last executing test programs: 3.837055035s ago: executing program 2 (id=5797): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x6}, 0x44) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000002c0)=ANY=[@ANYBLOB='H\x00\x00', @ANYRES16=r3, @ANYBLOB="0100d0000000fbdbdf25010000001800018014000200766574683100000000000000000000001c0002800c"], 0x48}, 0x1, 0x0, 0x0, 0x840}, 0x4008800) 3.791263057s ago: executing program 2 (id=5799): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000980)='mm_page_free\x00', r0, 0x0, 0x3}, 0x18) madvise(&(0x7f0000fec000/0x12000)=nil, 0x12000, 0x1) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffff"], 0x48) r2 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab) fadvise64(r2, 0x7f, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc6, &(0x7f0000000400)=""/198, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_GET(r3, 0x4b72, &(0x7f0000000000)={0x1, 0x1, 0x12, 0x12, 0x132, &(0x7f00000003c0)}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$KDSKBSENT(r3, 0x4b49, &(0x7f0000000ac0)={0xfb, "58cf24090f402f26bca8eb1982f0f96370d3b439824025d93140c01d38fb7da0bb78fc2fe406f0a7b424d3e05f4c76f71d0be92de43b09849d969d944d329658b3a1ae19a16a5a080acf66fc4aea24b762e8ce3d65ac49284f8e124bfbeeaa748df517e357a40ec794ba231e83607c6d658e5361d5286dec6c04aef29f00edc3747b0784ddcb486691a3addf3f08b5d14c9afba928c78fe2a9205091302141705277ee88105aa5f07fc29f6bc246e7706cd8d4eaf95de10d5dc677d7085cc9c012477ca2465a1eec3fcf9fcbeda4bc90fa4d678536c3e034af4f03da25f43a3ad1564cd9c1c6e36759c599bbe3bcf6c302e28cbac76c8c0488e75baa6246b25bc775486a73461153be7720001062d7635896ab651493ea3aaba4bca1f9565593949f45d5a2bbc45ee008bfddb832049a629fc7154d2b32d23210cd534bfac9de1bb46ea14a690a25b15e7e838800a7a689ea8eb18c0cc4d4912ca13420fe147f9bc9a63a577caf05ce5217103ce22c67d1fc51821145a6f22a237ca589cda1e6c5672346eaf2bbc69b63d704aa76933ec7cc73e938f57e722260858663f72e6a29fc4443e6129de6a25253d1d43e8f31cbab8936487e6012bdc7b9ed355e72d15890f0ba281d351525335f361dc4451e3ca79580a41f23f4bd94b58f4da086678ef245ac477d07e8c8751c45d4974b57ecc0b972e9c549c0dbeccb5ce2b9a5d6"}) getsockopt$CAN_RAW_JOIN_FILTERS(0xffffffffffffffff, 0x65, 0x6, 0x0, 0x0) 2.802401909s ago: executing program 2 (id=5802): bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e6400000000"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x10000, {0x0, 0x0, 0x0, r3, {0xc, 0xffff}, {0x0, 0x4}, {0xfff3, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x0) listen(0xffffffffffffffff, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x28, r4, 0x400, 0x70bd2e, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x81, 0x5d}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x24000000}, 0x24044011) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0xe, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x31}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) r6 = socket(0x28, 0x5, 0x0) socket$inet(0x2, 0x0, 0x200) r7 = getpid() sched_setaffinity(r7, 0x8, &(0x7f0000000140)=0x4) connect$vsock_stream(r6, &(0x7f0000000080), 0x10) ioctl$BTRFS_IOC_RM_DEV(r6, 0x5000940b, 0x0) 2.664987176s ago: executing program 2 (id=5806): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r1}, 0x20) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) fcntl$lock(r2, 0x5, &(0x7f0000000000)={0x0, 0x2, 0x7fffffffffffffff, 0x5}) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x109040, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000), 0x20000328) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, 0x0, &(0x7f00000003c0)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, &(0x7f0000000280)={0x3a16bf54, 0x48, [0x4, 0xb4cc, 0xe7, 0x81], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$GIO_CMAP(r3, 0x4b70, &(0x7f0000000100)) r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f00003f0000/0x2000)=nil, 0x2000, 0x4, 0x11012, r4, 0x308000) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x204, 0x10021, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) 2.026762453s ago: executing program 4 (id=5820): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = perf_event_open(&(0x7f00000005c0)={0x0, 0x80, 0x5c, 0x9, 0x2, 0xd, 0x0, 0x5, 0x2040, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x1, @perf_bp={&(0x7f00000003c0), 0xe}, 0x80, 0xd, 0x4, 0x4, 0x0, 0x71e, 0x1, 0x0, 0x2, 0x0, 0xfeb}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000400), 0xe}, 0x100002, 0x0, 0xffffffff, 0x3, 0x1cc0, 0xffffffff, 0x1}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB='\a\x00\x00'], 0x50) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b700000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f0000000bc0)='kfree\x00', r5, 0x0, 0xfffffffffffffff4}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4804}, 0x18) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = io_uring_setup(0x330b, &(0x7f00000002c0)={0x0, 0xddb2, 0x1, 0x503fc, 0x8100014e}) r7 = socket$rds(0x15, 0x5, 0x0) bind$rds(r7, &(0x7f0000000040)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendmsg$rds(r7, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x44, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) close_range(r6, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.925858837s ago: executing program 2 (id=5821): r0 = syz_io_uring_setup(0x2e43, &(0x7f0000000000)={0x0, 0x3164, 0x40, 0x1, 0x108}, &(0x7f0000000080), &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000100), 0x100000000000001a) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r0, 0xc, 0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x2400000000000000, 0x0, 0x0) 1.905912818s ago: executing program 2 (id=5823): r0 = msgget$private(0x0, 0x190) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a58000000060a010400000000000000000a0000040900010073797a31000000002c0004802800018007000100637400001c0002800500030001000000080002400000001408000140000000090900020073"], 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000800000000005e002200850000006d00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, 0x2}, 0x94) syz_read_part_table(0x63a, &(0x7f0000000640)="$eJzs0z+IXFUbB+DfvXdn7ky+XSZ8pBAjZgtrC7eJxZIs+AexSFC0sLGyE4uAhYXMLAloJ4IgFpomoFgYBLWKaCG7YiHGKlhJWGxFEG0CV+6Zmd0gosIGo+F52L33nnPec85757w3/KcN57fqoGdy7wd9q5tOk9lKMlj0X29HmSVd13XzjvXkqfefeOjJx9u8ubqcvV6Vx2FZcNzP7f9PPlsGm4NduskDV7Myzmx214ff7jb7OVypkxPJqZvTKqM/pXn70vdVLh7/q1d6JUfKfe2PBsejv//b8O93eXNncr7u2rW1UsulWB+sZmVsr2vSTatqsKzypY3Pksxuyf7NskqrKtcefXnvvqsn+xzqNsnuZB7TLoN/KMW3vWiV76ja//Sm5TorX0zzQvaD+rDtgw1P95ePq9Vbkj2HVervwrnh5yvlZK5dPHa9qur051enzvT1wa9dt70okhvdKDmxniN1qZv2dicPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcUVaSDPdbX2VjnPHx1+rTqavkm9K5kfYgvknydbVovNEeev/LmzuT8xfOjdMuFh0MB8ux3UHOvFPSO5r0w3X5y3aS0dMlZHjoBLityvn3p/jS5i+Lg1/N/LTz/+++GC/jfh6OpsdeLM1ZMlp2f3TTUtWpUs1ZTu/NC/R/i1bXlJmKBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADubA8/8tj62a26TVJVo0lSH720U0Zm5dp1Te7+9Jn3nv9ya7T7XHKm/STJjer365xt5/crddrck9y/0reG2Xs1efet/rnZj636Zbd+/IfekD/zWwAAAP//HUJmeQ==") bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) msgctl$IPC_INFO(r0, 0x3, &(0x7f0000000380)=""/157) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x64, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x2}, 0x18) syz_usb_connect$cdc_ncm(0x3, 0x8c, &(0x7f0000000100)=ANY=[], &(0x7f0000000340)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x201, 0x2, 0x4c, 0x3, 0x40, 0x5}, 0x13, &(0x7f0000000d00)=ANY=[@ANYBLOB="050f13000203100b0b10010c0a0001008e004080f72600bfd129eff1265aeebf5fd4e401d06bff614d40c8f651a318f899ecd60fb3a448f4d918c219f2786b4de89d9ce19344bc6a9786cdb338885c9a07165ebb"], 0x3, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x406}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x860}}, {0x0, 0x0}]}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @loopback}, 0x1c) listen(r4, 0x5) accept4(r4, &(0x7f0000000240)=@x25, 0x0, 0x80800) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r5, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @empty, 0xfffffffe}, 0x1c) sendto$inet6(r5, &(0x7f00000002c0)='f', 0xffffffffffffff1a, 0x8884, 0x0, 0x31) 1.823678002s ago: executing program 4 (id=5825): r0 = syz_io_uring_setup(0x1104, &(0x7f00000004c0)={0x0, 0xfffffffd, 0x1000, 0xfffffffe, 0xcb}, &(0x7f00000003c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1fc, 0x0, 0x1}) io_uring_enter(r0, 0x47fa, 0xfd5d, 0x200000000000000, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x7, 0x4, 0x200, 0x21db}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b1"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000b00)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x1034}, 0x18) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="09000000020018006d0500000200000000000000", @ANYRES32, @ANYRES64=0x0, @ANYRESOCT, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003f80)=ANY=[], 0x1, 0x2f4, &(0x7f0000000900)="$eJzs3M9PE1sUwPHTn7QlUBYv7+W95IUb3ehmAtW10hhIjE0kSI0/EpMBptp0bEmnwdQY0ZVb4x/hgrBkR6L8A2zc6caNOzYmLmRhrOn8oKVMKYVKEb6fhMxhzj3tvZ2SnNt02Lrz+nEhZ2k5vSLBmJKAiMi2yIgExRNwj0E7jkqzF3Jx8NvH/2/dvXcjnclMzig1lZ69lFJKDY++e/Is7g5bH5DNkQdbX1NfNv/e/Hfr5+yjvKXyliqWKkpXc6XPFX3ONNRC3ipoSk2bhm4ZKl+0jLKTLzn5nFlaXKwqvbgwlFgsG5al9GJVFYyqqpRUpVxVoYd6vqg0TVNDCUEn2ZWZGT19yOL5Hk8Gv0m5nNZDIhLfk8mu9GVCAACgr1r7/6CoXvb/q+c2KoO314bd/n896tf/X/7kPNau/j8mIr79v/f8vv2/3l3/v7cjOluO1P/jZBiN7jkVaIT1ZDmtJ9y/X9vL+6tjdkD/DwAAAAAAAAAAAAAAAAAAAADAn2C7VkvWarWkd/R+6rmYiDT/3iIkIlePf8bopXbXf6Dz9ccp0LhxLzwsYr5ayi5lnaM7YENETDFkTJLyw34/uOqxd+eRqhuR9+ayW7+8lA3ZmXRO8nb9uCQj0lpfq01dz0yOK8fu+ogkmutTkpS//OtTvvVRuXC+qV6TpHyYl5KYsmDPo1H/fFypazczLfVxexwAAAAAAKeBpnb47t81rV3eqd/ZX7d+PhBq7K/HfPfnYfkv3N+1AwAAAABwVljVpwXdNI3yPkFcOo9xgsgBxrQG4W4GdxF4Kzxolfddhh5P42CB9+S7UjH3ZM9flkAXL0ubICiHqRqtr0YddRXex0btxsj0xPFfQTv4583b7717wCtrsQ4rPXwQ2v8NEHG//gUAAADgFGk0/d6Zif5OCAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAM+g4/jtav9cIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnBS/AgAA//9p2gTn") r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000040), 0x208e24b) 1.334547473s ago: executing program 1 (id=5829): bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]}) 1.333757263s ago: executing program 1 (id=5830): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = perf_event_open(&(0x7f00000005c0)={0x0, 0x80, 0x5c, 0x9, 0x2, 0xd, 0x0, 0x5, 0x2040, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x1, @perf_bp={&(0x7f00000003c0), 0xe}, 0x80, 0xd, 0x4, 0x4, 0x0, 0x71e, 0x1, 0x0, 0x2, 0x0, 0xfeb}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000400), 0xe}, 0x100002, 0x0, 0xffffffff, 0x3, 0x1cc0, 0xffffffff, 0x1}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB='\a\x00\x00'], 0x50) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b000000b700000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f0000000bc0)='kfree\x00', r4, 0x0, 0xfffffffffffffff4}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4804}, 0x18) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = io_uring_setup(0x330b, &(0x7f00000002c0)={0x0, 0xddb2, 0x1, 0x503fc, 0x8100014e}) r6 = socket$rds(0x15, 0x5, 0x0) bind$rds(r6, &(0x7f0000000040)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendmsg$rds(r6, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x44, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10) 1.219300918s ago: executing program 4 (id=5831): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r1}, 0x20) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) fcntl$lock(r2, 0x5, &(0x7f0000000000)={0x0, 0x2, 0x7fffffffffffffff, 0x5}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x109040, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000), 0x20000328) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, 0x0, &(0x7f00000003c0)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, &(0x7f0000000280)={0x3a16bf54, 0x48, [0x4, 0xb4cc, 0xe7, 0x81], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$GIO_CMAP(r3, 0x4b70, &(0x7f0000000100)) r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f00003f0000/0x2000)=nil, 0x2000, 0x4, 0x11012, r4, 0x308000) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x204, 0x10021, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_clone(0x26801000, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) 1.184979608s ago: executing program 1 (id=5833): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc3c0000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a3100000000100003800c000080080003400000000214000000110001"], 0xa0}, 0x1, 0x0, 0x0, 0x24000850}, 