarding state [ 277.819305][ T3445] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.823608][T22365] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 277.826473][ T3445] bridge0: port 2(bridge_slave_1) entered forwarding state [ 277.876786][ T12] tipc: Left network mode [ 277.898263][T11527] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 277.921950][ T12] hsr_slave_0: left promiscuous mode [ 277.930853][ T12] hsr_slave_1: left promiscuous mode [ 277.944650][ T12] veth1_macvtap: left promiscuous mode [ 277.950237][ T12] veth0_macvtap: left promiscuous mode [ 277.955874][ T12] veth1_vlan: left promiscuous mode [ 277.961271][ T12] veth0_vlan: left promiscuous mode [ 278.035061][ T12] team0 (unregistering): Port device team_slave_1 removed [ 278.074969][T19227] smc: removing ib device sz1 [ 278.086556][T22271] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 278.095558][T11025] lo speed is unknown, defaulting to 1000 [ 278.101391][T11025] sz1: Port: 1 Link DOWN [ 278.107456][T22379] loop1: detected capacity change from 0 to 128 [ 278.113967][T22379] vfat: Unknown parameter '' [ 278.123092][T22379] loop1: detected capacity change from 0 to 512 [ 278.138557][T22379] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 278.151224][T22379] ext4 filesystem being mounted at /483/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 278.193984][T22271] veth0_vlan: entered promiscuous mode [ 278.203508][T22271] veth1_vlan: entered promiscuous mode [ 278.213009][T11527] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.237179][T22271] veth0_macvtap: entered promiscuous mode [ 278.246041][T22271] veth1_macvtap: entered promiscuous mode [ 278.258572][T22271] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 278.272274][T22271] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 278.293059][ T37] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.313108][ T37] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.322841][T22396] loop1: detected capacity change from 0 to 1024 [ 278.330012][ T37] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.348115][T22396] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 278.352762][ T37] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.386249][T22396] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 278.404977][T22396] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.6068: bg 0: block 88: padding at end of block bitmap is not set [ 278.405815][T22405] FAULT_INJECTION: forcing a failure. [ 278.405815][T22405] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 278.432332][T22405] CPU: 1 UID: 0 PID: 22405 Comm: syz.3.6070 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 278.432413][T22405] Tainted: [W]=WARN [ 278.432421][T22405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 278.432437][T22405] Call Trace: [ 278.432445][T22405] [ 278.432454][T22405] __dump_stack+0x1d/0x30 [ 278.432482][T22405] dump_stack_lvl+0xe8/0x140 [ 278.432559][T22405] dump_stack+0x15/0x1b [ 278.432580][T22405] should_fail_ex+0x265/0x280 [ 278.432604][T22405] should_fail+0xb/0x20 [ 278.432624][T22405] should_fail_usercopy+0x1a/0x20 [ 278.432688][T22405] _copy_from_iter+0xd2/0xe80 [ 278.432708][T22405] ? __build_skb_around+0x1ab/0x200 [ 278.432736][T22405] ? __alloc_skb+0x223/0x320 [ 278.432789][T22405] netlink_sendmsg+0x471/0x6b0 [ 278.432820][T22405] ? __pfx_netlink_sendmsg+0x10/0x10 [ 278.432873][T22405] __sock_sendmsg+0x145/0x180 [ 278.432952][T22405] ____sys_sendmsg+0x31e/0x4e0 [ 278.432999][T22405] ___sys_sendmsg+0x17b/0x1d0 [ 278.433045][T22405] __x64_sys_sendmsg+0xd4/0x160 [ 278.433106][T22405] x64_sys_call+0x191e/0x3000 [ 278.433140][T22405] do_syscall_64+0xd2/0x200 [ 278.433163][T22405] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 278.433196][T22405] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 278.433294][T22405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.433315][T22405] RIP: 0033:0x7f6c68daefc9 [ 278.433329][T22405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 278.433349][T22405] RSP: 002b:00007f6c67817038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 278.433373][T22405] RAX: ffffffffffffffda RBX: 00007f6c69005fa0 RCX: 00007f6c68daefc9 [ 278.433389][T22405] RDX: 0000000004044000 RSI: 0000200000000000 RDI: 0000000000000003 [ 278.433405][T22405] RBP: 00007f6c67817090 R08: 0000000000000000 R09: 0000000000000000 [ 278.433445][T22405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 278.433456][T22405] R13: 00007f6c69006038 R14: 00007f6c69005fa0 R15: 00007ffe6c6215b8 [ 278.433477][T22405] [ 278.660127][T22407] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6071'. [ 278.672303][ T12] IPVS: stop unused estimator thread 0... [ 278.675700][T22407] loop3: detected capacity change from 0 to 1024 [ 278.698625][T22407] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 278.709732][T22407] EXT4-fs (loop3): group descriptors corrupted! [ 278.717686][T11527] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.734723][T22411] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6074'. [ 278.749904][T22411] can0: slcan on ptm1. [ 278.806337][T22410] can0 (unregistered): slcan off ptm1. [ 278.828350][T22415] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6076'. [ 278.840304][T22415] can0: slcan on ptm1. [ 278.858944][ T29] kauditd_printk_skb: 127 callbacks suppressed [ 278.858961][ T29] audit: type=1400 audit(1761480882.360:9112): avc: denied { create } for pid=22414 comm="syz.4.6076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 278.929447][T22414] can0 (unregistered): slcan off ptm1. [ 278.955081][T22418] loop4: detected capacity change from 0 to 1024 [ 278.962078][T22418] EXT4-fs: inline encryption not supported [ 278.987506][T22418] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 279.013578][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 279.346149][T22407] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 279.385059][T22425] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6078'. [ 279.445380][T22427] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6079'. [ 279.459421][T22427] loop3: detected capacity change from 0 to 1024 [ 279.468141][ T29] audit: type=1400 audit(1761480882.970:9113): avc: denied { create } for pid=22428 comm="syz.0.6080" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_route_socket permissive=1 [ 279.490222][T22427] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 279.501230][T22427] EXT4-fs (loop3): group descriptors corrupted! [ 279.513937][ T29] audit: type=1400 audit(1761480882.990:9114): avc: denied { write } for pid=22428 comm="syz.0.6080" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_route_socket permissive=1 [ 279.534963][ T29] audit: type=1400 audit(1761480882.990:9115): avc: denied { nlmsg_read } for pid=22428 comm="syz.0.6080" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=netlink_route_socket permissive=1 [ 279.564861][T22427] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 279.587842][ T29] audit: type=1326 audit(1761480883.090:9116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22428 comm="syz.0.6080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 279.593421][T22435] loop4: detected capacity change from 0 to 1024 [ 279.611935][ T29] audit: type=1326 audit(1761480883.110:9117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22428 comm="syz.0.6080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 279.642120][ T29] audit: type=1326 audit(1761480883.140:9118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22428 comm="syz.0.6080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f945f93b099 code=0x7ffc0000 [ 279.665686][ T29] audit: type=1326 audit(1761480883.140:9119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22428 comm="syz.0.6080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 279.704279][ T29] audit: type=1326 audit(1761480883.140:9120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22428 comm="syz.0.6080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 279.727902][ T29] audit: type=1326 audit(1761480883.140:9121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22428 comm="syz.0.6080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 279.758850][T22435] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 279.789633][T22444] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6085'. [ 279.907866][ T12] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 279.932029][ T12] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 320 with error 28 [ 279.944691][ T12] EXT4-fs (loop4): This should not happen!! Data will be lost [ 279.944691][ T12] [ 279.954375][ T12] EXT4-fs (loop4): Total free blocks count 0 [ 279.960643][ T12] EXT4-fs (loop4): Free/Dirty block details [ 279.966615][ T12] EXT4-fs (loop4): free_blocks=68451041280 [ 279.972440][ T12] EXT4-fs (loop4): dirty_blocks=320 [ 279.977706][ T12] EXT4-fs (loop4): Block reservation details [ 279.983704][ T12] EXT4-fs (loop4): i_reserved_data_blocks=20 [ 280.061582][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.084342][T22484] loop4: detected capacity change from 0 to 1024 [ 280.091267][T22484] EXT4-fs: inline encryption not supported [ 280.109333][T22484] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 280.140289][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.164950][T22497] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6089'. [ 280.182911][T22497] loop4: detected capacity change from 0 to 1024 [ 280.190472][T22497] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 280.201478][T22497] EXT4-fs (loop4): group descriptors corrupted! [ 280.212123][T22497] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 280.381177][T22530] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6095'. [ 280.409961][T22530] loop4: detected capacity change from 0 to 1024 [ 280.417460][T22530] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 280.428471][T22530] EXT4-fs (loop4): group descriptors corrupted! [ 280.448765][T22530] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 280.500061][T22540] loop2: detected capacity change from 0 to 1024 [ 280.513519][T22547] loop4: detected capacity change from 0 to 1024 [ 280.528152][T22540] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 280.537181][T22547] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 280.548279][T22540] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 280.562733][T22540] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.6097: bg 0: block 88: padding at end of block bitmap is not set [ 280.598090][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.667137][ T12] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 280.683692][ T12] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 320 with error 28 [ 280.696169][ T12] EXT4-fs (loop4): This should not happen!! Data will be lost [ 280.696169][ T12] [ 280.705820][ T12] EXT4-fs (loop4): Total free blocks count 0 [ 280.711931][ T12] EXT4-fs (loop4): Free/Dirty block details [ 280.717872][ T12] EXT4-fs (loop4): free_blocks=68451041280 [ 280.723698][ T12] EXT4-fs (loop4): dirty_blocks=320 [ 280.728945][ T12] EXT4-fs (loop4): Block reservation details [ 280.735012][ T12] EXT4-fs (loop4): i_reserved_data_blocks=20 [ 280.751789][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 281.219394][T22624] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6108'. [ 281.239185][T22624] loop2: detected capacity change from 0 to 1024 [ 281.240940][T22624] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 281.257210][T22624] EXT4-fs (loop2): group descriptors corrupted! [ 281.267891][T22624] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 281.907153][T22664] loop4: detected capacity change from 0 to 1024 [ 281.917428][T22664] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 281.926063][T22664] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 281.939447][T22664] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.6117: bg 0: block 88: padding at end of block bitmap is not set [ 281.963895][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 282.011514][T22672] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 282.019793][T22672] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 282.037697][T22674] loop4: detected capacity change from 0 to 1024 [ 282.045008][T22674] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 282.056264][T22674] EXT4-fs (loop4): group descriptors corrupted! [ 282.065434][T22674] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 282.331589][T22685] ieee802154 phy1 wpan1: encryption failed: -22 [ 282.375252][T22686] ieee802154 phy1 wpan1: encryption failed: -22 [ 283.108000][T22700] __nla_validate_parse: 2 callbacks suppressed [ 283.108015][T22700] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6130'. [ 283.128544][T22700] loop4: detected capacity change from 0 to 1024 [ 283.141963][T22700] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 283.152885][T22700] EXT4-fs (loop4): group descriptors corrupted! [ 283.178904][T22698] loop2: detected capacity change from 0 to 1024 [ 283.180451][T22700] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 283.202728][T22698] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 283.226618][T22698] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 283.250877][T22698] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.6129: bg 0: block 88: padding at end of block bitmap is not set [ 283.287719][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 