0x40) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f0000000100)={0x0, 0x20, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="40000000210a010900000000000000000a0000010900020073797a31000000000900010073797a31"], 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newqdisc={0x50, 0x24, 0xf0b, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x0, 0xc}, {0xffff, 0xffff}, {0xd, 0xc}}, [@qdisc_kind_options=@q_mq={0x7}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x5, 0x5, 0x12, 0x400, 0x1, 0x200}}, {0x4}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x44004}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r7}, 0x10) perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x4, 0x0, 0x6, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 1.016499576s ago: executing program 1 (id=5834): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x0, 0x0}) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18) r3 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c) ftruncate(r3, 0x200004) 969.514498ms ago: executing program 1 (id=5835): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x18) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x1d}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x11, 0x0, 0x2}}}}}}}, 0x0) 943.087999ms ago: executing program 1 (id=5836): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000740)={0x0}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000000180)={r1, 0x40000000001, 0x7}) munlockall() r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r4 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8e}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5, 0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f00000001c0)=r4}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10) pipe2(&(0x7f0000001cc0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) mount$9p_fd(0x0, &(0x7f0000000280)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="7472616e733d0100", @ANYRESHEX=r8, @ANYRES32=r5, @ANYRESHEX=r0, @ANYBLOB=',access=', @ANYRESDEC, @ANYRESHEX=r2]) r10 = socket$nl_generic(0x10, 0x3, 0x10) sigaltstack(&(0x7f0000000000)={0x0, 0x80000001, 0x54797c198fc260f8}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002b80)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r9, 0xc018937c, &(0x7f0000000300)={{0x1, 0x1, 0x18, r6, {0x1}}, './file0\x00'}) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x2400, 0x4) getresuid(0x0, 0x0, 0x0) sendmsg$NL80211_CMD_SET_TID_CONFIG(r10, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000a40)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="595326bd7000fddbdf256b00000010001d800c00008005000900ba000000"], 0x24}, 0x1, 0x0, 0x0, 0x8441}, 0x4000000) r12 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000090000010073797a30000000000900030073797a32000000009c000000060a010400000000000001000100000008000b400000000074000480340001800b000100657874686472000024000280080001400000000c0800034000000000080004400000002205000200070000003c0001800c00010062697477697365002c000280080003400000000208000140000000140800024000000012040005800c000480060001008a9500000900010073797a3000000000140000001100010000000000000000000700000a"], 0x110}}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r9, 0xc0502100, &(0x7f00000004c0)) 797.618135ms ago: executing program 0 (id=5840): bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]}) 777.471076ms ago: executing program 0 (id=5841): sendmsg$inet(0xffffffffffffffff, 0x0, 0x865) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x18) syslog(0x4, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @empty}], 0x1c) sendto$inet6(r2, &(0x7f0000000080)="b1", 0xfffd, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) close_range(r1, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00'}, 0x18) 748.906768ms ago: executing program 3 (id=5842): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xb, &(0x7f00000008c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000040000000000000000000300000a20000000000a05000000000000000000070000000900010073797a300000000044000000090a010400000000000000000700ffff08000a40000000030900020073797a31000000000900010073797a3000000000080005400000002105000d40930000005c0000000c0a01020000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c0000800400018024000b80100001800c0001"], 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CALIPSO_C_ADD(r3, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000b80)={0x24, 0x0, 0x6a513da061e1002b, 0x0, 0x100000, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}]}, 0x24}}, 0x0) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="140100002900010000000000fcdbdf2503"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000080)={[{@user_xattr}, {@grpquota}]}, 0x9, 0x537, &(0x7f0000000fc0)="$eJzs3c9vI1cdAPCvJ4mTbtNmF3qACtgFCgtarb3xtlHVC90LCFWVEIgD4rANiTcKseMQO1UTIpH+DXDgCn8CByQOSD1x4MYRiQNCKgekBSLQBgkkoxlPUm/idL2Nf0D8+UijmTfPM9/3ksy8mefJvAAm1o2IOIiIYkS8FREL+fpCPsXrnSn93KPD/ZWjw/2VQrTb3/pbIctP10XXNqln833ORcQ3vxbxvcLZuM3dvY3lWq26nafLrfpWubm7d3u9vrxWXatuVipLi0t3Xr37SmVgdb1e/8XDr66/8e1f/+rT7//u4Ms/TIs1n+d112OQOlWfOYmTmo6IN4YRbAym8nlxzOXgo0ki4mMR8bns+F+IqeyvEwC4zNrthWgvdKcBgMsuyfrACkkp7wuYjyQplTp9eC/ElaTWaLZuPWjsbK52+squxkzyYL1WvXNt9g8/yK4YZgppejHLy/KzdOVU+m5EXIuIn8w+k6VLK43a6vguewBgoj17qv3/52yn/e9Dj2/1AID/G3PjLgAAMHLafwCYPNp/AJg8fbT/+Zf9B0MvCwAwGk9x/58MsxwAwOjo/weAyaP9B4CJ8o0330yn9lH+/uvVt3d3Nhpv316tNjdK9Z2V0kpje6u01misZe/sqT9pf7VGY2vx5dh5p9yqNlvl5u7e/XpjZ7N1P3uv9/3qzEhqBQB8mGvX3/t9ISIOXnsmm6JrLAdtNVxunueByeUlfjC5jPYFk6v/e/zfDrUcwPj0vA+Y67n4uJ8+RRDPGcH/lJuf7L//3xjPcLno/4fJNfWRtpodeDmA0dP/D5Or3S6cHvO/eJIFAFxKF3jGv/2jQV2EAGP1pOeAB/L9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwy8xHx/SgkpXws8PlIklIp4rmIuBozhQfrteqdiHg+rkfEzGyaXhx3oQGAC0r+UsjH/7q58NL86dxi4V/ZYP/FtPXP120vpuv/frJ+9nj4sMoH211gXEEAYMDeWW61tiv5vOtG/tHh/srxNMryPLwX/8mHIl45OtzPpk7OdExn87nsWuLKPwp5ujMW6YsRMTWA+AfvRsQnetW/kPWNXM1HPu2OH3ns50YaP3ksfpLldebpxdfHB1AWmDTv3YuI13sdf0ncyOa9j/+57Ax1cQ/vdXZ2fO47OtwvHsc/Pv9N9YifHvM3+o3x8m++fmZle6GT927Ei9OPxT85/xzHL5wT/6U+4//xU5/58VfOyWv/LOJm9I7fHavcqm+Vm7t7t9fry2vVtepmpbK0uHTn1buvVMpZH3X5uKf6rL++duv588qW1v/KOfHneta/eLLtF/qs/8///dZ3P/sh8b/0+V7xk3ihZ/yOtE38Yp/xl6/88tzhu9P4q+fU/0m//1t9xn//z3urfX4UABiB5u7exnKtVt2+0EJ6FzqI/ZxZSIs40B32WCh2Ff5PMdxYT7UwM6yf6tAXpk+uFQe75++kexxxdZKB1+JCC49GFWu85yVg+D446MddEgAAAAAAAAAAAAAA4Dyj+NelcdcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy+u/AQAA//9xkcaD") r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x0, 0xd}, 0x2000, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0x1, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter\x00') pread64(r5, 0x0, 0x0, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r6}, 0x18) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) socket$isdn(0x22, 0x3, 0x1) 730.120959ms ago: executing program 4 (id=5843): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = perf_event_open(&(0x7f00000005c0)={0x0, 0x80, 0x5c, 0x9, 0x2, 0xd, 0x0, 0x5, 0x2040, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x1, @perf_bp={&(0x7f00000003c0), 0xe}, 0x80, 0xd, 0x4, 0x4, 0x0, 0x71e, 0x1, 0x0, 0x2, 0x0, 0xfeb}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000400), 0xe}, 0x100002, 0x0, 0xffffffff, 0x3, 0x1cc0, 0xffffffff, 0x1}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB='\a\x00\x00'], 0x50) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b000000b700000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f0000000bc0)='kfree\x00', r4, 0x0, 0xfffffffffffffff4}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4804}, 0x18) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = io_uring_setup(0x330b, &(0x7f00000002c0)={0x0, 0xddb2, 0x1, 0x503fc, 0x8100014e}) r6 = socket$rds(0x15, 0x5, 0x0) bind$rds(r6, &(0x7f0000000040)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendmsg$rds(r6, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x44, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10) 691.57608ms ago: executing program 0 (id=5844): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc3c0000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a3100000000100003800c000080080003400000000214000000110001"], 0xa0}, 0x1, 0x0, 0x0, 0x24000850}, 0x40) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f0000000100)={0x0, 0x20, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="40000000210a010900000000000000000a0000010900020073797a31000000000900010073797a31"], 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newqdisc={0x50, 0x24, 0xf0b, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x0, 0xc}, {0xffff, 0xffff}, {0xd, 0xc}}, [@qdisc_kind_options=@q_mq={0x7}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x5, 0x5, 0x12, 0x400, 0x1, 0x200}}, {0x4}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x44004}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r7}, 0x10) perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x4, 0x0, 0x6, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 614.933714ms ago: executing program 4 (id=5845): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x0, 0x0}) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18) r3 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c) ftruncate(r3, 0x200004) 596.067104ms ago: executing program 4 (id=5846): r0 = io_uring_setup(0x5cac, &(0x7f0000000280)={0x0, 0xcd6d, 0x20, 0x0, 0x186}) r1 = io_uring_setup(0x7f56, &(0x7f0000000340)={0x0, 0x3540, 0x8, 0x100b, 0x194, 0x0, r0}) r2 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000240)={0x20000000}) r6 = socket(0x1, 0x80802, 0x0) readahead(r5, 0x3ff, 0x7) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000200)={0xc0002001}) r7 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r7, &(0x7f0000000100)={0xa000000d}) r8 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r2, &(0x7f0000000000)={0xa0000001}) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1200000004000000040000001200000000000000", @ANYRES32, @ANYBLOB="000000000000000000000003000000000000cbda91f698850b6a4ff025d49215a9a22dd2f8ea5174ee091c65a00ffdee9a324c677f51fad02d6d02b4c329773160b9abfe192262ed159ee2b5d7c7b05a15a1104d", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) unshare(0x2000400) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={@map=r9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) ppoll(&(0x7f0000000200)=[{r8, 0x1}], 0x1, 0x0, 0x0, 0x3) r10 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r10, 0x8982, &(0x7f0000000340)={0x0, 'ip_vti0\x00', {}, 0x7}) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000040000000000000000000000850000007b00000018010000756c6c2500000000002020207b1af8ff00000000bfa10000000000000701000002ffffffb702000008000000b703000007030000850000001700000095"], &(0x7f0000000040)='GPL\x00', 0xc, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r11, 0x0, 0xe, 0x27, &(0x7f00000000c0)="c1188e19b95d02ff4284860186dd", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x27) epoll_wait(r8, &(0x7f0000000140)=[{}], 0x1, 0xffffffff) close_range(r1, 0xffffffffffffffff, 0x0) 557.599006ms ago: executing program 0 (id=5847): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x1d}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x11, 0x0, 0x2}}}}}}}, 0x0) 541.145747ms ago: executing program 0 (id=5848): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) syz_usbip_server_init(0x6) 493.109768ms ago: executing program 3 (id=5849): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = perf_event_open(&(0x7f00000005c0)={0x0, 0x80, 0x5c, 0x9, 0x2, 0xd, 0x0, 0x5, 0x2040, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x3, 0x1, @perf_bp={&(0x7f00000003c0), 0xe}, 0x80, 0xd, 0x4, 0x4, 0x0, 0x71e, 0x1, 0x0, 0x2, 0x0, 0xfeb}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000400), 0xe}, 0x100002, 0x0, 0xffffffff, 0x3, 0x1cc0, 0xffffffff, 0x1}, 0x0, 0xffffffffffffffff, r1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB='\a\x00\x00'], 0x50) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000001b000000b700000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f0000000bc0)='kfree\x00', r6, 0x0, 0xfffffffffffffff4}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4804}, 0x18) r7 = io_uring_setup(0x330b, &(0x7f00000002c0)={0x0, 0xddb2, 0x1, 0x503fc, 0x8100014e}) r8 = socket$rds(0x15, 0x5, 0x0) bind$rds(r8, &(0x7f0000000040)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendmsg$rds(r8, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x44, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0xb}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="54000000000801010000ffffe00000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000) 