283.317973][T22712] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6135'. [ 283.367562][T22712] loop2: detected capacity change from 0 to 1024 [ 283.376470][T22712] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 283.387473][T22712] EXT4-fs (loop2): group descriptors corrupted! [ 283.430836][T22712] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 283.511215][T22731] loop2: detected capacity change from 0 to 1024 [ 283.524508][T22737] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6140'. [ 283.539491][T22731] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 283.587128][T22743] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6141'. [ 283.712385][T22759] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6145'. [ 283.758428][ T52] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 283.775879][T22768] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6147'. [ 283.780876][ T52] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 320 with error 28 [ 283.796226][T22771] veth1_macvtap: left promiscuous mode [ 283.797262][ T52] EXT4-fs (loop2): This should not happen!! Data will be lost [ 283.797262][ T52] [ 283.802729][T22771] macsec0: entered promiscuous mode [ 283.812483][ T52] EXT4-fs (loop2): Total free blocks count 0 [ 283.812548][ T52] EXT4-fs (loop2): Free/Dirty block details [ 283.812558][ T52] EXT4-fs (loop2): free_blocks=68451041280 [ 283.812572][ T52] EXT4-fs (loop2): dirty_blocks=320 [ 283.812599][ T52] EXT4-fs (loop2): Block reservation details [ 283.812611][ T52] EXT4-fs (loop2): i_reserved_data_blocks=20 [ 283.821139][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 283.916410][ T29] kauditd_printk_skb: 249 callbacks suppressed [ 283.916427][ T29] audit: type=1326 audit(1761480887.420:9371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22785 comm="syz.2.6150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 283.946689][ T29] audit: type=1326 audit(1761480887.420:9372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22785 comm="syz.2.6150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 283.970670][ T29] audit: type=1326 audit(1761480887.420:9373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22785 comm="syz.2.6150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 283.994561][ T29] audit: type=1326 audit(1761480887.420:9374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22785 comm="syz.2.6150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 284.018374][ T29] audit: type=1326 audit(1761480887.420:9375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22785 comm="syz.2.6150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 284.041912][ T29] audit: type=1326 audit(1761480887.420:9376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22785 comm="syz.2.6150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 284.065549][ T29] audit: type=1326 audit(1761480887.420:9377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22785 comm="syz.2.6150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 284.089186][ T29] audit: type=1326 audit(1761480887.420:9378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22785 comm="syz.2.6150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 284.112724][ T29] audit: type=1326 audit(1761480887.420:9379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22785 comm="syz.2.6150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 284.136239][ T29] audit: type=1326 audit(1761480887.420:9380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22785 comm="syz.2.6150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 284.219224][T22804] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6153'. [ 284.486078][T22851] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 284.494371][T22851] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 284.530681][T22863] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6162'. [ 284.547160][T22863] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 285.067629][T22936] ieee802154 phy1 wpan1: encryption failed: -22 [ 285.492910][T22968] loop4: detected capacity change from 0 to 128 [ 285.673078][T22972] loop4: detected capacity change from 0 to 128 [ 285.739686][T22974] loop4: detected capacity change from 0 to 1024 [ 285.761834][T22974] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 285.775291][T22979] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6188'. [ 285.789273][T22979] loop3: detected capacity change from 0 to 1024 [ 285.797969][T22979] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 285.808946][T22979] EXT4-fs (loop3): group descriptors corrupted! [ 285.826260][T22979] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 285.927013][ T3445] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 285.955300][ T3445] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 320 with error 28 [ 285.967913][ T3445] EXT4-fs (loop4): This should not happen!! Data will be lost [ 285.967913][ T3445] [ 285.977704][ T3445] EXT4-fs (loop4): Total free blocks count 0 [ 285.983694][ T3445] EXT4-fs (loop4): Free/Dirty block details [ 285.989648][ T3445] EXT4-fs (loop4): free_blocks=68451041280 [ 285.995488][ T3445] EXT4-fs (loop4): dirty_blocks=320 [ 286.000790][ T3445] EXT4-fs (loop4): Block reservation details [ 286.006838][ T3445] EXT4-fs (loop4): i_reserved_data_blocks=20 [ 286.024391][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.222935][T23018] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6199'. [ 286.910881][T23128] loop4: detected capacity change from 0 to 128 [ 287.006399][T23138] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 287.014047][T23138] SELinux: failed to load policy [ 287.098490][T23136] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 287.106458][T23136] SELinux: failed to load policy [ 287.151561][T23158] loop4: detected capacity change from 0 to 128 [ 287.208815][T23165] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) ! [ 287.239108][T23169] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=23169 comm=syz.4.6213 [ 288.025719][T23297] loop7: detected capacity change from 0 to 16384 [ 288.296401][T23331] loop4: detected capacity change from 0 to 164 [ 288.333955][T23331] Unable to read rock-ridge attributes [ 288.358429][T23331] Unable to read rock-ridge attributes [ 288.381148][T23331] Unable to read rock-ridge attributes [ 288.401800][T23344] __nla_validate_parse: 1 callbacks suppressed [ 288.401820][T23344] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6232'. [ 288.429479][T23344] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 288.639791][T23369] loop4: detected capacity change from 0 to 128 [ 288.796412][T23394] loop4: detected capacity change from 0 to 1024 [ 288.827389][T23394] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 288.842131][T23394] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 288.856829][T23394] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.6248: bg 0: block 88: padding at end of block bitmap is not set [ 288.887617][T23402] loop2: detected capacity change from 0 to 128 [ 288.895117][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.034388][T23423] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6260'. [ 289.123506][T23429] loop2: detected capacity change from 0 to 1024 [ 289.139187][T23429] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 289.147914][T23429] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 289.161801][T23429] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.6263: bg 0: block 88: padding at end of block bitmap is not set [ 289.190419][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.335419][T23452] loop2: detected capacity change from 0 to 128 [ 289.405007][ T29] kauditd_printk_skb: 327 callbacks suppressed [ 289.405081][ T29] audit: type=1326 audit(1761480892.900:9708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23454 comm="syz.2.6273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 289.434778][ T29] audit: type=1326 audit(1761480892.900:9709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23454 comm="syz.2.6273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 289.458422][ T29] audit: type=1326 audit(1761480892.900:9710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23454 comm="syz.2.6273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 289.481932][ T29] audit: type=1326 audit(1761480892.900:9711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23454 comm="syz.2.6273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 289.505444][ T29] audit: type=1326 audit(1761480892.900:9712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23454 comm="syz.2.6273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 289.536942][ T29] audit: type=1326 audit(1761480892.900:9713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23454 comm="syz.2.6273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 289.560464][ T29] audit: type=1326 audit(1761480892.900:9714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23454 comm="syz.2.6273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 289.583977][ T29] audit: type=1326 audit(1761480892.900:9715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23454 comm="syz.2.6273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 289.607529][ T29] audit: type=1326 audit(1761480892.900:9716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23454 comm="syz.2.6273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 289.631063][ T29] audit: type=1326 audit(1761480892.910:9717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23454 comm="syz.2.6273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 289.678440][T23459] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6274'. [ 289.711126][T23459] loop2: detected capacity change from 0 to 1024 [ 289.715431][T23461] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6275'. [ 289.718870][T23459] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 289.737797][T23459] EXT4-fs (loop2): group descriptors corrupted! [ 289.751806][T23459] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 289.922395][T23473] loop2: detected capacity change from 0 to 1024 [ 289.949043][T23473] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 289.964936][T23473] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 290.002298][T23473] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.6279: bg 0: block 88: padding at end of block bitmap is not set [ 290.035962][T23483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 290.053375][T23483] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 290.092985][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 290.118122][T23483] syzkaller1: entered promiscuous mode [ 290.123723][T23483] syzkaller1: entered allmulticast mode [ 290.149214][T23486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6284'. [ 290.171639][T23486] loop2: detected capacity change from 0 to 1024 [ 290.182016][T23486] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 290.187544][T23441] syz.0.6268 (23441) used greatest stack depth: 7304 bytes left [ 290.193033][T23486] EXT4-fs (loop2): group descriptors corrupted! [ 290.221527][T23486] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 290.232832][T23492] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6285'. [ 290.263543][T23494] loop4: detected capacity change from 0 to 164 [ 290.270956][T23494] Unable to read rock-ridge attributes [ 290.277788][T23494] Unable to read rock-ridge attributes [ 290.395038][T23507] loop2: detected capacity change from 0 to 1024 [ 290.423784][T23507] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 290.424544][T23514] loop4: detected capacity change from 0 to 164 [ 290.444403][T23507] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 290.457071][T23514] Unable to read rock-ridge attributes [ 290.464339][T23514] Unable to read rock-ridge attributes [ 290.470010][T23507] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.6292: bg 0: block 88: padding at end of block bitmap is not set [ 290.496711][T23519] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2576 sclass=netlink_route_socket pid=23519 comm=syz.0.6297 [ 290.511553][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 290.570556][T23531] IPv6: NLM_F_CREATE should be specified when creating new route [ 290.992731][T23588] loop2: detected capacity change from 0 to 164 [ 291.002250][T23588] Unable to read rock-ridge attributes [ 291.015899][T23588] Unable to read rock-ridge attributes [ 291.024962][T23588] Unable to read rock-ridge attributes [ 291.098732][T23612] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6314'. [ 291.320017][T23652] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 291.328424][T23652] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 291.660570][T23695] ieee802154 phy1 wpan1: encryption failed: -22 [ 292.123911][T23711] loop2: detected capacity change from 0 to 512 [ 292.132603][T23711] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 292.145254][T23711] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 292.161760][T23711] FAULT_INJECTION: forcing a failure. [ 292.161760][T23711] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 292.174878][T23711] CPU: 0 UID: 0 PID: 23711 Comm: syz.2.6320 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 292.174911][T23711] Tainted: [W]=WARN [ 292.174917][T23711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 292.174937][T23711] Call Trace: [ 292.174943][T23711] [ 292.175007][T23711] __dump_stack+0x1d/0x30 [ 292.175119][T23711] dump_stack_lvl+0xe8/0x140 [ 292.175191][T23711] dump_stack+0x15/0x1b [ 292.175212][T23711] should_fail_ex+0x265/0x280 [ 292.175237][T23711] should_fail+0xb/0x20 [ 292.175256][T23711] should_fail_usercopy+0x1a/0x20 [ 292.175283][T23711] _copy_from_user+0x1c/0xb0 [ 292.175372][T23711] __sys_bpf+0x183/0x7c0 [ 292.175403][T23711] __x64_sys_bpf+0x41/0x50 [ 292.175433][T23711] x64_sys_call+0x2aee/0x3000 [ 292.175499][T23711] do_syscall_64+0xd2/0x200 [ 292.175516][T23711] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 292.175547][T23711] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 292.175627][T23711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.175653][T23711] RIP: 0033:0x7f7cf6e1efc9 [ 292.175669][T23711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.175686][T23711] RSP: 002b:00007f7cf5887038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 292.175777][T23711] RAX: ffffffffffffffda RBX: 00007f7cf7075fa0 RCX: 00007f7cf6e1efc9 [ 292.175790][T23711] RDX: 0000000000000050 RSI: 0000200000000b00 RDI: 2000000000000000 [ 292.175805][T23711] RBP: 00007f7cf5887090 R08: 0000000000000000 R09: 0000000000000000 [ 292.175820][T23711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 292.175835][T23711] R13: 00007f7cf7076038 R14: 00007f7cf7075fa0 R15: 00007ffcc74f8728 [ 292.175860][T23711] [ 292.407918][T23715] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6321'. [ 292.497476][T23716] ieee802154 phy1 wpan1: encryption failed: -22 [ 292.573656][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 292.946936][T23733] loop2: detected capacity change from 0 to 128 [ 293.037628][T23737] loop2: detected capacity change from 0 to 164 [ 293.045622][T23737] Unable to read rock-ridge attributes [ 293.055051][T23737] Unable to read rock-ridge attributes [ 293.101123][T23741] loop2: detected capacity change from 0 to 164 [ 293.108741][T23741] Unable to read rock-ridge attributes [ 293.115465][T23741] Unable to read rock-ridge attributes [ 293.123843][T23741] Unable to read rock-ridge attributes [ 293.150531][T23743] netlink: 'syz.2.6332': attribute type 13 has an invalid length. [ 293.178309][T23743] loop2: detected capacity change from 0 to 4096 [ 293.185075][T23743] EXT4-fs: Ignoring removed nomblk_io_submit option [ 293.193812][T23743] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.305784][T23748] loop3: detected capacity change from 0 to 1024 [ 293.318082][T23748] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 293.366804][T22271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.494483][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.516412][T23761] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6338'. [ 293.550577][T23761] loop3: detected capacity change from 0 to 1024 [ 293.563241][T23761] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 293.574645][T23761] EXT4-fs (loop3): group descriptors corrupted! [ 293.590630][T23761] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 293.609857][T23767] loop2: detected capacity change from 0 to 128 [ 293.679118][T23776] loop2: detected capacity change from 0 to 1024 [ 293.687877][T23777] loop3: detected capacity change from 0 to 164 [ 293.699148][T23771] loop4: detected capacity change from 0 to 128 [ 293.712642][T23777] Unable to read rock-ridge attributes [ 293.723478][T23777] Unable to read rock-ridge attributes [ 293.727239][T23779] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6346'. [ 293.746640][T23776] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 293.790023][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.939679][T23798] loop3: detected capacity change from 0 to 1024 [ 294.080879][T23798] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 294.089727][T23798] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 294.103215][T23798] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.6353: bg 0: block 88: padding at end of block bitmap is not set [ 294.132929][T22271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.219063][T23803] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.294116][T23806] loop2: detected capacity change from 0 to 164 [ 294.304493][T23803] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.327804][T23806] Unable to read rock-ridge attributes [ 294.333892][T23806] Unable to read rock-ridge attributes [ 294.360003][T23810] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6357'. [ 294.374873][T23810] loop2: detected capacity change from 0 to 1024 [ 294.375857][T23812] FAULT_INJECTION: forcing a failure. [ 294.375857][T23812] name failslab, interval 1, probability 0, space 0, times 0 [ 294.383136][T23810] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 294.394105][T23812] CPU: 1 UID: 0 PID: 23812 Comm: syz.3.6358 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 294.394143][T23812] Tainted: [W]=WARN [ 294.394151][T23812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 294.394167][T23812] Call Trace: [ 294.394176][T23812] [ 294.394186][T23812] __dump_stack+0x1d/0x30 [ 294.394281][T23812] dump_stack_lvl+0xe8/0x140 [ 294.394311][T23812] dump_stack+0x15/0x1b [ 294.394333][T23812] should_fail_ex+0x265/0x280 [ 294.394382][T23812] should_failslab+0x8c/0xb0 [ 294.394448][T23812] __kmalloc_cache_node_noprof+0x54/0x4a0 [ 294.394491][T23812] ? alloc_workqueue_noprof+0x64c/0x1330 [ 294.394533][T23812] alloc_workqueue_noprof+0x64c/0x1330 [ 294.394664][T23812] ? dev_set_name+0x83/0xb0 [ 294.394703][T23812] hci_register_dev+0x167/0x570 [ 294.394758][T23812] hci_uart_tty_ioctl+0x520/0x5c0 [ 294.394858][T23812] ? __pfx_hci_uart_tty_ioctl+0x10/0x10 [ 294.394897][T23812] tty_ioctl+0x83f/0xb80 [ 294.394925][T23812] ? __pfx_tty_ioctl+0x10/0x10 [ 294.394954][T23812] __se_sys_ioctl+0xce/0x140 [ 294.394983][T23812] __x64_sys_ioctl+0x43/0x50 [ 294.395059][T23812] x64_sys_call+0x1816/0x3000 [ 294.395090][T23812] do_syscall_64+0xd2/0x200 [ 294.395114][T23812] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 294.395193][T23812] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 294.395250][T23812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.395279][T23812] RIP: 0033:0x7f6c68daefc9 [ 294.395299][T23812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.395323][T23812] RSP: 002b:00007f6c67817038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 294.395348][T23812] RAX: ffffffffffffffda RBX: 00007f6c69005fa0 RCX: 00007f6c68daefc9 [ 294.395364][T23812] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 294.395433][T23812] RBP: 00007f6c67817090 R08: 0000000000000000 R09: 0000000000000000 [ 294.395449][T23812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 294.395465][T23812] R13: 00007f6c69006038 R14: 00007f6c69005fa0 R15: 00007ffe6c6215b8 [ 294.395491][T23812] [ 294.395510][T23812] Bluetooth: Can't register HCI device [ 294.404990][T23810] EXT4-fs (loop2): group descriptors corrupted! [ 294.633023][T23803] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.643534][T23810] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 294.713804][T23824] loop4: detected capacity change from 0 to 1024 [ 294.728557][T23824] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 294.740806][T23803] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.754817][T23822] loop3: detected capacity change from 0 to 128 [ 294.762927][T23824] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 294.778683][T23830] loop2: detected capacity change from 0 to 164 [ 294.786156][T23830] Unable to read rock-ridge attributes [ 294.796014][T23824] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.6363: bg 0: block 88: padding at end of block bitmap is not set [ 294.830960][ T29] kauditd_printk_skb: 264 callbacks suppressed [ 294.830978][ T29] audit: type=1326 audit(1761480898.330:9982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23831 comm="syz.0.6366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 294.866033][ T52] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.874873][ T52] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.883908][ T29] audit: type=1326 audit(1761480898.330:9983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23831 comm="syz.0.6366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 294.887174][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.907579][ T29] audit: type=1326 audit(1761480898.330:9984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23831 comm="syz.0.6366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 294.940092][ T29] audit: type=1326 audit(1761480898.330:9985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23831 comm="syz.0.6366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 294.942250][ T3445] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.963735][ T29] audit: type=1326 audit(1761480898.330:9986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23831 comm="syz.0.6366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 294.995475][ T29] audit: type=1326 audit(1761480898.330:9987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23831 comm="syz.0.6366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 295.019062][ T29] audit: type=1326 audit(1761480898.330:9988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23831 comm="syz.0.6366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 295.042639][ T29] audit: type=1326 audit(1761480898.330:9989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23831 comm="syz.0.6366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 295.054716][ T3445] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.066244][ T29] audit: type=1326 audit(1761480898.330:9990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23831 comm="syz.0.6366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 295.098111][ T29] audit: type=1326 audit(1761480898.360:9991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23831 comm="syz.0.6366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 295.125623][T23836] : renamed from vlan0 (while UP) [ 295.140497][T23836] loop2: detected capacity change from 0 to 1156 [ 295.191733][T23840] loop4: detected capacity change from 0 to 164 [ 295.200754][T23840] Unable to read rock-ridge attributes [ 295.210686][T23840] Unable to read rock-ridge attributes [ 295.301649][T23852] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 295.325796][T23856] netlink: 836 bytes leftover after parsing attributes in process `syz.4.6376'. [ 295.455872][T23870] loop4: detected capacity change from 0 to 164 [ 295.474809][T23870] Unable to read rock-ridge attributes [ 295.481226][T23870] Unable to read rock-ridge attributes [ 295.483515][T23875] loop3: detected capacity change from 0 to 512 [ 295.493997][T23875] ext4: Unknown parameter 'noacl' [ 295.650982][T23892] loop3: detected capacity change from 0 to 164 [ 295.658710][T23892] Unable to read rock-ridge attributes [ 295.665142][T23892] Unable to read rock-ridge attributes [ 295.672158][T23892] Unable to read rock-ridge attributes [ 295.749413][T23905] loop3: detected capacity change from 0 to 164 [ 295.763975][T23905] Unable to read rock-ridge attributes [ 295.776237][T23905] Unable to read rock-ridge attributes [ 295.789102][T23905] Unable to read rock-ridge attributes [ 295.839007][T23919] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6403'. [ 295.856155][T23919] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 295.991759][T23925] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6406'. [ 296.019634][T23925] loop2: detected capacity change from 0 to 1024 [ 296.029469][T23925] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 296.040450][T23925] EXT4-fs (loop2): group descriptors corrupted! [ 296.052847][T23925] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 296.129977][T23939] block device autoloading is deprecated and will be removed. [ 296.138579][T23939] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6412'. [ 296.160092][T23943] loop3: detected capacity change from 0 to 1024 [ 296.187836][T23943] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 296.196778][T23943] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 296.210287][T23943] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.6415: bg 0: block 88: padding at end of block bitmap is not set [ 296.307409][T22271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.460149][T23972] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 296.469681][T23977] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 296.476766][T23972] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 296.478508][T23977] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 296.510121][T23977] syzkaller1: entered promiscuous mode [ 296.515662][T23977] syzkaller1: entered allmulticast mode [ 296.523340][T23972] syzkaller1: entered promiscuous mode [ 296.528907][T23972] syzkaller1: entered allmulticast mode [ 296.543602][T23978] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 296.551081][T23978] vhci_hcd: invalid port number 96 [ 296.556270][T23978] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 296.873339][T24006] SELinux: failed to load policy [ 297.171853][T24023] loop2: detected capacity change from 0 to 1024 [ 297.185790][T24025] : renamed from vlan0 (while UP) [ 297.192322][T24023] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 297.201415][T24023] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 297.215085][T24023] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.6444: bg 0: block 88: padding at end of block bitmap is not set [ 297.242476][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.294903][T24035] loop2: detected capacity change from 0 to 512 [ 297.302866][T24035] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 297.316641][T24035] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 297.329293][T24035] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 297.342107][T24035] ext4 filesystem being mounted at /128/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 297.424282][T24041] loop3: detected capacity change from 0 to 164 [ 297.431920][T24041] Unable to read rock-ridge attributes [ 297.438026][T24041] Unable to read rock-ridge attributes [ 297.444689][T24041] Unable to read rock-ridge attributes [ 297.453031][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.490593][T24049] netlink: 'syz.3.6453': attribute type 1 has an invalid length. [ 297.544749][T24052] loop2: detected capacity change from 0 to 164 [ 297.566271][T24052] Unable to read rock-ridge attributes [ 297.566715][T24055] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6455'. [ 297.572666][T24052] Unable to read rock-ridge attributes [ 297.590520][T24052] Unable to read rock-ridge attributes [ 297.627480][T24062] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6456'. [ 297.693386][T24065] loop2: detected capacity change from 0 to 128 [ 297.753073][T24074] loop4: detected capacity change from 0 to 1024 [ 297.783629][T24078] loop3: detected capacity change from 0 to 164 [ 297.791436][T24074] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 297.808498][T24078] Unable to read rock-ridge attributes [ 297.816503][T24074] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 297.837124][T24074] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.6459: bg 0: block 88: padding at end of block bitmap is not set [ 297.874576][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.924486][T24094] loop4: detected capacity change from 0 to 512 [ 297.927868][T24091] loop2: detected capacity change from 0 to 128 [ 297.931732][T24094] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 297.958338][T24094] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended [ 297.972347][T24094] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 297.986169][T24094] ext4 filesystem being mounted at /142/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 298.067030][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 298.211158][T24137] loop4: detected capacity change from 0 to 164 [ 298.219270][T24137] Unable to read rock-ridge attributes [ 298.225320][T24137] Unable to read rock-ridge attributes [ 298.231926][T24137] Unable to read rock-ridge attributes [ 298.524769][T24195] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6470'. [ 298.539529][T24195] loop4: detected capacity change from 0 to 1024 [ 298.547136][T24195] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 298.558120][T24195] EXT4-fs (loop4): group descriptors corrupted! [ 298.568339][T24195] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 298.627045][T24212] loop4: detected capacity change from 0 to 164 [ 298.634812][T24212] Unable to read rock-ridge attributes [ 298.647451][T24212] Unable to read rock-ridge attributes [ 298.653469][T24214] loop3: detected capacity change from 0 to 1024 [ 298.675163][T24214] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 298.685435][T24214] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 298.703392][T24214] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.6473: bg 0: block 88: padding at end of block bitmap is not set [ 298.731533][T22271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 298.995874][T24258] FAULT_INJECTION: forcing a failure. [ 298.995874][T24258] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 299.009054][T24258] CPU: 0 UID: 0 PID: 24258 Comm: syz.4.6486 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 299.009090][T24258] Tainted: [W]=WARN [ 299.009099][T24258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 299.009120][T24258] Call Trace: [ 299.009128][T24258] [ 299.009136][T24258] __dump_stack+0x1d/0x30 [ 299.009157][T24258] dump_stack_lvl+0xe8/0x140 [ 299.009183][T24258] dump_stack+0x15/0x1b [ 299.009253][T24258] should_fail_ex+0x265/0x280 [ 299.009272][T24258] should_fail+0xb/0x20 [ 299.009287][T24258] should_fail_usercopy+0x1a/0x20 [ 299.009309][T24258] _copy_from_user+0x1c/0xb0 [ 299.009417][T24258] ___sys_sendmsg+0xc1/0x1d0 [ 299.009477][T24258] __x64_sys_sendmsg+0xd4/0x160 [ 299.009552][T24258] x64_sys_call+0x191e/0x3000 [ 299.009574][T24258] do_syscall_64+0xd2/0x200 [ 299.009597][T24258] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 299.009707][T24258] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 299.009789][T24258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.009810][T24258] RIP: 0033:0x7f9d3304efc9 [ 299.009881][T24258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.009899][T24258] RSP: 002b:00007f9d31aaf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 299.009918][T24258] RAX: ffffffffffffffda RBX: 00007f9d332a5fa0 RCX: 00007f9d3304efc9 [ 299.009931][T24258] RDX: 000000002008c014 RSI: 0000200000000580 RDI: 0000000000000006 [ 299.009943][T24258] RBP: 00007f9d31aaf090 R08: 0000000000000000 R09: 0000000000000000 [ 299.009955][T24258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 299.009968][T24258] R13: 00007f9d332a6038 R14: 00007f9d332a5fa0 R15: 00007fff4db90748 [ 299.009993][T24258] [ 299.291636][T24265] loop2: detected capacity change from 0 to 164 [ 299.300324][T24265] Unable to read rock-ridge attributes [ 299.306371][T24265] Unable to read rock-ridge attributes [ 299.312280][T24265] Unable to read rock-ridge attributes [ 299.324597][T24267] loop4: detected capacity change from 0 to 128 [ 299.367114][T24273] loop4: detected capacity change from 0 to 164 [ 299.374243][T24273] Unable to read rock-ridge attributes [ 299.649541][T24295] loop3: detected capacity change from 0 to 1024 [ 299.738559][T24295] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 299.751215][T24295] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 299.764788][T24295] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.6501: bg 0: block 88: padding at end of block bitmap is not set [ 299.791883][T22271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 299.808298][T24301] loop4: detected capacity change from 0 to 164 [ 299.815461][T24301] Unable to read rock-ridge attributes [ 299.840672][T24305] loop3: detected capacity change from 0 to 1024 [ 299.850280][T24305] EXT4-fs: Ignoring removed nobh option [ 299.855979][T24305] EXT4-fs: Ignoring removed bh option [ 299.882127][T24305] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 299.888860][ T29] kauditd_printk_skb: 396 callbacks suppressed [ 299.888878][ T29] audit: type=1326 audit(1761480903.390:10388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24314 comm="syz.4.6509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 299.924701][ T29] audit: type=1326 audit(1761480903.390:10389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24314 comm="syz.4.6509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 299.948362][ T29] audit: type=1326 audit(1761480903.390:10390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24314 comm="syz.4.6509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 299.972307][ T29] audit: type=1326 audit(1761480903.390:10391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24314 comm="syz.4.6509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 299.996222][ T29] audit: type=1326 audit(1761480903.390:10392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24314 comm="syz.4.6509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 300.020068][ T29] audit: type=1326 audit(1761480903.400:10393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24314 comm="syz.4.6509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 300.025517][T24305] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4193: comm syz.3.6505: Allocating blocks 257-513 which overlap fs metadata [ 300.058007][ T29] audit: type=1326 audit(1761480903.500:10394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24316 comm="syz.2.6510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 300.075989][T24305] EXT4-fs (loop3): Remounting filesystem read-only [ 300.081667][ T29] audit: type=1326 audit(1761480903.500:10395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24316 comm="syz.2.6510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 300.111783][ T29] audit: type=1326 audit(1761480903.500:10396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24316 comm="syz.2.6510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 300.135413][ T29] audit: type=1326 audit(1761480903.500:10397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24316 comm="syz.2.6510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 300.178101][T24322] : renamed from vlan0 (while UP) [ 300.228549][T24326] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6513'. [ 300.241274][T22271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 300.288261][T24328] loop3: detected capacity change from 0 to 1024 [ 300.307139][T24328] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 300.323391][T24328] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 300.337029][T24328] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.6514: bg 0: block 88: padding at end of block bitmap is not set [ 300.363043][T22271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 300.421631][T24338] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6516'. [ 300.551854][T24346] loop3: detected capacity change from 0 to 128 [ 300.730454][T24362] loop4: detected capacity change from 0 to 164 [ 300.738766][T24362] Unable to read rock-ridge attributes [ 300.744962][T24362] Unable to read rock-ridge attributes [ 300.751236][T24362] Unable to read rock-ridge attributes [ 300.830749][T24373] loop4: detected capacity change from 0 to 128 [ 301.413731][T24398] loop4: detected capacity change from 0 to 1024 [ 301.496041][T24398] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 301.506567][T24398] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 301.553176][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 301.623172][T24409] loop4: detected capacity change from 0 to 128 [ 301.678059][T24411] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6543'. [ 301.927215][T24435] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 301.935460][T24435] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 302.159387][T24454] loop2: detected capacity change from 0 to 128 [ 302.246563][T24471] loop2: detected capacity change from 0 to 128 [ 303.166096][ C0] net_ratelimit: 30 callbacks suppressed [ 303.166118][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 303.243765][T24578] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 303.253026][T24578] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 303.267288][T24578] syzkaller1: entered promiscuous mode [ 303.272826][T24578] syzkaller1: entered allmulticast mode [ 303.339848][T24590] loop2: detected capacity change from 0 to 128 [ 303.390529][T24592] loop2: detected capacity change from 0 to 1024 [ 303.417178][T24592] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 303.425648][T24592] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 303.439823][T24592] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.6560: bg 0: block 88: padding at end of block bitmap is not set [ 303.464446][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 303.514471][T24600] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6563'. [ 303.882452][T24603] loop1: detected capacity change from 0 to 128 [ 303.928416][T24605] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 303.937088][T24605] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 303.948673][T24605] syzkaller1: entered promiscuous mode [ 303.954218][T24605] syzkaller1: entered allmulticast mode [ 304.538910][T24617] loop2: detected capacity change from 0 to 128 [ 304.639763][T24629] loop2: detected capacity change from 0 to 164 [ 304.647216][T24629] Unable to read rock-ridge attributes [ 304.653166][T24629] Unable to read rock-ridge attributes [ 304.660545][T24629] Unable to read rock-ridge attributes [ 304.722203][T24640] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6580'. [ 304.875837][T24649] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6584'. [ 304.890715][T24649] loop4: detected capacity change from 0 to 1024 [ 304.898076][T24649] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 304.909158][T24649] EXT4-fs (loop4): group descriptors corrupted! [ 304.919448][T24649] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 304.959545][T24653] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6586'. [ 304.997367][ T29] kauditd_printk_skb: 301 callbacks suppressed [ 304.997384][ T29] audit: type=1326 audit(1761480908.500:10699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24654 comm="syz.2.6588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 305.035649][ T29] audit: type=1326 audit(1761480908.530:10700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24654 comm="syz.2.6588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 305.059353][ T29] audit: type=1326 audit(1761480908.530:10701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24654 