361.844514ms ago: executing program 3 (id=5850): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000018c0)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000022780)=@newlink={0x40, 0x10, 0x49920d862a92143b, 0x100000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x40}, 0x1, 0x0, 0x0, 0x8004}, 0x24000800) 278.062527ms ago: executing program 3 (id=5851): bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]}) 261.577318ms ago: executing program 3 (id=5852): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000840), 0x81, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ac4010000060a0b040000000000000000020000004c000480340001800b000100746172676574000024000280090001004d41524b000000000c00030002b51112d439c5920800024000000002140001800b0001006c6f6f6b75700000040002800900010073797a30000000000900020073797a32"], 0x1ec}}, 0x0) r3 = syz_io_uring_setup(0x2e43, &(0x7f0000000000)={0x0, 0x3164, 0x40, 0x1, 0x108}, &(0x7f0000000080), &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_RESTRICTIONS(r3, 0xb, &(0x7f0000000100), 0x100000000000001a) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r3, 0xc, 0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, 0x0, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f00000001c0)=0x1000008, 0x4) 232.72072ms ago: executing program 3 (id=5853): open(0x0, 0x0, 0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'ipvlan0\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r4}, 0x10) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fedbdf25080000001800028014000380100001800400030008000100050000000c00018008000100", @ANYRES32=r2], 0x38}, 0x1, 0x0, 0x0, 0x4000814}, 0x0) (fail_nth: 2) 0s ago: executing program 0 (id=5854): r0 = syz_io_uring_setup(0x1104, &(0x7f00000004c0)={0x0, 0xfffffffd, 0x1000, 0xfffffffe, 0xcb}, &(0x7f00000003c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1fc, 0x0, 0x1}) io_uring_enter(r0, 0x47fa, 0xfd5d, 0x200000000000000, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x7, 0x4, 0x200, 0x21db}, 0x50) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[], 0x48) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000b00)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x1034}, 0x18) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003f80)=ANY=[], 0x1, 0x2f4, &(0x7f0000000900)="$eJzs3M9PE1sUwPHTn7QlUBYv7+W95IUb3ehmAtW10hhIjE0kSI0/EpMBptp0bEmnwdQY0ZVb4x/hgrBkR6L8A2zc6caNOzYmLmRhrOn8oKVMKYVKEb6fhMxhzj3tvZ2SnNt02Lrz+nEhZ2k5vSLBmJKAiMi2yIgExRNwj0E7jkqzF3Jx8NvH/2/dvXcjnclMzig1lZ69lFJKDY++e/Is7g5bH5DNkQdbX1NfNv/e/Hfr5+yjvKXyliqWKkpXc6XPFX3ONNRC3ipoSk2bhm4ZKl+0jLKTLzn5nFlaXKwqvbgwlFgsG5al9GJVFYyqqpRUpVxVoYd6vqg0TVNDCUEn2ZWZGT19yOL5Hk8Gv0m5nNZDIhLfk8mu9GVCAACgr1r7/6CoXvb/q+c2KoO314bd/n896tf/X/7kPNau/j8mIr79v/f8vv2/3l3/v7cjOluO1P/jZBiN7jkVaIT1ZDmtJ9y/X9vL+6tjdkD/DwAAAAAAAAAAAAAAAAAAAADAn2C7VkvWarWkd/R+6rmYiDT/3iIkIlePf8bopXbXf6Dz9ccp0LhxLzwsYr5ayi5lnaM7YENETDFkTJLyw34/uOqxd+eRqhuR9+ayW7+8lA3ZmXRO8nb9uCQj0lpfq01dz0yOK8fu+ogkmutTkpS//OtTvvVRuXC+qV6TpHyYl5KYsmDPo1H/fFypazczLfVxexwAAAAAAKeBpnb47t81rV3eqd/ZX7d+PhBq7K/HfPfnYfkv3N+1AwAAAABwVljVpwXdNI3yPkFcOo9xgsgBxrQG4W4GdxF4Kzxolfddhh5P42CB9+S7UjH3ZM9flkAXL0ubICiHqRqtr0YddRXex0btxsj0xPFfQTv4583b7717wCtrsQ4rPXwQ2v8NEHG//gUAAADgFGk0/d6Zif5OCAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAM+g4/jtav9cIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnBS/AgAA//9p2gTn") fdatasync(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x2e, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x330b9072}, 0x94) kernel console output (not intermixed with test programs): EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 322.192587][ T29] audit: type=1326 audit(1764883111.350:48778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18223 comm="syz.4.4659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 322.405907][T18248] loop2: detected capacity change from 0 to 128 [ 322.439562][T18254] netlink: 'syz.0.4669': attribute type 4 has an invalid length. [ 322.478657][T18258] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4670'. [ 322.523772][T18263] netlink: 14 bytes leftover after parsing attributes in process `syz.0.4672'. [ 322.822187][T18289] lo speed is unknown, defaulting to 1000 [ 323.052923][T18289] loop2: detected capacity change from 0 to 128 [ 323.130481][T18289] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 323.143100][T18289] ext4 filesystem being mounted at /247/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 323.362865][T18306] __nla_validate_parse: 1 callbacks suppressed [ 323.362885][T18306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4686'. [ 323.503292][T13959] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 323.618473][T18334] netlink: 14 bytes leftover after parsing attributes in process `syz.2.4695'. [ 323.715933][T18334] hsr_slave_0: left promiscuous mode [ 323.724344][T18334] hsr_slave_1: left promiscuous mode [ 323.754127][T18339] lo speed is unknown, defaulting to 1000 [ 323.921949][T18337] netlink: 'syz.1.4696': attribute type 4 has an invalid length. [ 323.936933][T18337] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4696'. [ 324.205305][T18358] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4704'. [ 324.472390][T18376] syzkaller0: entered promiscuous mode [ 324.478008][T18376] syzkaller0: entered allmulticast mode [ 324.549742][T18377] lo speed is unknown, defaulting to 1000 [ 324.874454][T18381] loop2: detected capacity change from 0 to 512 [ 324.887023][T18378] 9pnet: Could not find request transport:  [ 324.911602][T18378] netlink: 'syz.1.4706': attribute type 29 has an invalid length. [ 324.937167][T18381] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.4712: inode has both inline data and extents flags [ 324.962550][T18378] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4706'. [ 324.984369][T18381] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.4712: couldn't read orphan inode 15 (err -117) [ 325.018754][T18381] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 325.033225][T18381] netlink: 'syz.2.4712': attribute type 4 has an invalid length. [ 325.054322][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 325.585425][T18415] lo speed is unknown, defaulting to 1000 [ 326.290998][T18422] lo speed is unknown, defaulting to 1000 [ 327.125208][T18452] netlink: 14 bytes leftover after parsing attributes in process `syz.2.4735'. [ 327.219376][ T29] kauditd_printk_skb: 773 callbacks suppressed [ 327.219393][ T29] audit: type=1326 audit(1764883116.410:49552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18457 comm="syz.0.4737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 327.276479][ T29] audit: type=1326 audit(1764883116.440:49553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18457 comm="syz.0.4737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f56d0bee1ff code=0x7ffc0000 [ 327.300034][ T29] audit: type=1326 audit(1764883116.440:49554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18457 comm="syz.0.4737" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 327.429090][ T29] audit: type=1326 audit(1764883116.620:49555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18464 comm="syz.1.4741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 327.458354][ T29] audit: type=1326 audit(1764883116.640:49556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18464 comm="syz.1.4741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 327.475558][T18468] loop2: detected capacity change from 0 to 512 [ 327.482000][ T29] audit: type=1326 audit(1764883116.640:49557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18464 comm="syz.1.4741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 327.511820][ T29] audit: type=1326 audit(1764883116.640:49558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18464 comm="syz.1.4741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 327.535643][ T29] audit: type=1326 audit(1764883116.650:49559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18464 comm="syz.1.4741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 327.559695][ T29] audit: type=1326 audit(1764883116.650:49560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18464 comm="syz.1.4741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 327.583327][ T29] audit: type=1326 audit(1764883116.650:49561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18464 comm="syz.1.4741" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 327.611523][T18468] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.4742: inode has both inline data and extents flags [ 327.639692][T18468] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.4742: couldn't read orphan inode 15 (err -117) [ 327.680827][T18468] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 327.736389][T18468] netlink: '+}[@': attribute type 4 has an invalid length. [ 327.743936][T18468] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=18468 comm=+}[@ [ 327.764358][T18468] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 327.794857][T18474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4743'. [ 327.830792][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 329.158714][T18508] loop2: detected capacity change from 0 to 512 [ 329.169485][T18508] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 329.179626][T18509] 9pnet: Could not find request transport:  [ 329.191959][T18508] EXT4-fs (loop2): 1 truncate cleaned up [ 329.201995][T18508] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 329.283369][T18516] lo speed is unknown, defaulting to 1000 [ 329.541593][T18509] netlink: 'syz.1.4750': attribute type 29 has an invalid length. [ 329.577912][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 329.598208][T18519] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4759'. [ 329.622655][T18509] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4750'. [ 329.814905][T18524] loop2: detected capacity change from 0 to 128 [ 329.939110][T18523] bio_check_eod: 102 callbacks suppressed [ 329.939133][T18523] syz.2.4760: attempt to access beyond end of device [ 329.939133][T18523] loop2: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 329.959549][T18523] syz.2.4760: attempt to access beyond end of device [ 329.959549][T18523] loop2: rw=2049, sector=161, nr_sectors = 8 limit=128 [ 329.973763][T18523] syz.2.4760: attempt to access beyond end of device [ 329.973763][T18523] loop2: rw=2049, sector=177, nr_sectors = 8 limit=128 [ 329.997389][T18523] syz.2.4760: attempt to access beyond end of device [ 329.997389][T18523] loop2: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 330.032950][T18523] syz.2.4760: attempt to access beyond end of device [ 330.032950][T18523] loop2: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 330.090204][T18523] syz.2.4760: attempt to access beyond end of device [ 330.090204][T18523] loop2: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 330.110943][T18523] syz.2.4760: attempt to access beyond end of device [ 330.110943][T18523] loop2: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 330.126137][T18523] syz.2.4760: attempt to access beyond end of device [ 330.126137][T18523] loop2: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 330.154627][T18523] syz.2.4760: attempt to access beyond end of device [ 330.154627][T18523] loop2: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 330.171953][T18523] syz.2.4760: attempt to access beyond end of device [ 330.171953][T18523] loop2: rw=2049, sector=289, nr_sectors = 8 limit=128 [ 330.357903][T18554] loop2: detected capacity change from 0 to 1024 [ 330.396727][T18554] EXT4-fs: test_dummy_encryption option not supported [ 330.481025][T18555] 9pnet: Could not find request transport:  [ 330.502780][T18555] netlink: 'syz.3.4763': attribute type 29 has an invalid length. [ 330.521481][T18555] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4763'. [ 330.570145][T18558] loop2: detected capacity change from 0 to 512 [ 330.615956][T18558] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.4776: inode has both inline data and extents flags [ 330.629419][T18558] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.4776: couldn't read orphan inode 15 (err -117) [ 330.642280][T18558] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 330.658132][T18566] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4775'. [ 330.670558][T18558] netlink: '+}[@': attribute type 4 has an invalid length. [ 330.678766][T18558] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 330.719257][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 330.782441][T18578] loop2: detected capacity change from 0 to 128 [ 331.044550][T18588] lo speed is unknown, defaulting to 1000 [ 331.176190][T18589] netlink: 'syz.1.4773': attribute type 29 has an invalid length. [ 331.206709][T18589] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4773'. [ 331.306244][T18598] netlink: 'syz.0.4790': attribute type 4 has an invalid length. [ 331.529146][T18622] netlink: 14 bytes leftover after parsing attributes in process `syz.1.4800'. [ 331.568457][T18623] loop2: detected capacity change from 0 to 128 [ 331.866408][T18632] loop2: detected capacity change from 0 to 128 [ 331.934286][T18636] netlink: '+}[@': attribute type 4 has an invalid length. [ 331.942130][T18636] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 332.191538][T18658] netlink: 14 bytes leftover after parsing attributes in process `syz.1.4813'. [ 332.229194][ T29] kauditd_printk_skb: 726 callbacks suppressed [ 332.229210][ T29] audit: type=1326 audit(1764883121.420:50288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18654 comm="syz.2.4812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 332.271411][ T29] audit: type=1326 audit(1764883121.420:50289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18654 comm="syz.2.4812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 332.295141][ T29] audit: type=1326 audit(1764883121.420:50290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18661 comm="syz.4.4815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 332.318873][ T29] audit: type=1326 audit(1764883121.420:50291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18661 comm="syz.4.4815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 332.331574][T18670] netlink: 'syz.4.4818': attribute type 4 has an invalid length. [ 332.342563][ T29] audit: type=1326 audit(1764883121.420:50292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18661 comm="syz.4.4815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fbeed95e1ff code=0x7ffc0000 [ 332.342602][ T29] audit: type=1326 audit(1764883121.420:50293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18661 comm="syz.4.4815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 332.401015][T18670] netlink: 'syz.4.4818': attribute type 4 has an invalid length. [ 332.411684][ T29] audit: type=1326 audit(1764883121.590:50294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18652 comm="syz.0.4811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 332.435354][ T29] audit: type=1326 audit(1764883121.590:50295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18652 comm="syz.0.4811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 332.491671][T18665] netlink: '+}[@': attribute type 4 has an invalid length. [ 332.499793][T18665] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 332.568681][T18676] netlink: '+}[@': attribute type 4 has an invalid length. [ 332.582720][T18676] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=18676 comm=+}[@ [ 332.617465][ T29] audit: type=1326 audit(1764883121.810:50296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18682 comm="syz.1.4823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 332.641352][ T29] audit: type=1326 audit(1764883121.810:50297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18682 comm="syz.1.4823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 333.248810][T18692] 9pnet: Could not find request transport:  [ 333.353759][T18710] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=18710 comm=+}[@ [ 333.440048][T18712] syzkaller0: entered promiscuous mode [ 333.445583][T18712] syzkaller0: entered allmulticast mode [ 333.722561][T18744] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=18744 comm=+}[@ [ 333.849191][T18752] syzkaller0: entered promiscuous mode [ 333.854689][T18752] syzkaller0: entered allmulticast mode [ 334.080948][T18781] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=18781 comm=+}[@ [ 334.684344][T18813] validate_nla: 9 callbacks suppressed [ 334.684362][T18813] netlink: 'syz.3.4876': attribute type 4 has an invalid length. [ 334.785599][ T787] Bluetooth: hci0: Frame reassembly failed (-84) [ 334.794829][T18821] netlink: '+}[@': attribute type 4 has an invalid length. [ 334.813328][T18821] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=18821 comm=+}[@ [ 334.916021][T18821] __nla_validate_parse: 16 callbacks suppressed [ 334.916042][T18821] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 335.006311][T18826] netlink: 14 bytes leftover after parsing attributes in process `syz.4.4879'. [ 335.106174][T18837] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4885'. [ 335.142444][T18839] netlink: 'syz.0.4880': attribute type 4 has an invalid length. [ 335.150608][T18839] netlink: 'syz.0.4880': attribute type 4 has an invalid length. [ 335.845421][T18862] netlink: '+}[@': attribute type 4 has an invalid length. [ 335.853748][T18862] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=18862 comm=+}[@ [ 335.869469][T18862] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 335.883056][T18868] netlink: 14 bytes leftover after parsing attributes in process `syz.3.4892'. [ 336.005995][T18872] netlink: '+}[@': attribute type 4 has an invalid length. [ 336.024720][T18872] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=18872 comm=+}[@ [ 336.062013][T18872] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 336.326796][T18899] netlink: 14 bytes leftover after parsing attributes in process `syz.1.4904'. [ 336.415089][T18902] lo speed is unknown, defaulting to 1000 [ 336.764977][T18912] netlink: '+}[@': attribute type 4 has an invalid length. [ 336.795839][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 336.865937][T18919] netlink: 'syz.4.4910': attribute type 13 has an invalid length. [ 337.136022][T18939] lo speed is unknown, defaulting to 1000 [ 337.407397][ T29] kauditd_printk_skb: 856 callbacks suppressed [ 337.407412][ T29] audit: type=1326 audit(1764883126.600:51154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18920 comm="syz.0.4912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 337.499284][ T29] audit: type=1326 audit(1764883126.630:51155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18920 comm="syz.0.4912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f56d0bef783 code=0x7ffc0000 [ 337.522774][ T29] audit: type=1326 audit(1764883126.630:51156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18920 comm="syz.0.4912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f56d0bef807 code=0x7ffc0000 [ 337.546408][ T29] audit: type=1326 audit(1764883126.630:51157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18920 comm="syz.0.4912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f56d0ba6bdd code=0x7ffc0000 [ 337.570050][ T29] audit: type=1326 audit(1764883126.630:51158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18920 comm="syz.0.4912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f56d0c23e89 code=0x7ffc0000 [ 337.593672][ T29] audit: type=1326 audit(1764883126.630:51159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18920 comm="syz.0.4912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f56d0ba6c47 code=0x7ffc0000 [ 337.617296][ T29] audit: type=1326 audit(1764883126.630:51160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18920 comm="syz.0.4912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f56d0ba6357 code=0x7ffc0000 [ 337.640896][ T29] audit: type=1326 audit(1764883126.630:51161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18920 comm="syz.0.4912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 337.664722][ T29] audit: type=1326 audit(1764883126.630:51162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18920 comm="syz.0.4912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 337.688397][ T29] audit: type=1326 audit(1764883126.630:51163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18920 comm="syz.0.4912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f56d0ba63b6 code=0x7ffc0000 [ 337.816527][ T787] Bluetooth: hci0: Frame reassembly failed (-84) [ 338.021950][T18941] netlink: 'syz.0.4912': attribute type 29 has an invalid length. [ 338.057227][T18941] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4912'. [ 338.568841][T18982] lo speed is unknown, defaulting to 1000 [ 339.078028][T18992] netlink: '+}[@': attribute type 4 has an invalid length. [ 339.086220][T18992] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 339.515952][T19015] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=19015 comm=+}[@ [ 339.529054][T19015] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 339.576346][ T3486] lo speed is unknown, defaulting to 1000 [ 339.582102][ T3486] syz2: Port: 1 Link ACTIVE [ 340.286255][T19032] lo speed is unknown, defaulting to 1000 [ 340.570052][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 340.619324][T19035] 9pnet: Could not find request transport:  [ 340.640603][T19035] validate_nla: 3 callbacks suppressed [ 340.640680][T19035] netlink: 'syz.1.4945': attribute type 29 has an invalid length. [ 340.662969][T19035] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4945'. [ 340.797164][T19050] loop2: detected capacity change from 0 to 512 [ 340.805602][T19050] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.4957: inode has both inline data and extents flags [ 340.819975][T19050] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.4957: couldn't read orphan inode 15 (err -117) [ 340.883628][T19050] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 340.976682][T19050] netlink: '+}[@': attribute type 4 has an invalid length. [ 340.984304][T19050] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=19050 comm=+}[@ [ 340.996961][T19050] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 341.040954][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 341.051389][T19061] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4960'. [ 341.171189][T19084] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4968'. [ 341.393301][T19105] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4976'. [ 341.493642][T19123] loop2: detected capacity change from 0 to 512 [ 341.505931][T19123] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 341.544674][T19123] EXT4-fs (loop2): 1 truncate cleaned up [ 341.556557][T19123] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 341.588741][T19132] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4985'. [ 341.623823][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 341.917912][T19158] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4992'. [ 342.123886][T19173] lo speed is unknown, defaulting to 1000 [ 342.505769][ T29] kauditd_printk_skb: 700 callbacks suppressed [ 342.505789][ T29] audit: type=1326 audit(1764883131.650:51864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz.4.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 342.535566][ T29] audit: type=1326 audit(1764883131.650:51865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz.4.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 342.559182][ T29] audit: type=1326 audit(1764883131.650:51866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz.4.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 342.582836][ T29] audit: type=1326 audit(1764883131.650:51868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz.4.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 342.606614][ T29] audit: type=1326 audit(1764883131.650:51867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz.4.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 342.630224][ T29] audit: type=1326 audit(1764883131.650:51869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz.4.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 342.653898][ T29] audit: type=1326 audit(1764883131.650:51870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz.4.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 342.677540][ T29] audit: type=1326 audit(1764883131.650:51871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz.4.