comm="syz.2.6588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 305.069309][T24663] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6592'. [ 305.083175][ T29] audit: type=1326 audit(1761480908.530:10702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24654 comm="syz.2.6588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 305.115870][ T29] audit: type=1326 audit(1761480908.530:10703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24654 comm="syz.2.6588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 305.139552][ T29] audit: type=1326 audit(1761480908.530:10704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24654 comm="syz.2.6588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 305.163251][ T29] audit: type=1326 audit(1761480908.530:10705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24654 comm="syz.2.6588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 305.186908][ T29] audit: type=1326 audit(1761480908.530:10706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24654 comm="syz.2.6588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 305.210477][ T29] audit: type=1326 audit(1761480908.530:10707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24654 comm="syz.2.6588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 305.234150][ T29] audit: type=1326 audit(1761480908.530:10708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24654 comm="syz.2.6588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7cf6e1efc9 code=0x7ffc0000 [ 305.283955][T24669] SELinux: policydb table sizes (0,7) do not match mine (8,7) [ 305.291712][T24669] SELinux: failed to load policy [ 305.416794][T24681] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6599'. [ 305.484764][T24693] loop2: detected capacity change from 0 to 512 [ 305.511881][T24693] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 305.542071][T24703] SELinux: policydb table sizes (0,7) do not match mine (8,7) [ 305.550295][T24693] EXT4-fs (loop2): 1 truncate cleaned up [ 305.564743][T24693] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 305.577943][T24703] SELinux: failed to load policy [ 305.657831][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 305.667826][T24715] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6608'. [ 305.715462][T24723] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6610'. [ 305.809400][T24739] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6615'. [ 305.850005][T24745] loop3: detected capacity change from 0 to 512 [ 305.871787][T24745] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 305.888235][T24745] ext4 filesystem being mounted at /98/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 305.928726][T22271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 306.027005][T24762] loop3: detected capacity change from 0 to 128 [ 306.100852][T24777] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 306.113146][T24777] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 306.125469][T24777] syzkaller1: entered promiscuous mode [ 306.131232][T24777] syzkaller1: entered allmulticast mode [ 306.139749][T24783] SELinux: policydb table sizes (0,7) do not match mine (8,7) [ 306.147650][T24783] SELinux: failed to load policy [ 306.194410][T24789] loop3: detected capacity change from 0 to 128 [ 306.293672][T24806] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6622'. [ 306.308308][T24806] loop3: detected capacity change from 0 to 1024 [ 306.315433][T24806] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 306.326403][T24806] EXT4-fs (loop3): group descriptors corrupted! [ 306.335195][T24806] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 306.691514][T24868] loop2: detected capacity change from 0 to 1024 [ 306.758409][T24868] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 306.795325][T24868] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 306.870366][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 306.951098][T24891] program syz.2.6629 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 307.014825][T24897] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6633'. [ 307.095539][T24898] loop2: detected capacity change from 0 to 1024 [ 307.109776][T24898] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 307.120700][T24898] EXT4-fs (loop2): group descriptors corrupted! [ 307.203151][T24897] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 307.436221][T24908] loop1: detected capacity change from 0 to 128 [ 307.568053][T24913] : renamed from vlan0 (while UP) [ 308.080346][T24953] loop3: detected capacity change from 0 to 1024 [ 308.097924][T24953] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 308.143537][T22271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 308.354048][T24967] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 308.375507][T24967] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 308.406234][T24967] syzkaller1: entered promiscuous mode [ 308.411740][T24967] syzkaller1: entered allmulticast mode [ 308.595802][T24983] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6669'. [ 308.610138][T24983] loop2: detected capacity change from 0 to 1024 [ 308.618485][T24983] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 308.629465][T24983] EXT4-fs (loop2): group descriptors corrupted! [ 308.641941][T24983] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 308.660489][T24987] SELinux: failed to load policy [ 308.702158][T24989] loop1: detected capacity change from 0 to 128 [ 308.886356][T25009] loop2: detected capacity change from 0 to 1024 [ 308.897852][T25009] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 308.912160][T25009] EXT4-fs (loop2): shut down requested (1) [ 308.918674][T25009] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=15 [ 308.928735][T25009] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=15 [ 308.948059][T21107] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 308.988321][T25017] loop2: detected capacity change from 0 to 1024 [ 309.035778][T25017] EXT4-fs (loop2): shut down requested (1) [ 309.063444][T25025] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6683'. [ 309.077176][T25017] FAULT_INJECTION: forcing a failure. [ 309.077176][T25017] name failslab, interval 1, probability 0, space 0, times 0 [ 309.083095][T25025] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 309.089864][T25017] CPU: 0 UID: 0 PID: 25017 Comm: syz.2.6681 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 309.089904][T25017] Tainted: [W]=WARN [ 309.089913][T25017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 309.089961][T25017] Call Trace: [ 309.089972][T25017] [ 309.089982][T25017] __dump_stack+0x1d/0x30 [ 309.090015][T25017] dump_stack_lvl+0xe8/0x140 [ 309.090044][T25017] dump_stack+0x15/0x1b [ 309.090069][T25017] should_fail_ex+0x265/0x280 [ 309.090096][T25017] should_failslab+0x8c/0xb0 [ 309.090203][T25017] kmem_cache_alloc_noprof+0x50/0x480 [ 309.090283][T25017] ? getname_flags+0x80/0x3b0 [ 309.090326][T25017] getname_flags+0x80/0x3b0 [ 309.090365][T25017] __x64_sys_unlink+0x21/0x40 [ 309.090414][T25017] x64_sys_call+0x2dcf/0x3000 [ 309.090443][T25017] do_syscall_64+0xd2/0x200 [ 309.090468][T25017] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 309.090528][T25017] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 309.090570][T25017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.090648][T25017] RIP: 0033:0x7f7cf6e1efc9 [ 309.090668][T25017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.090692][T25017] RSP: 002b:00007f7cf5887038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 309.090719][T25017] RAX: ffffffffffffffda RBX: 00007f7cf7075fa0 RCX: 00007f7cf6e1efc9 [ 309.090736][T25017] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 309.090760][T25017] RBP: 00007f7cf5887090 R08: 0000000000000000 R09: 0000000000000000 [ 309.090776][T25017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 309.090792][T25017] R13: 00007f7cf7076038 R14: 00007f7cf7075fa0 R15: 00007ffcc74f8728 [ 309.090880][T25017] [ 309.111424][T25027] loop3: detected capacity change from 0 to 128 [ 309.302161][T25029] SELinux: policydb magic number 0x2 does not match expected magic number 0xf97cff8c [ 309.327711][T25029] SELinux: failed to load policy [ 309.415158][T25031] loop3: detected capacity change from 0 to 128 [ 309.474625][T25038] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6689'. [ 309.529089][T25042] loop2: detected capacity change from 0 to 164 [ 309.538763][T25042] Unable to read rock-ridge attributes [ 309.544955][T25042] Unable to read rock-ridge attributes [ 309.553498][T25042] Unable to read rock-ridge attributes [ 309.817205][T25054] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 309.825508][T25054] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 309.850805][T25056] loop3: detected capacity change from 0 to 164 [ 309.879394][T25060] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6698'. [ 309.894702][T25060] loop4: detected capacity change from 0 to 1024 [ 309.901928][T25060] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 309.913156][T25060] EXT4-fs (loop4): group descriptors corrupted! [ 309.921328][T25056] Unable to read rock-ridge attributes [ 309.928380][T25056] Unable to read rock-ridge attributes [ 309.937186][T25060] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 309.987854][T25062] loop3: detected capacity change from 0 to 1024 [ 309.995274][T25062] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 310.006246][T25062] EXT4-fs (loop3): group descriptors corrupted! [ 310.034917][T25062] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 310.049783][ T29] kauditd_printk_skb: 371 callbacks suppressed [ 310.049801][ T29] audit: type=1326 audit(1761480913.550:11080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25065 comm="syz.4.6701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 310.080573][ T29] audit: type=1326 audit(1761480913.580:11081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25065 comm="syz.4.6701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 310.104287][ T29] audit: type=1326 audit(1761480913.580:11082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25065 comm="syz.4.6701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 310.129777][ T29] audit: type=1326 audit(1761480913.580:11083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25065 comm="syz.4.6701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 310.153460][ T29] audit: type=1326 audit(1761480913.580:11084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25065 comm="syz.4.6701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 310.177347][ T29] audit: type=1326 audit(1761480913.580:11085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25065 comm="syz.4.6701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 310.201122][ T29] audit: type=1326 audit(1761480913.580:11086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25065 comm="syz.4.6701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 310.224798][ T29] audit: type=1326 audit(1761480913.580:11087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25065 comm="syz.4.6701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 310.248400][ T29] audit: type=1326 audit(1761480913.580:11088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25065 comm="syz.4.6701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 310.272435][ T29] audit: type=1326 audit(1761480913.580:11089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25065 comm="syz.4.6701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d3304efc9 code=0x7ffc0000 [ 310.297007][T25072] loop4: detected capacity change from 0 to 128 [ 310.365270][T25076] loop2: detected capacity change from 0 to 128 [ 310.420297][T25089] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 310.428597][T25089] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 310.555139][T25098] __nla_validate_parse: 1 callbacks suppressed [ 310.555162][T25098] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6717'. [ 310.581865][T25102] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6718'. [ 310.599426][T25102] loop4: detected capacity change from 0 to 1024 [ 310.606591][T25102] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 310.617562][T25102] EXT4-fs (loop4): group descriptors corrupted! [ 310.626866][T25102] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 310.821354][T25108] loop3: detected capacity change from 0 to 164 [ 310.832088][T25108] Unable to read rock-ridge attributes [ 310.838236][T25108] Unable to read rock-ridge attributes [ 310.886349][T25108] Unable to read rock-ridge attributes [ 310.929325][T25112] loop3: detected capacity change from 0 to 128 [ 311.168525][T25116] loop4: detected capacity change from 0 to 128 [ 311.223184][T25118] loop4: detected capacity change from 0 to 164 [ 311.230285][T25118] Unable to read rock-ridge attributes [ 311.237085][T25118] Unable to read rock-ridge attributes [ 311.283752][T25122] loop4: detected capacity change from 0 to 128 [ 311.441310][T25132] loop4: detected capacity change from 0 to 128 [ 311.470419][T25134] loop4: detected capacity change from 0 to 1024 [ 311.477148][T25134] EXT4-fs: Ignoring removed orlov option [ 311.482852][T25134] EXT4-fs: Ignoring removed mblk_io_submit option [ 311.505808][T25134] EXT4-fs mount: 2 callbacks suppressed [ 311.505825][T25134] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 311.529231][T25134] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 311.535665][T25134] netlink: 292 bytes leftover after parsing attributes in process `syz.4.6732'. [ 311.557614][T25134] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 311.564185][T25134] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 311.571896][T25134] vhci_hcd vhci_hcd.0: Device attached [ 311.581949][T25143] vhci_hcd: connection closed [ 311.582305][ T3445] vhci_hcd: stop threads [ 311.591320][ T3445] vhci_hcd: release socket [ 311.595749][ T3445] vhci_hcd: disconnect device [ 311.633026][T25151] loop2: detected capacity change from 0 to 128 [ 312.165108][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 312.484381][T25184] pim6reg: entered allmulticast mode [ 312.490430][T25184] pim6reg: left allmulticast mode [ 312.511673][T25187] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6752'. [ 312.526933][T25187] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 312.579811][T25190] loop1: detected capacity change from 0 to 1024 [ 312.599435][T25190] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 312.610390][T25190] EXT4-fs (loop1): group descriptors corrupted! [ 312.635860][T25190] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 312.672121][T25201] loop2: detected capacity change from 0 to 128 [ 313.974443][T25271] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 313.982712][T25271] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 314.134141][T25281] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6791'. [ 314.148229][T25281] loop4: detected capacity change from 0 to 1024 [ 314.155331][T25281] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 314.166262][T25281] EXT4-fs (loop4): group descriptors corrupted! [ 314.175885][T25281] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 314.252851][T25288] FAULT_INJECTION: forcing a failure. [ 314.252851][T25288] name failslab, interval 1, probability 0, space 0, times 0 [ 314.265640][T25288] CPU: 1 UID: 0 PID: 25288 Comm: syz.4.6794 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 314.265697][T25288] Tainted: [W]=WARN [ 314.265706][T25288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 314.265724][T25288] Call Trace: [ 314.265731][T25288] [ 314.265740][T25288] __dump_stack+0x1d/0x30 [ 314.265770][T25288] dump_stack_lvl+0xe8/0x140 [ 314.265796][T25288] dump_stack+0x15/0x1b [ 314.265873][T25288] should_fail_ex+0x265/0x280 [ 314.265899][T25288] should_failslab+0x8c/0xb0 [ 314.265941][T25288] kmem_cache_alloc_noprof+0x50/0x480 [ 314.266050][T25288] ? security_inode_alloc+0x37/0x100 [ 314.266080][T25288] security_inode_alloc+0x37/0x100 [ 314.266179][T25288] inode_init_always_gfp+0x4b7/0x500 [ 314.266216][T25288] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 314.266245][T25288] alloc_inode+0x58/0x170 [ 314.266271][T25288] new_inode+0x1d/0xe0 [ 314.266342][T25288] shmem_get_inode+0x244/0x750 [ 314.266374][T25288] __shmem_file_setup+0x113/0x210 [ 314.266402][T25288] shmem_file_setup+0x3b/0x50 [ 314.266424][T25288] __se_sys_memfd_create+0x2c3/0x590 [ 314.266458][T25288] __x64_sys_memfd_create+0x31/0x40 [ 314.266489][T25288] x64_sys_call+0x2ac2/0x3000 [ 314.266519][T25288] do_syscall_64+0xd2/0x200 [ 314.266543][T25288] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 314.266588][T25288] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 314.266630][T25288] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.266659][T25288] RIP: 0033:0x7f9d3304efc9 [ 314.266678][T25288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.266757][T25288] RSP: 002b:00007f9d31aaee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 314.266781][T25288] RAX: ffffffffffffffda RBX: 000000000000059d RCX: 00007f9d3304efc9 [ 314.266797][T25288] RDX: 00007f9d31aaeef0 RSI: 0000000000000000 RDI: 00007f9d330d2960 [ 314.266813][T25288] RBP: 0000200000001100 R08: 00007f9d31aaebb7 R09: 00007f9d31aaee40 [ 314.266827][T25288] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000002c0 [ 314.266843][T25288] R13: 00007f9d31aaeef0 R14: 00007f9d31aaeeb0 R15: 0000200000000600 [ 314.266895][T25288] [ 314.602000][T25298] SELinux: policydb string S does not match my string SE Linux [ 314.610527][T25298] SELinux: failed to load policy [ 314.672240][T25304] loop2: detected capacity change from 0 to 128 [ 314.686526][T25308] FAULT_INJECTION: forcing a failure. [ 314.686526][T25308] name failslab, interval 1, probability 0, space 0, times 0 [ 314.699413][T25308] CPU: 1 UID: 0 PID: 25308 Comm: syz.1.6801 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 314.699516][T25308] Tainted: [W]=WARN [ 314.699525][T25308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 314.699541][T25308] Call Trace: [ 314.699548][T25308] [ 314.699557][T25308] __dump_stack+0x1d/0x30 [ 314.699585][T25308] dump_stack_lvl+0xe8/0x140 [ 314.699628][T25308] dump_stack+0x15/0x1b [ 314.699691][T25308] should_fail_ex+0x265/0x280 [ 314.699715][T25308] ? io_ring_ctx_alloc+0x38/0x670 [ 314.699745][T25308] should_failslab+0x8c/0xb0 [ 314.699776][T25308] __kmalloc_cache_noprof+0x4c/0x4a0 [ 314.699897][T25308] io_ring_ctx_alloc+0x38/0x670 [ 314.699929][T25308] ? io_uring_fill_params+0x27f/0x300 [ 314.700006][T25308] io_uring_create+0x134/0x630 [ 314.700034][T25308] __se_sys_io_uring_setup+0x1f7/0x210 [ 314.700077][T25308] __x64_sys_io_uring_setup+0x31/0x40 [ 314.700136][T25308] x64_sys_call+0x2b25/0x3000 [ 314.700158][T25308] do_syscall_64+0xd2/0x200 [ 314.700175][T25308] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 314.700279][T25308] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 314.700315][T25308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.700335][T25308] RIP: 0033:0x7fe10493efc9 [ 314.700350][T25308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.700441][T25308] RSP: 002b:00007fe1033a7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 314.700461][T25308] RAX: ffffffffffffffda RBX: 00007fe104b95fa0 RCX: 00007fe10493efc9 [ 314.700475][T25308] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000006721 [ 314.700491][T25308] RBP: 00007fe1033a7090 R08: 0000000000000000 R09: 0000000000000000 [ 314.700507][T25308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 314.700521][T25308] R13: 00007fe104b96038 R14: 00007fe104b95fa0 R15: 00007ffec55fad88 [ 314.700542][T25308] [ 314.927971][T25313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6803'. [ 314.942221][T25313] loop2: detected capacity change from 0 to 1024 [ 314.949957][T25313] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 314.960954][T25313] EXT4-fs (loop2): group descriptors corrupted! [ 314.971936][T25313] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 315.087152][T25324] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6808'. [ 315.403868][T25340] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 315.412199][T25340] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 315.423942][T25345] loop4: detected capacity change from 0 to 128 [ 315.433292][T25325] chnl_net:caif_netlink_parms(): no params data found [ 315.459564][T25348] loop4: detected capacity change from 0 to 1024 [ 315.469695][T25348] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 315.480683][T25348] EXT4-fs (loop4): group descriptors corrupted! [ 315.488920][T25350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6815'. [ 315.505289][T25348] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 315.505311][T25350] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 315.540720][T25325] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.548127][T25325] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.571740][T25325] bridge_slave_0: entered allmulticast mode [ 315.580010][T25325] bridge_slave_0: entered promiscuous mode [ 315.587611][T25325] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.594870][T25325] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.607328][T25325] bridge_slave_1: entered allmulticast mode [ 315.613958][T25325] bridge_slave_1: entered promiscuous mode [ 315.632334][ T52] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.650494][T25325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 315.661530][T25325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 315.672389][ T52] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.714589][T25325] team0: Port device team_slave_0 added [ 315.722324][ T52] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.737183][T25325] team0: Port device team_slave_1 added [ 315.744333][ T29] kauditd_printk_skb: 429 callbacks suppressed [ 315.744347][ T29] audit: type=1326 audit(1761480919.240:11519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25362 comm="syz.0.6819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 315.785438][ T52] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 315.800227][T25325] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 315.807279][T25325] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 315.833250][T25325] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 315.844378][ T29] audit: type=1326 audit(1761480919.250:11520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25362 comm="syz.0.6819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 315.868100][ T29] audit: type=1326 audit(1761480919.250:11521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25362 comm="syz.0.6819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 315.891780][ T29] audit: type=1326 audit(1761480919.250:11522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25362 comm="syz.0.6819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 315.915488][ T29] audit: type=1326 audit(1761480919.250:11523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25362 comm="syz.0.6819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 315.939159][ T29] audit: type=1326 audit(1761480919.250:11524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25362 comm="syz.0.6819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 315.962799][ T29] audit: type=1326 audit(1761480919.250:11525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25362 comm="syz.0.6819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 315.986492][ T29] audit: type=1326 audit(1761480919.250:11526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25362 comm="syz.0.6819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 316.010202][ T29] audit: type=1326 audit(1761480919.250:11527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25362 comm="syz.0.6819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 316.033842][ T29] audit: type=1326 audit(1761480919.250:11528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25362 comm="syz.0.6819" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 316.066386][T25325] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 316.073463][T25325] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 316.099437][T25325] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 316.162545][T25325] hsr_slave_0: entered promiscuous mode [ 316.168683][T25325] hsr_slave_1: entered promiscuous mode [ 316.174687][T25325] debugfs: 'hsr0' already exists in 'hsr' [ 316.180459][T25325] Cannot create hsr debugfs directory [ 316.328380][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 316.339937][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 316.349269][ T52] bond0 (unregistering): Released all slaves [ 316.358351][ T52] bond1 (unregistering): Released all slaves [ 316.373826][T25375] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 316.382069][T25375] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 316.403044][T25380] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6826'. [ 316.421693][T25383] SELinux: policydb string S does not match my string SE Linux [ 316.435183][T25384] loop4: detected capacity change from 0 to 164 [ 316.438384][T25383] SELinux: failed to load policy [ 316.447455][T25384] Unable to read rock-ridge attributes [ 316.453208][T25380] loop3: detected capacity change from 0 to 1024 [ 316.462162][T25380] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 316.462406][T25384] Unable to read rock-ridge attributes [ 316.473170][T25380] EXT4-fs (loop3): group descriptors corrupted! [ 316.486698][ T52] hsr_slave_0: left promiscuous mode [ 316.492586][ T52] hsr_slave_1: left promiscuous mode [ 316.495903][T25380] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 316.498374][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 316.514916][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 316.523534][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 316.531055][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 316.549320][ T52] veth0_macvtap: left promiscuous mode [ 316.554957][ T52] veth1_vlan: left promiscuous mode [ 316.561225][ T52] veth0_vlan: left promiscuous mode [ 316.629344][ T52] team0 (unregistering): Port device team_slave_1 removed [ 316.639557][ T52] team0 (unregistering): Port device team_slave_0 removed [ 316.741322][T25404] loop3: detected capacity change from 0 to 128 [ 316.769879][T25406] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 316.778209][T25406] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 316.810192][T25408] loop3: detected capacity change from 0 to 164 [ 316.817552][T25408] Unable to read rock-ridge attributes [ 316.823628][T25408] Unable to read rock-ridge attributes [ 316.830224][T25408] Unable to read rock-ridge attributes [ 316.852756][T25410] SELinux: policydb string SE Li does not match my string SE Linux [ 316.861035][T25410] SELinux: failed to load policy [ 316.883624][T25412] loop3: detected capacity change from 0 to 164 [ 316.891876][T25412] Unable to read rock-ridge attributes [ 316.898774][T25412] Unable to read rock-ridge attributes [ 317.010823][T25325] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 317.019623][T25325] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 317.029078][T25325] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 317.038912][T25325] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 317.082931][T25325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 317.097059][T25325] 8021q: adding VLAN 0 to HW filter on device team0 [ 317.106640][ T3445] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.113719][ T3445] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.124613][ T413] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.131697][ T413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.195995][T25325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 317.260801][T25325] veth0_vlan: entered promiscuous mode [ 317.268902][T25325] veth1_vlan: entered promiscuous mode [ 317.284249][T25325] veth0_macvtap: entered promiscuous mode [ 317.292325][T25325] veth1_macvtap: entered promiscuous mode [ 317.304749][T25325] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 317.317016][T25325] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 317.328592][ T413] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.337703][ T413] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.346681][ T413] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.355415][ T413] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.408758][T25436] loop1: detected capacity change from 0 to 512 [ 317.418193][T25436] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2803: inode #11: comm syz.1.6807: corrupted xattr block 95: invalid header [ 317.432219][T25436] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.6807: bg 0: block 7: invalid block bitmap [ 317.446415][T25436] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 317.455370][T25436] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2967: inode #11: comm syz.1.6807: corrupted xattr block 95: invalid header [ 317.469549][T25436] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117) [ 317.478739][T25436] EXT4-fs (loop1): 1 orphan inode deleted [ 317.483697][T25441] loop4: detected capacity change from 0 to 512 [ 317.485109][T25436] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 317.508474][T25441] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 317.539361][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 317.540079][T25445] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6844'. [ 317.567789][T25445] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 317.569869][T25447] netlink: 'syz.4.6845': attribute type 1 has an invalid length. [ 317.585345][T25447] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6845'. [ 317.707333][T25325] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 317.728110][T25454] loop1: detected capacity change from 0 to 128 [ 317.752853][T25456] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 317.761247][T25456] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 317.796108][T25458] loop4: detected capacity change from 0 to 164 [ 317.808857][T25462] pim6reg: entered allmulticast mode [ 317.814795][T25458] Unable to read rock-ridge attributes [ 317.821185][T25458] Unable to read rock-ridge attributes [ 317.827554][T25462] pim6reg: left allmulticast mode [ 317.835895][T25458] Unable to read rock-ridge attributes [ 317.867418][T25464] program syz.1.6852 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 317.889714][T25468] SELinux: policydb string SE Li does not match my string SE Linux [ 317.898362][T25468] SELinux: failed to load policy [ 318.042939][T25481] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6858'. [ 318.100150][T25484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6859'. [ 318.115262][T25484] loop1: detected capacity change from 0 to 1024 [ 318.122158][T25484] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 318.133178][T25484] EXT4-fs (loop1): group descriptors corrupted! [ 318.155306][T25487] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 318.163615][T25487] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 318.183398][T25488] netlink: 2 bytes leftover after parsing attributes in process `syz.0.6861'. [ 318.206379][T25484] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 318.220073][T25488] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.227337][T25488] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.251943][T25490] loop3: detected capacity change from 0 to 128 [ 318.279647][T25488] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 318.290663][T25488] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 318.331362][T25488] gtp0: left promiscuous mode [ 318.336112][T25488] gtp0: left allmulticast mode [ 318.345993][T25494] loop3: detected capacity change from 0 to 128 [ 318.352357][ T37] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.372451][ T37] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.396494][T25496] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 318.404881][T25496] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 318.409137][ T37] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.443051][ T37] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.470103][T25504] loop3: detected capacity change from 0 to 2048 [ 318.492420][T25504] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 318.517327][T25504] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.6867: bg 0: block 234: padding at end of block bitmap is not set [ 318.533169][T25504] bridge0: vlan filtering disabled, automatically disabling multicast vlan snooping [ 318.555151][T22271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 318.576573][T25511] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6870'. [ 318.651002][T25517] loop1: detected capacity change from 0 to 1024 [ 318.658581][T25515] FAULT_INJECTION: forcing a failure. [ 318.658581][T25515] name failslab, interval 1, probability 0, space 0, times 0 [ 318.658880][T25517] EXT4-fs: Ignoring removed orlov option [ 318.671330][T25515] CPU: 1 UID: 0 PID: 25515 Comm: syz.4.6872 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 318.671369][T25515] Tainted: [W]=WARN [ 318.671378][T25515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 318.671414][T25515] Call Trace: [ 318.671423][T25515] [ 318.671436][T25515] __dump_stack+0x1d/0x30 [ 318.671468][T25515] dump_stack_lvl+0xe8/0x140 [ 318.671498][T25515] dump_stack+0x15/0x1b [ 318.671571][T25515] should_fail_ex+0x265/0x280 [ 318.671600][T25515] should_failslab+0x8c/0xb0 [ 318.671661][T25515] __kvmalloc_node_noprof+0x12e/0x670 [ 318.671767][T25515] ? seq_read_iter+0x143/0x950 [ 318.671802][T25515] seq_read_iter+0x143/0x950 [ 318.671844][T25515] ? __alloc_frozen_pages_noprof+0x15f/0x360 [ 318.671905][T25515] kernfs_fop_read_iter+0xc1/0x330 [ 318.671933][T25515] ? iov_iter_bvec+0xa4/0xd0 [ 318.671980][T25515] copy_splice_read+0x442/0x660 [ 318.672047][T25515] ? __pfx_copy_splice_read+0x10/0x10 [ 318.672073][T25515] splice_direct_to_actor+0x26f/0x680 [ 318.672105][T25515] ? __pfx_direct_splice_actor+0x10/0x10 [ 318.672146][T25515] do_splice_direct+0xda/0x150 [ 318.672202][T25515] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 318.672289][T25515] do_sendfile+0x380/0x650 [ 318.672337][T25515] __x64_sys_sendfile64+0x105/0x150 [ 318.672414][T25515] x64_sys_call+0x2bb4/0x3000 [ 318.672436][T25515] do_syscall_64+0xd2/0x200 [ 318.672458][T25515] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 318.672498][T25515] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 318.672598][T25515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.672692][T25515] RIP: 0033:0x7f9d3304efc9 [ 318.672715][T25515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 318.672837][T25515] RSP: 002b:00007f9d31aaf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 318.672899][T25515] RAX: ffffffffffffffda RBX: 00007f9d332a5fa0 RCX: 00007f9d3304efc9 [ 318.672919][T25515] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006 [ 318.672936][T25515] RBP: 00007f9d31aaf090 R08: 0000000000000000 R09: 0000000000000000 [ 318.672954][T25515] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 318.672971][T25515] R13: 00007f9d332a6038 R14: 00007f9d332a5fa0 R15: 00007fff4db90748 [ 318.672998][T25515] [ 318.906568][T25517] EXT4-fs: Ignoring removed mblk_io_submit option [ 318.935632][T25523] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6875'. [ 318.958659][T25517] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 318.975665][T25517] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 318.997672][T25325] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 319.014596][T25527] loop4: detected capacity change from 0 to 512 [ 319.030736][T25527] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 319.046827][T25531] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6876'. [ 319.082035][T25531] loop1: detected capacity change from 0 to 1024 [ 319.096517][T25533] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6880'. [ 319.100349][T25531] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 319.116483][T25531] EXT4-fs (loop1): group descriptors corrupted! [ 319.119521][T25536] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.126852][T25527] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.6877: bg 0: block 104: invalid block bitmap [ 319.156185][T25527] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 319.161790][T25538] loop3: detected capacity change from 0 to 128 [ 319.172576][T25527] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.6877: invalid indirect mapped block 1 (level 1) [ 319.187187][T25531] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 319.196888][T25527] EXT4-fs (loop4): 1 truncate cleaned up [ 319.203072][T25527] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 319.231925][T25527] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 319.241194][T25543] loop3: detected capacity change from 0 to 128 [ 319.310588][T25553] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 319.342185][T25558] loop4: detected capacity change from 0 to 512 [ 319.350337][T25558] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2803: inode #11: comm syz.4.6889: corrupted xattr block 95: invalid header [ 319.364365][T25558] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.6889: bg 0: block 7: invalid block bitmap [ 319.378220][T25558] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 319.394356][T25561] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 319.403208][T25558] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2967: inode #11: comm syz.4.6889: corrupted xattr block 95: invalid header [ 319.419789][T25558] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -117) [ 319.432022][T25558] EXT4-fs (loop4): 1 orphan inode deleted [ 319.438619][T25558] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 319.452660][T25561] netlink: 'syz.3.6890': attribute type 11 has an invalid length. [ 319.462261][T25561] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=25561 comm=syz.3.6890 [ 319.576998][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 319.604705][T25571] loop4: detected capacity change from 0 to 164 [ 319.612546][T25571] Unable to read rock-ridge attributes [ 319.618657][T25571] Unable to read rock-ridge attributes [ 319.624999][T25571] Unable to read rock-ridge attributes [ 319.657520][T25575] loop4: detected capacity change from 0 to 1024 [ 319.664554][T25575] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 319.675580][T25575] EXT4-fs (loop4): group descriptors corrupted! [ 319.684847][T25575] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 319.699815][T25581] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 319.763384][T25590] xt_recent: hitcount (4294901760) is larger than allowed maximum (65535) [ 319.812135][T25592] loop3: detected capacity change from 0 to 1024 [ 319.819183][T25592] EXT4-fs: Ignoring removed orlov option [ 319.843010][T25592] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 319.875438][T22271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 319.914380][T25607] loop3: detected capacity change from 0 to 128 [ 319.954228][T25613] loop2: detected capacity change from 0 to 128 [ 320.050999][T25624] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 321.211376][T25764] loop3: detected capacity change from 0 to 1024 [ 321.227385][T25764] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 321.236149][T25764] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 321.250184][T25764] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.6918: bg 0: block 88: padding at end of block bitmap is not set [ 321.276856][T22271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 321.301597][ T29] kauditd_printk_skb: 245 callbacks suppressed [ 321.301616][ T29] audit: type=1400 audit(1761480924.800:11774): avc: denied { getopt } for pid=25772 comm="syz.3.6920" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 321.357598][T25779] loop3: detected capacity change from 0 to 1024 [ 321.364722][T25779] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 321.375630][T25779] EXT4-fs (loop3): group descriptors corrupted! [ 321.385773][T25779] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 