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 342.701124][ T29] audit: type=1326 audit(1764883131.650:51872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19178 comm="syz.4.5000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 342.976330][T19202] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5005'. [ 342.986440][ T887] Bluetooth: hci0: Frame reassembly failed (-84) [ 343.262871][T19217] lo speed is unknown, defaulting to 1000 [ 344.032667][T19222] netlink: 'syz.3.5011': attribute type 13 has an invalid length. [ 344.195047][T19222] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.202241][T19222] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.294859][ T3486] lo speed is unknown, defaulting to 1000 [ 344.300691][ T3486] syz2: Port: 1 Link DOWN [ 344.305643][T19224] lo speed is unknown, defaulting to 1000 [ 344.313728][ T887] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.327955][ T887] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.346000][ T887] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.365253][ T887] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.484285][T19231] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5014'. [ 344.526970][T19233] netlink: 14 bytes leftover after parsing attributes in process `syz.3.5015'. [ 344.707814][ T29] audit: type=1326 audit(1764883133.900:51873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19242 comm="syz.0.5019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 345.035791][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 345.035863][T13540] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 345.147395][T19260] loop2: detected capacity change from 0 to 128 [ 345.403678][T19264] netlink: 'syz.0.5025': attribute type 4 has an invalid length. [ 345.411803][T19264] netlink: 'syz.0.5025': attribute type 4 has an invalid length. [ 345.806747][T19271] __nla_validate_parse: 1 callbacks suppressed [ 345.806769][T19271] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5027'. [ 346.978207][T19308] lo speed is unknown, defaulting to 1000 [ 347.674872][ T29] kauditd_printk_skb: 37 callbacks suppressed [ 347.674925][ T29] audit: type=1326 audit(1764883136.860:51911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19315 comm="syz.0.5045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 347.704652][ T29] audit: type=1326 audit(1764883136.860:51912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19315 comm="syz.0.5045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 347.728278][ T29] audit: type=1326 audit(1764883136.860:51913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19315 comm="syz.0.5045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 347.753156][ T29] audit: type=1326 audit(1764883136.940:51914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19315 comm="syz.0.5045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 347.776795][ T29] audit: type=1326 audit(1764883136.940:51915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19315 comm="syz.0.5045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 347.800449][ T29] audit: type=1326 audit(1764883136.940:51916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19315 comm="syz.0.5045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 347.824249][ T29] audit: type=1326 audit(1764883136.940:51917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19315 comm="syz.0.5045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 347.847863][ T29] audit: type=1326 audit(1764883136.940:51918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19315 comm="syz.0.5045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 347.871458][ T29] audit: type=1326 audit(1764883136.940:51919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19315 comm="syz.0.5045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 347.895134][ T29] audit: type=1326 audit(1764883136.940:51920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19315 comm="syz.0.5045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 348.370051][T19332] lo speed is unknown, defaulting to 1000 [ 348.678308][T19334] netlink: 'syz.0.5045': attribute type 29 has an invalid length. [ 348.750938][ T787] bio_check_eod: 287 callbacks suppressed [ 348.750953][ T787] kworker/u8:6: attempt to access beyond end of device [ 348.750953][ T787] loop2: rw=1, sector=145, nr_sectors = 8 limit=128 [ 348.775900][ T787] kworker/u8:6: attempt to access beyond end of device [ 348.775900][ T787] loop2: rw=1, sector=161, nr_sectors = 8 limit=128 [ 348.776395][T19334] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5045'. [ 348.789327][ T787] kworker/u8:6: attempt to access beyond end of device [ 348.789327][ T787] loop2: rw=1, sector=177, nr_sectors = 8 limit=128 [ 348.789390][ T787] kworker/u8:6: attempt to access beyond end of device [ 348.789390][ T787] loop2: rw=1, sector=193, nr_sectors = 8 limit=128 [ 348.789502][ T787] kworker/u8:6: attempt to access beyond end of device [ 348.789502][ T787] loop2: rw=1, sector=209, nr_sectors = 8 limit=128 [ 348.789541][ T787] kworker/u8:6: attempt to access beyond end of device [ 348.789541][ T787] loop2: rw=1, sector=225, nr_sectors = 8 limit=128 [ 348.789622][ T787] kworker/u8:6: attempt to access beyond end of device [ 348.789622][ T787] loop2: rw=1, sector=241, nr_sectors = 8 limit=128 [ 348.789664][ T787] kworker/u8:6: attempt to access beyond end of device [ 348.789664][ T787] loop2: rw=1, sector=257, nr_sectors = 8 limit=128 [ 348.789743][ T787] kworker/u8:6: attempt to access beyond end of device [ 348.789743][ T787] loop2: rw=1, sector=273, nr_sectors = 8 limit=128 [ 348.789785][ T787] kworker/u8:6: attempt to access beyond end of device [ 348.789785][ T787] loop2: rw=1, sector=289, nr_sectors = 8 limit=128 [ 348.861393][T19338] lo speed is unknown, defaulting to 1000 [ 349.055802][T19340] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 349.062353][T19340] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 349.070713][T19340] vhci_hcd vhci_hcd.0: Device attached [ 349.084400][T19341] vhci_hcd: connection closed [ 349.088664][ T3552] vhci_hcd: stop threads [ 349.097862][ T3552] vhci_hcd: release socket [ 349.102432][ T3552] vhci_hcd: disconnect device [ 349.103069][T19345] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5051'. [ 349.355415][T19357] lo speed is unknown, defaulting to 1000 [ 349.408218][T19361] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5056'. [ 349.638861][T19376] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5061'. [ 349.988268][T19381] lo speed is unknown, defaulting to 1000 [ 350.147090][T19381] loop2: detected capacity change from 0 to 128 [ 350.227115][T19381] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 350.239542][T19381] ext4 filesystem being mounted at /309/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 350.438294][T19387] netlink: 'syz.4.5062': attribute type 29 has an invalid length. [ 350.462449][T19387] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5062'. [ 350.733006][T19398] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5067'. [ 350.863933][T13959] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 351.029478][T19409] loop2: detected capacity change from 0 to 128 [ 351.186796][T19414] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 351.193415][T19414] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 351.201557][T19414] vhci_hcd vhci_hcd.0: Device attached [ 351.247382][T19415] vhci_hcd: connection closed [ 351.247789][ T1988] vhci_hcd: stop threads [ 351.256786][ T1988] vhci_hcd: release socket [ 351.261205][ T1988] vhci_hcd: disconnect device [ 351.647958][T19438] netlink: 'syz.4.5081': attribute type 13 has an invalid length. [ 352.113674][T19466] netlink: 'syz.2.5088': attribute type 4 has an invalid length. [ 352.258322][T19468] netlink: 256 bytes leftover after parsing attributes in process `syz.2.5089'. [ 352.293235][T19468] loop2: detected capacity change from 0 to 512 [ 352.328597][T19468] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 352.341424][T19468] ext4 filesystem being mounted at /315/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 352.381261][T19481] netlink: 'syz.3.5092': attribute type 13 has an invalid length. [ 352.964887][ T29] kauditd_printk_skb: 561 callbacks suppressed [ 352.964902][ T29] audit: type=1326 audit(1764883142.150:52482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19495 comm="syz.0.5098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 353.011042][T19498] netlink: 'syz.0.5099': attribute type 4 has an invalid length. [ 353.019733][ T29] audit: type=1326 audit(1764883142.150:52483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19495 comm="syz.0.5098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f56d0bee1ff code=0x7ffc0000 [ 353.043211][ T29] audit: type=1326 audit(1764883142.150:52484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19495 comm="syz.0.5098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 353.066873][ T29] audit: type=1326 audit(1764883142.170:52485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19495 comm="syz.0.5098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 353.141620][ T29] audit: type=1326 audit(1764883142.330:52486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19503 comm="syz.0.5102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 353.165797][ T29] audit: type=1326 audit(1764883142.330:52487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19503 comm="syz.0.5102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 353.189453][ T29] audit: type=1326 audit(1764883142.330:52488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19503 comm="syz.0.5102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 353.213070][ T29] audit: type=1326 audit(1764883142.330:52489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19503 comm="syz.0.5102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 353.236653][ T29] audit: type=1326 audit(1764883142.330:52490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19503 comm="syz.0.5102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 353.260268][ T29] audit: type=1326 audit(1764883142.330:52491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19503 comm="syz.0.5102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 353.296981][T19506] lo speed is unknown, defaulting to 1000 [ 354.090697][T19468] EXT4-fs error (device loop2): ext4_map_blocks:783: inode #2: block 18: comm syz.2.5089: lblock 23 mapped to illegal pblock 18 (length 1) [ 354.323131][T19515] lo speed is unknown, defaulting to 1000 [ 355.029336][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 355.358088][T19527] lo speed is unknown, defaulting to 1000 [ 355.492931][T19528] loop2: detected capacity change from 0 to 128 [ 355.702359][T19528] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 355.714574][T19528] ext4 filesystem being mounted at /316/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 356.233237][T19542] lo speed is unknown, defaulting to 1000 [ 356.622598][T19544] lo speed is unknown, defaulting to 1000 [ 357.552616][T19565] netlink: 'syz.3.5122': attribute type 13 has an invalid length. [ 357.716644][T19575] netlink: 'syz.3.5125': attribute type 13 has an invalid length. [ 357.761356][T19577] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5126'. [ 357.766313][T19571] 9pnet: Could not find request transport:  [ 357.819558][T19571] netlink: 'syz.1.5119': attribute type 29 has an invalid length. [ 357.832708][T19571] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5119'. [ 358.249856][T19588] lo speed is unknown, defaulting to 1000 [ 359.136741][T19591] lo speed is unknown, defaulting to 1000 [ 359.736412][T13959] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 359.883602][T19595] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5131'. [ 360.209243][T19613] lo speed is unknown, defaulting to 1000 [ 360.349492][T19614] netlink: 14 bytes leftover after parsing attributes in process `syz.1.5145'. [ 360.507292][ T29] kauditd_printk_skb: 267 callbacks suppressed [ 360.507308][ T29] audit: type=1326 audit(1764883149.700:52759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19619 comm="syz.1.5138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 360.581628][ T29] audit: type=1326 audit(1764883149.710:52760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19619 comm="syz.1.5138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 360.605289][ T29] audit: type=1326 audit(1764883149.710:52761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19619 