321.403766][T25781] SELinux: policydb version 0 does not match my version range 15-35 [ 321.412141][T25781] SELinux: failed to load policy [ 321.451154][T25785] FAULT_INJECTION: forcing a failure. [ 321.451154][T25785] name failslab, interval 1, probability 0, space 0, times 0 [ 321.463916][T25785] CPU: 0 UID: 0 PID: 25785 Comm: syz.3.6927 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 321.463951][T25785] Tainted: [W]=WARN [ 321.463983][T25785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 321.463995][T25785] Call Trace: [ 321.464002][T25785] [ 321.464010][T25785] __dump_stack+0x1d/0x30 [ 321.464039][T25785] dump_stack_lvl+0xe8/0x140 [ 321.464066][T25785] dump_stack+0x15/0x1b [ 321.464089][T25785] should_fail_ex+0x265/0x280 [ 321.464146][T25785] should_failslab+0x8c/0xb0 [ 321.464174][T25785] kmem_cache_alloc_node_noprof+0x57/0x4a0 [ 321.464204][T25785] ? __alloc_skb+0x101/0x320 [ 321.464276][T25785] __alloc_skb+0x101/0x320 [ 321.464314][T25785] netlink_alloc_large_skb+0xbf/0xf0 [ 321.464354][T25785] netlink_sendmsg+0x3cf/0x6b0 [ 321.464377][T25785] ? __pfx_netlink_sendmsg+0x10/0x10 [ 321.464425][T25785] __sock_sendmsg+0x145/0x180 [ 321.464506][T25785] ____sys_sendmsg+0x31e/0x4e0 [ 321.464552][T25785] ___sys_sendmsg+0x17b/0x1d0 [ 321.464751][T25785] __x64_sys_sendmsg+0xd4/0x160 [ 321.464796][T25785] x64_sys_call+0x191e/0x3000 [ 321.464826][T25785] do_syscall_64+0xd2/0x200 [ 321.464869][T25785] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 321.464897][T25785] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 321.464929][T25785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.465031][T25785] RIP: 0033:0x7f6c68daefc9 [ 321.465050][T25785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.465074][T25785] RSP: 002b:00007f6c67817038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 321.465146][T25785] RAX: ffffffffffffffda RBX: 00007f6c69005fa0 RCX: 00007f6c68daefc9 [ 321.465232][T25785] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 321.465246][T25785] RBP: 00007f6c67817090 R08: 0000000000000000 R09: 0000000000000000 [ 321.465259][T25785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.465270][T25785] R13: 00007f6c69006038 R14: 00007f6c69005fa0 R15: 00007ffe6c6215b8 [ 321.465290][T25785] [ 321.699022][T25790] SELinux: policydb version 0 does not match my version range 15-35 [ 321.707357][T25790] SELinux: failed to load policy [ 321.830214][T25796] loop3: detected capacity change from 0 to 1024 [ 321.921880][T25796] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 321.930381][T25796] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 321.943937][T25796] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.6931: bg 0: block 88: padding at end of block bitmap is not set [ 321.970018][T22271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 321.998321][T25801] loop3: detected capacity change from 0 to 164 [ 322.005538][T25801] Unable to read rock-ridge attributes [ 322.011555][T25801] Unable to read rock-ridge attributes [ 322.018254][T25801] Unable to read rock-ridge attributes [ 322.044812][T25803] __nla_validate_parse: 5 callbacks suppressed [ 322.044828][T25803] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6933'. [ 322.067742][T25803] loop3: detected capacity change from 0 to 1024 [ 322.074952][T25803] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 322.086013][T25803] EXT4-fs (loop3): group descriptors corrupted! [ 322.095225][T25803] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 322.213024][T25807] loop3: detected capacity change from 0 to 128 [ 322.376813][ T29] audit: type=1326 audit(1761480925.880:11775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25811 comm="syz.0.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 322.379604][T25812] serio: Serial port ptm0 [ 322.401795][ T29] audit: type=1326 audit(1761480925.880:11776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25811 comm="syz.0.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 322.428647][ T29] audit: type=1326 audit(1761480925.880:11777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25811 comm="syz.0.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 322.452320][ T29] audit: type=1326 audit(1761480925.880:11778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25811 comm="syz.0.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 322.475959][ T29] audit: type=1326 audit(1761480925.880:11779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25811 comm="syz.0.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 322.499567][ T29] audit: type=1326 audit(1761480925.880:11780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25811 comm="syz.0.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 322.523257][ T29] audit: type=1326 audit(1761480925.880:11781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25811 comm="syz.0.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 322.547020][ T29] audit: type=1326 audit(1761480925.880:11782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25811 comm="syz.0.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 322.570890][ T29] audit: type=1326 audit(1761480925.880:11783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25811 comm="syz.0.6937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f945f99efc9 code=0x7ffc0000 [ 322.813469][T25827] loop1: detected capacity change from 0 to 164 [ 322.823686][T25827] Unable to read rock-ridge attributes [ 322.836209][T25828] loop2: detected capacity change from 0 to 128 [ 322.921797][T25827] Unable to read rock-ridge attributes [ 322.988691][T25837] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6948'. [ 323.006154][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 323.033987][T25837] tipc: Started in network mode [ 323.038936][T25837] tipc: Node identity ac14140f, cluster identity 4711 [ 323.045989][T25837] tipc: New replicast peer: 255.255.255.255 [ 323.052138][T25837] tipc: Enabled bearer , priority 10 [ 323.152809][T25845] pim6reg: entered allmulticast mode [ 323.168865][T25845] pim6reg: left allmulticast mode [ 323.573878][T25853] loop3: detected capacity change from 0 to 128 [ 323.874813][T25863] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 323.937351][T25865] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6958'. [ 323.956604][T25869] loop4: detected capacity change from 0 to 512 [ 323.962836][T25865] team1: entered promiscuous mode [ 323.963866][T25869] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 323.968755][T25865] team1: entered allmulticast mode [ 323.982567][T25865] 8021q: adding VLAN 0 to HW filter on device team1 [ 323.989995][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 324.008849][T25869] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.6960: bg 0: block 104: invalid block bitmap [ 324.024621][T25869] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 324.057584][T25869] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.6960: invalid indirect mapped block 1 (level 1) [ 324.100732][T25869] EXT4-fs (loop4): 1 truncate cleaned up [ 324.124428][T25869] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 324.151934][T25812] binfmt_misc: register: failed to install interpreter file ./file0 [ 324.184612][T25869] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 324.185963][ T3401] tipc: Node number set to 2886997007 [ 324.300534][T25885] loop1: detected capacity change from 0 to 1024 [ 324.319349][T25885] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 324.333560][T25885] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 324.374947][T25885] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.6966: bg 0: block 88: padding at end of block bitmap is not set [ 324.454124][T25325] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 324.522573][T25892] loop1: detected capacity change from 0 to 128 [ 324.747320][T25902] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 324.755683][T25902] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 324.824248][T25908] 9pnet_fd: Insufficient options for proto=fd [ 324.838085][T25910] loop4: detected capacity change from 0 to 1024 [ 324.849528][T25910] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 324.859348][T25910] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 324.875168][T25910] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.6975: bg 0: block 88: padding at end of block bitmap is not set [ 324.900838][T21621] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 324.991116][T25926] tipc: Started in network mode [ 324.996226][T25926] tipc: Node identity ac14140f, cluster identity 4711 [ 325.003107][T25926] tipc: New replicast peer: 255.255.255.255 [ 325.009201][T25926] tipc: Enabled bearer , priority 10 [ 325.181043][T25940] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6987'. [ 325.200968][T25940] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 325.284020][T25944] SELinux: policydb version 0 does not match my version range 15-35 [ 325.292948][T25944] SELinux: failed to load policy [ 325.441957][T25954] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6993'. [ 325.456752][T25954] loop1: detected capacity change from 0 to 1024 [ 325.466545][T25954] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 325.477601][T25954] EXT4-fs (loop1): group descriptors corrupted! [ 325.497006][T25954] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 325.529936][T25959] loop4: detected capacity change from 0 to 164 [ 325.538390][T25959] Unable to read rock-ridge attributes [ 325.545815][T25959] Unable to read rock-ridge attributes [ 325.552052][T25959] Unable to read rock-ridge attributes [ 325.650145][T25967] loop1: detected capacity change from 0 to 164 [ 325.657500][T25969] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 325.665776][T25969] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 325.666171][T25967] Unable to read rock-ridge attributes [ 325.684048][T25967] Unable to read rock-ridge attributes [ 325.805996][ C1] ================================================================== [ 325.814300][ C1] BUG: KCSAN: data-race in wq_worker_tick / wq_worker_tick [ 325.821540][ C1] [ 325.823891][ C1] read-write to 0xffff8881010788b8 of 8 bytes by interrupt on cpu 0: [ 325.831991][ C1] wq_worker_tick+0x60/0x230 [ 325.836627][ C1] sched_tick+0x11a/0x270 [ 325.840992][ C1] update_process_times+0x15f/0x190 [ 325.846211][ C1] tick_nohz_handler+0x249/0x2d0 [ 325.851226][ C1] __hrtimer_run_queues+0x20f/0x5a0 [ 325.856472][ C1] hrtimer_interrupt+0x21a/0x460 [ 325.861464][ C1] __sysvec_apic_timer_interrupt+0x5f/0x1d0 [ 325.867411][ C1] sysvec_apic_timer_interrupt+0x6f/0x80 [ 325.873094][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 325.879122][ C1] __sanitizer_cov_trace_pc+0x8/0x70 [ 325.884613][ C1] __static_key_slow_dec_cpuslocked+0xc/0x180 [ 325.890789][ C1] static_key_slow_dec+0x34/0x70 [ 325.895783][ C1] io_ring_ctx_free+0x23d/0x3a0 [ 325.900686][ C1] io_ring_exit_work+0x529/0x560 [ 325.905690][ C1] process_scheduled_works+0x4ce/0x9d0 [ 325.911203][ C1] worker_thread+0x582/0x770 [ 325.915829][ C1] kthread+0x489/0x510 [ 325.919955][ C1] ret_from_fork+0x122/0x1b0 [ 325.924744][ C1] ret_from_fork_asm+0x1a/0x30 [ 325.929553][ C1] [ 325.931992][ C1] read-write to 0xffff8881010788b8 of 8 bytes by interrupt on cpu 1: [ 325.940074][ C1] wq_worker_tick+0x60/0x230 [ 325.944787][ C1] sched_tick+0x11a/0x270 [ 325.949164][ C1] update_process_times+0x15f/0x190 [ 325.954403][ C1] tick_nohz_handler+0x249/0x2d0 [ 325.959384][ C1] __hrtimer_run_queues+0x20f/0x5a0 [ 325.964622][ C1] hrtimer_interrupt+0x21a/0x460 [ 325.969588][ C1] __sysvec_apic_timer_interrupt+0x5f/0x1d0 [ 325.975532][ C1] sysvec_apic_timer_interrupt+0x6f/0x80 [ 325.981386][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 325.987410][ C1] __tsan_read_write8+0x14d/0x190 [ 325.992497][ C1] bpf_trace_run2+0xd5/0x1c0 [ 325.997145][ C1] __traceiter_kfree+0x2e/0x50 [ 326.001954][ C1] kfree+0x351/0x400 [ 326.005884][ C1] io_alloc_cache_free+0xc0/0xe0 [ 326.010873][ C1] io_rsrc_cache_free+0x20/0x40 [ 326.015774][ C1] io_free_alloc_caches+0x65/0x70 [ 326.021264][ C1] io_ring_ctx_free+0x78/0x3a0 [ 326.026082][ C1] io_ring_exit_work+0x529/0x560 [ 326.031069][ C1] process_scheduled_works+0x4ce/0x9d0 [ 326.036587][ C1] worker_thread+0x582/0x770 [ 326.041314][ C1] kthread+0x489/0x510 [ 326.045523][ C1] ret_from_fork+0x122/0x1b0 [ 326.050161][ C1] ret_from_fork_asm+0x1a/0x30 [ 326.055013][ C1] [ 326.057475][ C1] value changed: 0x0000000000111700 -> 0x0000000000113e10 [ 326.057991][ T3621] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 326.065023][ C1] [ 326.065029][ C1] Reported by Kernel Concurrency Sanitizer on: [ 326.065049][ C1] CPU: 1 UID: 0 PID: 19227 Comm: kworker/u8:9 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 326.091258][ C1] Tainted: [W]=WARN [ 326.095087][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 326.105177][ C1] Workqueue: iou_exit io_ring_exit_work [ 326.110791][ C1] ================================================================== [ 326.126744][ T10] tipc: Node number set to 2886997007 [ 330.696168][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 332.691657][ T29] kauditd_printk_skb: 5633 callbacks suppressed [ 332.691741][ T29] audit: type=1400 audit(1761480936.190:17417): avc: denied { recv } for pid=0 comm="swapper/0" saddr=10.128.0.163 src=41716 daddr=10.128.1.91 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1