comm="syz.1.5138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 360.628874][ T29] audit: type=1326 audit(1764883149.710:52762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19619 comm="syz.1.5138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 360.652463][ T29] audit: type=1326 audit(1764883149.730:52763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19619 comm="syz.1.5138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f80b55adf90 code=0x7ffc0000 [ 360.676052][ T29] audit: type=1326 audit(1764883149.730:52764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19619 comm="syz.1.5138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f80b55adf90 code=0x7ffc0000 [ 360.699621][ T29] audit: type=1326 audit(1764883149.730:52765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19619 comm="syz.1.5138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 360.723324][ T29] audit: type=1326 audit(1764883149.730:52766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19619 comm="syz.1.5138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 360.747175][ T29] audit: type=1326 audit(1764883149.730:52767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19619 comm="syz.1.5138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 360.770748][ T29] audit: type=1326 audit(1764883149.730:52768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19619 comm="syz.1.5138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 360.820410][ T4007] Bluetooth: hci0: Frame reassembly failed (-84) [ 360.955847][T19628] netlink: 'syz.3.5140': attribute type 13 has an invalid length. [ 361.206162][T19642] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5144'. [ 361.248285][T19646] lo speed is unknown, defaulting to 1000 [ 361.458125][T19652] netlink: 14 bytes leftover after parsing attributes in process `syz.4.5148'. [ 361.728545][T19668] netlink: '+}[@': attribute type 4 has an invalid length. [ 361.736923][T19668] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=19668 comm=+}[@ [ 361.750351][T19668] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 361.856014][T19671] netlink: 'syz.3.5154': attribute type 4 has an invalid length. [ 361.942721][T19676] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5156'. [ 361.966998][T19681] netlink: 'syz.3.5158': attribute type 4 has an invalid length. [ 361.980728][T19683] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5159'. [ 362.016979][T19685] netlink: 14 bytes leftover after parsing attributes in process `syz.3.5160'. [ 362.153292][T19698] netlink: '+}[@': attribute type 4 has an invalid length. [ 362.161040][T19698] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=19698 comm=+}[@ [ 362.185793][T19699] lo speed is unknown, defaulting to 1000 [ 362.419785][T19712] netlink: 'syz.0.5170': attribute type 4 has an invalid length. [ 362.492922][T19720] netlink: 'syz.0.5174': attribute type 4 has an invalid length. [ 362.857177][T19731] lo speed is unknown, defaulting to 1000 [ 362.974818][T13540] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 363.225889][T19732] 9pnet: Could not find request transport:  [ 363.271698][T19732] netlink: 'syz.3.5167': attribute type 29 has an invalid length. [ 363.326527][T19744] __nla_validate_parse: 3 callbacks suppressed [ 363.326540][T19744] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5167'. [ 363.383695][T19734] team0: Device gtp0 is of different type [ 363.594482][T19751] lo speed is unknown, defaulting to 1000 [ 363.771320][T19761] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5189'. [ 363.884952][T19774] netlink: '+}[@': attribute type 4 has an invalid length. [ 363.892840][T19774] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=19774 comm=+}[@ [ 363.908610][T19774] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 363.942186][T19782] netlink: 'syz.3.5196': attribute type 33 has an invalid length. [ 363.950057][T19782] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5196'. [ 363.984214][T19784] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5195'. [ 364.049320][T19797] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5196'. [ 364.081422][T19790] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5200'. [ 364.239629][T19816] loop2: detected capacity change from 0 to 512 [ 364.259278][T19816] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.5208: inode has both inline data and extents flags [ 364.278397][T19816] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.5208: couldn't read orphan inode 15 (err -117) [ 364.312010][T19820] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5210'. [ 364.328718][T19816] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 364.562062][T19842] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5216'. [ 364.919436][T19873] netlink: 'syz.3.5227': attribute type 13 has an invalid length. [ 365.114274][T19816] netlink: '+}[@': attribute type 4 has an invalid length. [ 365.122016][T19816] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=19816 comm=+}[@ [ 365.126107][T19882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5230'. [ 365.156120][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 365.312137][T19887] 9pnet: Could not find request transport:  [ 365.320955][T19887] netlink: 'syz.1.5217': attribute type 29 has an invalid length. [ 365.395509][T19903] lo speed is unknown, defaulting to 1000 [ 365.592267][ T29] kauditd_printk_skb: 638 callbacks suppressed [ 365.592283][ T29] audit: type=1326 audit(1764883154.780:53407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19845 comm="syz.1.5217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 365.739403][ T29] audit: type=1326 audit(1764883154.820:53408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19845 comm="syz.1.5217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 365.763118][ T29] audit: type=1326 audit(1764883154.820:53410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19845 comm="syz.1.5217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 365.786736][ T29] audit: type=1326 audit(1764883154.820:53409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19845 comm="syz.1.5217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 365.810407][ T29] audit: type=1326 audit(1764883154.820:53411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19845 comm="syz.1.5217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 365.834007][ T29] audit: type=1326 audit(1764883154.820:53412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19845 comm="syz.1.5217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 365.857654][ T29] audit: type=1326 audit(1764883154.820:53413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19845 comm="syz.1.5217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 365.881240][ T29] audit: type=1326 audit(1764883154.820:53414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19845 comm="syz.1.5217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 365.904845][ T29] audit: type=1326 audit(1764883154.820:53416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19845 comm="syz.1.5217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 365.928607][ T29] audit: type=1326 audit(1764883154.820:53415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19845 comm="syz.1.5217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 366.064776][T19917] netlink: '+}[@': attribute type 4 has an invalid length. [ 366.072306][T19917] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=19917 comm=+}[@ [ 366.218146][T19920] netlink: 'syz.0.5242': attribute type 5 has an invalid length. [ 366.226158][T19920] netlink: 'syz.0.5242': attribute type 11 has an invalid length. [ 366.553957][T19957] lo speed is unknown, defaulting to 1000 [ 366.754398][T19958] lo speed is unknown, defaulting to 1000 [ 367.495867][T19959] 9pnet: Could not find request transport:  [ 367.574234][T19968] loop2: detected capacity change from 0 to 1024 [ 367.594413][T19968] EXT4-fs: Ignoring removed nobh option [ 367.606244][T19959] netlink: 'syz.0.5250': attribute type 29 has an invalid length. [ 367.623667][T19968] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 367.638357][T19971] tipc: Can't bind to reserved service type 1 [ 367.645121][T19968] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 367.674923][T19968] EXT4-fs error (device loop2): ext4_get_journal_inode:5849: comm syz.2.5257: inode #4294967295: comm syz.2.5257: iget: illegal inode # [ 367.697498][T19968] EXT4-fs (loop2): no journal found [ 367.702756][T19968] EXT4-fs (loop2): can't get journal size [ 367.710089][T19968] EXT4-fs (loop2): failed to initialize system zone (-22) [ 367.712097][T19971] infiniband syb2: RDMA CMA: cma_listen_on_dev, error -98 [ 367.717544][T19968] EXT4-fs (loop2): mount failed [ 368.041977][T19993] lo speed is unknown, defaulting to 1000 [ 368.302846][T20002] validate_nla: 2 callbacks suppressed [ 368.302865][T20002] netlink: 'syz.0.5268': attribute type 13 has an invalid length. [ 368.444351][T20025] __nla_validate_parse: 8 callbacks suppressed [ 368.444368][T20025] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5278'. [ 368.463579][T20029] netlink: 14 bytes leftover after parsing attributes in process `syz.1.5279'. [ 368.528678][T20032] xt_hashlimit: overflow, try lower: 0/0 [ 368.535216][T20034] netlink: 'syz.3.5281': attribute type 13 has an invalid length. [ 368.666868][T20041] lo speed is unknown, defaulting to 1000 [ 368.719962][T20045] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5285'. [ 368.723757][T20046] lo speed is unknown, defaulting to 1000 [ 368.857909][T20053] 9pnet: Could not find request transport:  [ 368.909455][T20053] netlink: 'syz.4.5271': attribute type 29 has an invalid length. [ 368.945990][T20053] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5271'. [ 368.957347][T20062] netlink: 14 bytes leftover after parsing attributes in process `syz.1.5290'. [ 369.148363][T20069] loop2: detected capacity change from 0 to 512 [ 369.184518][T20069] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 369.256224][T20069] EXT4-fs (loop2): 1 truncate cleaned up [ 369.290727][T20069] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 369.642774][T20090] lo speed is unknown, defaulting to 1000 [ 370.237720][T20118] ------------[ cut here ]------------ [ 370.243335][T20118] verifier bug: REG INVARIANTS VIOLATION (false_reg1): range bounds violation u64=[0x4000000, 0x0] s64=[0x4000000, 0x0] u32=[0x4000000, 0x0] s32=[0x4000000, 0x0] var_off=(0x0, 0x0) [ 370.261313][T20118] WARNING: kernel/bpf/verifier.c:2748 at 0x0, CPU#0: syz.1.5311/20118 [ 370.269524][T20118] Modules linked in: [ 370.273584][T20118] CPU: 0 UID: 0 PID: 20118 Comm: syz.1.5311 Not tainted syzkaller #0 PREEMPT(voluntary) [ 370.283574][T20118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 370.293745][T20118] RIP: 0010:reg_bounds_sanity_check+0x27d/0x660 [ 370.300068][T20118] Code: 24 78 4c 8b 44 24 70 4c 8b 4c 24 60 41 ff 74 24 20 41 55 53 ff 74 24 68 ff 74 24 78 ff b4 24 90 00 00 00 ff b4 24 b0 00 00 00 <67> 48 0f b9 3a 48 83 c4 38 4c 8b ac 24 98 00 00 00 49 8d 85 80 08 [ 370.319865][T20118] RSP: 0018:ffffc900025973a0 EFLAGS: 00010246 [ 370.326086][T20118] RAX: ffff88810458dd10 RBX: 0000000000000000 RCX: 0000000004000000 [ 370.334153][T20118] RDX: ffffffff865ed1ed RSI: ffffffff865c1d9e RDI: ffffffff86db4b70 [ 370.342350][T20118] RBP: ffff888118ca2ae0 R08: 0000000000000000 R09: 0000000004000000 [ 370.350377][T20118] R10: 00000000000000d0 R11: 0000000000000002 R12: ffff888118ca2aa0 [ 370.358400][T20118] R13: 0000000000000000 R14: ffff888118ca2aec R15: ffff888118ca2ad8 [ 370.366491][T20118] FS: 00007f80b40176c0(0000) GS:ffff8882aeddf000(0000) knlGS:0000000000000000 [ 370.375442][T20118] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 370.382121][T20118] CR2: 00007f40496d7dac CR3: 00000001437bc000 CR4: 00000000003506f0 [ 370.390209][T20118] Call Trace: [ 370.393502][T20118] [ 370.396538][T20118] reg_set_min_max+0x21c/0x260 [ 370.401344][T20118] check_cond_jmp_op+0x1367/0x1a80 [ 370.406576][T20118] do_check+0x3347/0x81f0 [ 370.411002][T20118] do_check_common+0xccf/0x1300 [ 370.415910][T20118] bpf_check+0x2f98/0xc860 [ 370.420362][T20118] ? __alloc_frozen_pages_noprof+0x188/0x360 [ 370.426449][T20118] ? __vmap_pages_range_noflush+0xbc4/0xcf0 [ 370.432424][T20118] ? pcpu_block_update+0x232/0x3b0 [ 370.437610][T20118] ? pcpu_block_refresh_hint+0x157/0x170 [ 370.443274][T20118] ? pcpu_block_update_hint_alloc+0x63d/0x660 [ 370.449447][T20118] ? css_rstat_updated+0xb7/0x240 [ 370.454607][T20118] ? mod_memcg_state+0x182/0x270 [ 370.459592][T20118] ? __rcu_read_unlock+0x4f/0x70 [ 370.464629][T20118] ? pcpu_memcg_post_alloc_hook+0xec/0x170 [ 370.470487][T20118] ? bpf_prog_alloc+0x5b/0x150 [ 370.475295][T20118] ? pcpu_alloc_noprof+0xd0d/0x1240 [ 370.480612][T20118] ? should_fail_ex+0x30/0x280 [ 370.485475][T20118] ? should_failslab+0x8c/0xb0 [ 370.490303][T20118] ? __kmalloc_noprof+0x29f/0x590 [ 370.495349][T20118] ? security_bpf_prog_load+0x60/0x140 [ 370.500852][T20118] ? selinux_bpf_prog_load+0xad/0xd0 [ 370.506170][T20118] ? security_bpf_prog_load+0x9e/0x140 [ 370.511641][T20118] bpf_prog_load+0xf6e/0x1140 [ 370.516368][T20118] ? security_bpf+0x2b/0x90 [ 370.520964][T20118] __sys_bpf+0x469/0x7c0 [ 370.525230][T20118] __x64_sys_bpf+0x41/0x50 [ 370.529755][T20118] x64_sys_call+0x28e1/0x3000 [ 370.534454][T20118] do_syscall_64+0xd8/0x2a0 [ 370.539111][T20118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.545038][T20118] RIP: 0033:0x7f80b55af749 [ 370.549526][T20118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.569256][T20118] RSP: 002b:00007f80b4017038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 370.577724][T20118] RAX: ffffffffffffffda RBX: 00007f80b5805fa0 RCX: 00007f80b55af749 [ 370.585765][T20118] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 370.593767][T20118] RBP: 00007f80b5633f91 R08: 0000000000000000 R09: 0000000000000000 [ 370.601779][T20118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 370.609800][T20118] R13: 00007f80b5806038 R14: 00007f80b5805fa0 R15: 00007ffef58f7888 [ 370.617831][T20118] [ 370.620927][T20118] ---[ end trace 0000000000000000 ]--- [ 370.799208][ T29] kauditd_printk_skb: 797 callbacks suppressed [ 370.799225][ T29] audit: type=1326 audit(1764883159.990:54214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20117 comm="syz.1.5311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 370.849995][ T29] audit: type=1326 audit(1764883160.020:54215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20117 comm="syz.1.5311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 371.217856][T20136] lo speed is unknown, defaulting to 1000 [ 371.465854][ T29] audit: type=1326 audit(1764883160.650:54216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20141 comm="syz.0.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 371.518306][ T29] audit: type=1326 audit(1764883160.660:54217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20141 comm="syz.0.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 371.541982][ T29] audit: type=1326 audit(1764883160.660:54218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20141 comm="syz.0.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 371.565699][ T29] audit: type=1326 audit(1764883160.660:54219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20141 comm="syz.0.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 371.589393][ T29] audit: type=1326 audit(1764883160.660:54220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20141 comm="syz.0.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 371.613108][ T29] audit: type=1326 audit(1764883160.660:54221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20141 comm="syz.0.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 371.636824][ T29] audit: type=1326 audit(1764883160.660:54222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20141 comm="syz.0.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 371.660435][ T29] audit: type=1326 audit(1764883160.660:54223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20141 comm="syz.0.5320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f56d0bef749 code=0x7ffc0000 [ 371.727340][T20151] netlink: 'syz.3.5324': attribute type 4 has an invalid length. [ 371.846221][T20151] netlink: 'syz.3.5324': attribute type 4 has an invalid length. [ 371.856757][ T3486] lo speed is unknown, defaulting to 1000 [ 371.862552][ T3486] syz2: Port: 1 Link ACTIVE [ 372.013877][T20155] lo speed is unknown, defaulting to 1000 [ 372.696331][T20163] lo speed is unknown, defaulting to 1000 [ 373.509324][T20177] lo speed is unknown, defaulting to 1000 [ 373.584434][T20178] 9pnet: Could not find request transport:  [ 373.652257][T20178] netlink: 'syz.3.5331': attribute type 29 has an invalid length. [ 373.676949][T20178] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5331'. [ 373.873307][T20185] team0: Device gtp0 is of different type [ 374.296557][T20196] team0: Device gtp0 is of different type [ 374.571764][T20205] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5341'. [ 374.672899][T20206] lo speed is unknown, defaulting to 1000 [ 375.012675][T20211] netlink: 52 bytes leftover after parsing attributes in process `syz.3.5343'. [ 375.715014][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 375.868036][T20248] loop2: detected capacity change from 0 to 1024 [ 375.906427][T20248] EXT4-fs: Ignoring removed nobh option [ 375.912559][T20248] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 375.931176][T20248] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 375.951245][T20248] EXT4-fs error (device loop2): ext4_get_journal_inode:5849: comm syz.2.5354: inode #4294967295: comm syz.2.5354: iget: illegal inode # [ 375.983714][T20248] EXT4-fs (loop2): no journal found [ 375.989010][T20248] EXT4-fs (loop2): can't get journal size [ 376.007136][T20248] EXT4-fs (loop2): failed to initialize system zone (-22) [ 376.023447][T20248] EXT4-fs (loop2): mount failed [ 376.057081][T20248] netlink: 'syz.2.5354': attribute type 13 has an invalid length. [ 376.247332][T20258] loop2: detected capacity change from 0 to 1024 [ 376.256298][T20258] EXT4-fs: Ignoring removed nobh option [ 376.275797][T20258] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 376.307232][T20258] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 376.386211][T20258] EXT4-fs error (device loop2): ext4_get_journal_inode:5849: comm syz.2.5357: inode #4294967295: comm syz.2.5357: iget: illegal inode # [ 376.456098][T20258] EXT4-fs (loop2): no journal found [ 376.461403][T20258] EXT4-fs (loop2): can't get journal size [ 376.475657][T20264] netlink: 'syz.1.5359': attribute type 4 has an invalid length. [ 376.501349][T20264] netlink: 'syz.1.5359': attribute type 4 has an invalid length. [ 376.526748][T20258] EXT4-fs (loop2): failed to initialize system zone (-22) [ 376.533911][T20258] EXT4-fs (loop2): mount failed [ 376.625932][ T29] kauditd_printk_skb: 257 callbacks suppressed [ 376.625949][ T29] audit: type=1326 audit(1764883165.810:54481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20267 comm="syz.3.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404947f749 code=0x7ffc0000 [ 376.655774][ T29] audit: type=1326 audit(1764883165.810:54482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20267 comm="syz.3.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404947f749 code=0x7ffc0000 [ 376.679579][ T29] audit: type=1326 audit(1764883165.810:54483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20267 comm="syz.3.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404947f749 code=0x7ffc0000 [ 376.703143][ T29] audit: type=1326 audit(1764883165.810:54484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20267 comm="syz.3.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f404947f749 code=0x7ffc0000 [ 376.726752][ T29] audit: type=1326 audit(1764883165.810:54485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20267 comm="syz.3.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404947f749 code=0x7ffc0000 [ 376.750424][ T29] audit: type=1326 audit(1764883165.810:54486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20267 comm="syz.3.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404947f749 code=0x7ffc0000 [ 376.774080][ T29] audit: type=1326 audit(1764883165.810:54487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20267 comm="syz.3.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404947f749 code=0x7ffc0000 [ 376.797761][ T29] audit: type=1326 audit(1764883165.810:54488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20267 comm="syz.3.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f404947f749 code=0x7ffc0000 [ 376.821493][ T29] audit: type=1326 audit(1764883165.810:54489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20267 comm="syz.3.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404947f749 code=0x7ffc0000 [ 376.845122][ T29] audit: type=1326 audit(1764883165.810:54490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20267 comm="syz.3.5360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f404947f749 code=0x7ffc0000 [ 376.846222][T20258] netlink: 'syz.2.5357': attribute type 13 has an invalid length. [ 377.040602][T20279] netlink: '+}[@': attribute type 4 has an invalid length. [ 377.071024][T20279] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=20279 comm=+}[@ [ 377.144139][T20279] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 377.620981][T20300] lo speed is unknown, defaulting to 1000 [ 378.051655][T20309] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5373'. [ 378.085704][T20310] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5371'. [ 378.219629][T20314] netlink: 14 bytes leftover after parsing attributes in process `syz.2.5375'. [ 378.439239][T20327] loop2: detected capacity change from 0 to 512 [ 378.466067][T20327] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 378.476771][T20323] netlink: '+}[@': attribute type 4 has an invalid length. [ 378.485492][T20327] ext4 filesystem being mounted at /353/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 378.511530][T20326] lo speed is unknown, defaulting to 1000 [ 378.523094][T20323] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=20323 comm=+}[@ [ 378.535906][T20323] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 378.760029][T20342] lo speed is unknown, defaulting to 1000 [ 379.397375][T20359] 9pnet: Could not find request transport:  [ 379.423064][T20359] netlink: 'syz.4.5383': attribute type 29 has an invalid length. [ 379.443493][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 379.502006][T20359] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5383'. [ 379.556182][T20363] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5390'. [ 379.754916][T20381] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5398'. [ 379.790100][T20383] loop2: detected capacity change from 0 to 1024 [ 379.797077][T20383] EXT4-fs: Ignoring removed nobh option [ 379.802952][T20383] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 379.819866][T20383] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 379.830487][T20383] EXT4-fs error (device loop2): ext4_get_journal_inode:5849: comm syz.2.5400: inode #4294967295: comm syz.2.5400: iget: illegal inode # [ 379.866158][T20383] EXT4-fs (loop2): no journal found [ 379.871411][T20383] EXT4-fs (loop2): can't get journal size [ 379.889568][T20383] EXT4-fs (loop2): failed to initialize system zone (-22) [ 379.898941][T20383] EXT4-fs (loop2): mount failed [ 379.907120][T20383] netlink: 'syz.2.5400': attribute type 13 has an invalid length. [ 379.947692][T20392] netlink: 14 bytes leftover after parsing attributes in process `syz.4.5402'. [ 380.005614][T20397] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5404'. [ 380.190765][T20414] loop2: detected capacity change from 0 to 128 [ 380.212965][T20418] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5410'. [ 380.562604][T20428] netlink: 'syz.3.5414': attribute type 13 has an invalid length. [ 380.572653][ T4276] lo speed is unknown, defaulting to 1000 [ 380.578515][ T4276] syz2: Port: 1 Link DOWN [ 381.523463][T20456] netlink: 'syz.3.5426': attribute type 13 has an invalid length. [ 381.602844][T20460] netlink: 14 bytes leftover after parsing attributes in process `syz.3.5428'. [ 381.636082][ T12] bio_check_eod: 102 callbacks suppressed [ 381.636097][ T12] kworker/u8:0: attempt to access beyond end of device [ 381.636097][ T12] loop2: rw=1, sector=145, nr_sectors = 8 limit=128 [ 381.659819][ T12] kworker/u8:0: attempt to access beyond end of device [ 381.659819][ T12] loop2: rw=1, sector=161, nr_sectors = 8 limit=128 [ 381.674299][ T12] kworker/u8:0: attempt to access beyond end of device [ 381.674299][ T12] loop2: rw=1, sector=177, nr_sectors = 8 limit=128 [ 381.688694][ T29] kauditd_printk_skb: 468 callbacks suppressed [ 381.688708][ T29] audit: type=1326 audit(1764883170.880:54959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20446 comm="syz.4.5423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 381.718604][ T29] audit: type=1326 audit(1764883170.880:54960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20465 comm="syz.1.5432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 381.742274][ T29] audit: type=1326 audit(1764883170.880:54961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20446 comm="syz.4.5423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 381.745883][ T12] kworker/u8:0: attempt to access beyond end of device [ 381.745883][ T12] loop2: rw=1, sector=193, nr_sectors = 8 limit=128 [ 381.765933][ T29] audit: type=1326 audit(1764883170.880:54962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20446 comm="syz.4.5423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbeed95f783 code=0x7ffc0000 [ 381.802755][ T29] audit: type=1326 audit(1764883170.880:54963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20446 comm="syz.4.5423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fbeed95f807 code=0x7ffc0000 [ 381.826269][ T29] audit: type=1326 audit(1764883170.880:54964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20446 comm="syz.4.5423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fbeed916bdd code=0x7ffc0000 [ 381.839557][ T12] kworker/u8:0: attempt to access beyond end of device [ 381.839557][ T12] loop2: rw=1, sector=209, nr_sectors = 8 limit=128 [ 381.849935][ T29] audit: type=1326 audit(1764883170.880:54965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20446 comm="syz.4.5423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fbeed993e89 code=0x7ffc0000 [ 381.886693][ T29] audit: type=1326 audit(1764883170.880:54966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20446 comm="syz.4.5423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fbeed916c47 code=0x7ffc0000 [ 381.910234][ T29] audit: type=1326 audit(1764883170.880:54967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20446 comm="syz.4.5423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 381.913543][ T12] kworker/u8:0: attempt to access beyond end of device [ 381.913543][ T12] loop2: rw=1, sector=225, nr_sectors = 8 limit=128 [ 381.933906][ T29] audit: type=1326 audit(1764883170.880:54968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20446 comm="syz.4.5423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 381.986829][ T12] kworker/u8:0: attempt to access beyond end of device [ 381.986829][ T12] loop2: rw=1, sector=241, nr_sectors = 8 limit=128 [ 382.000321][ T12] kworker/u8:0: attempt to access beyond end of device [ 382.000321][ T12] loop2: rw=1, sector=257, nr_sectors = 8 limit=128 [ 382.012942][T20467] 9pnet: Could not find request transport:  [ 382.013686][ T12] kworker/u8:0: attempt to access beyond end of device [ 382.013686][ T12] loop2: rw=1, sector=273, nr_sectors = 8 limit=128 [ 382.013722][ T12] kworker/u8:0: attempt to access beyond end of device [ 382.013722][ T12] loop2: rw=1, sector=289, nr_sectors = 8 limit=128 [ 382.055033][T20469] netlink: 'syz.4.5423': attribute type 29 has an invalid length. [ 382.077157][T20474] netlink: 'syz.3.5433': attribute type 4 has an invalid length. [ 382.086447][T20474] netlink: 'syz.3.5433': attribute type 4 has an invalid length. [ 382.096442][ T10] lo speed is unknown, defaulting to 1000 [ 382.102219][ T10] syz2: Port: 1 Link ACTIVE [ 382.108764][T20467] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5423'. [ 382.245705][T20483] loop2: detected capacity change from 0 to 1024 [ 382.452323][T20483] EXT4-fs: Ignoring removed nobh option [ 382.471876][T20490] netlink: 'syz.1.5432': attribute type 29 has an invalid length. [ 382.481294][T20483] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 382.490751][T20484] 9pnet: Could not find request transport:  [ 382.663894][T20492] lo speed is unknown, defaulting to 1000 [ 382.825308][T20494] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5432'. [ 382.876103][T20483] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 382.982689][T20483] EXT4-fs error (device loop2): ext4_get_journal_inode:5849: comm syz.2.5437: inode #4294967295: comm syz.2.5437: iget: illegal inode # [ 383.039010][T20503] netlink: 14 bytes leftover after parsing attributes in process `syz.3.5440'. [ 383.078999][T20483] EXT4-fs (loop2): no journal found [ 383.084246][T20483] EXT4-fs (loop2): can't get journal size [ 383.154085][T20483] EXT4-fs (loop2): failed to initialize system zone (-22) [ 383.169153][T20483] EXT4-fs (loop2): mount failed [ 383.182889][T20483] netlink: 'syz.2.5437': attribute type 13 has an invalid length. [ 383.264895][ T4276] lo speed is unknown, defaulting to 1000 [ 383.270717][ T4276] syz2: Port: 1 Link DOWN [ 383.276443][T20510] netlink: '+}[@': attribute type 4 has an invalid length. [ 383.316336][T20510] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=20510 comm=+}[@ [ 383.652270][T20532] lo speed is unknown, defaulting to 1000 [ 384.531174][T20564] loop2: detected capacity change from 0 to 512 [ 384.594696][T20566] lo speed is unknown, defaulting to 1000 [ 384.799433][T20564] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.5460: inode has both inline data and extents flags [ 384.841902][T20564] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.5460: couldn't read orphan inode 15 (err -117) [ 384.920347][T20564] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 386.039055][T20591] team0: Device gtp0 is of different type [ 386.772988][ T29] kauditd_printk_skb: 558 callbacks suppressed [ 386.773003][ T29] audit: type=1400 audit(1764883175.960:55527): avc: denied { bind } for pid=20610 comm="syz.1.5474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 386.817289][ T29] audit: type=1400 audit(1764883175.960:55528): avc: denied { write } for pid=20610 comm="syz.1.5474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 386.848273][T20615] validate_nla: 3 callbacks suppressed [ 386.848332][T20615] netlink: 'syz.1.5474': attribute type 1 has an invalid length. [ 387.007370][T20622] __nla_validate_parse: 3 callbacks suppressed [ 387.007406][T20622] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5476'. [ 387.147307][ T29] audit: type=1326 audit(1764883176.340:55529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20624 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 387.217570][T20564] netlink: '+}[@': attribute type 4 has an invalid length. [ 387.227884][T20564] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=20564 comm=+}[@ [ 387.243818][ T29] audit: type=1326 audit(1764883176.340:55530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20624 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 387.268028][ T29] audit: type=1326 audit(1764883176.340:55531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20624 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f80b55adf90 code=0x7ffc0000 [ 387.291797][ T29] audit: type=1326 audit(1764883176.340:55532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20624 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f80b55adf90 code=0x7ffc0000 [ 387.296289][T20564] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 387.315464][ T29] audit: type=1326 audit(1764883176.340:55533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20624 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 387.347558][ T29] audit: type=1326 audit(1764883176.340:55534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20624 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 387.371115][ T29] audit: type=1326 audit(1764883176.340:55535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20624 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 387.394747][ T29] audit: type=1326 audit(1764883176.340:55536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20624 comm="syz.1.5477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 387.527697][T20631] lo speed is unknown, defaulting to 1000 [ 387.543893][T20636] netlink: 14 bytes leftover after parsing attributes in process `syz.0.5480'. [ 388.144081][T20664] lo speed is unknown, defaulting to 1000 [ 388.222836][T20661] team0: Device gtp1 is of different type [ 388.762595][T20668] netlink: '+}[@': attribute type 4 has an invalid length. [ 388.792349][T20668] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=20668 comm=+}[@ [ 388.816165][T20668] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 389.215246][T20694] netlink: 'syz.1.5500': attribute type 13 has an invalid length. [ 389.323727][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 389.349146][T20703] netlink: '+}[@': attribute type 4 has an invalid length. [ 389.356867][T20703] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=20703 comm=+}[@ [ 389.369611][T20703] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 389.476758][T20710] netlink: 'syz.2.5506': attribute type 1 has an invalid length. [ 389.988012][T20735] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5516'. [ 390.058503][T20743] netlink: 'syz.1.5518': attribute type 4 has an invalid length. [ 390.082778][T20743] netlink: 'syz.1.5518': attribute type 4 has an invalid length. [ 390.950008][T20762] netlink: '+}[@': attribute type 4 has an invalid length. [ 390.957730][T20762] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=20762 comm=+}[@ [ 390.970478][T20762] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 391.015963][T20766] netlink: 'syz.3.5526': attribute type 13 has an invalid length. [ 391.322614][T20777] team0: Device gtp0 is of different type [ 392.182038][ T29] kauditd_printk_skb: 152 callbacks suppressed [ 392.182146][ T29] audit: type=1326 audit(1764883181.370:55689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20787 comm="syz.4.5533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 392.232347][ T29] audit: type=1326 audit(1764883181.410:55690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20787 comm="syz.4.5533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbeed95f783 code=0x7ffc0000 [ 392.255926][ T29] audit: type=1326 audit(1764883181.410:55691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20787 comm="syz.4.5533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fbeed95f807 code=0x7ffc0000 [ 392.279422][ T29] audit: type=1326 audit(1764883181.410:55692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20787 comm="syz.4.5533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fbeed916bdd code=0x7ffc0000 [ 392.302884][ T29] audit: type=1326 audit(1764883181.410:55693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20787 comm="syz.4.5533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fbeed993e89 code=0x7ffc0000 [ 392.326485][ T29] audit: type=1326 audit(1764883181.410:55694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20787 comm="syz.4.5533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fbeed916c47 code=0x7ffc0000 [ 392.350120][ T29] audit: type=1326 audit(1764883181.410:55695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20787 comm="syz.4.5533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 392.373782][ T29] audit: type=1326 audit(1764883181.410:55696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20787 comm="syz.4.5533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7fbeed916357 code=0x7ffc0000 [ 392.397411][ T29] audit: type=1326 audit(1764883181.410:55697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20787 comm="syz.4.5533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 392.420957][ T29] audit: type=1326 audit(1764883181.410:55698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20787 comm="syz.4.5533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fbeed9163b6 code=0x7ffc0000 [ 392.464389][T20798] 9pnet: Could not find request transport:  [ 392.499366][T20798] validate_nla: 1 callbacks suppressed [ 392.499393][T20798] netlink: 'syz.4.5533': attribute type 29 has an invalid length. [ 392.557848][T20798] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5533'. [ 392.733932][T20809] netlink: '+}[@': attribute type 4 has an invalid length. [ 392.741548][T20809] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=20809 comm=+}[@ [ 392.754453][T20809] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 392.843573][T20815] netlink: 'syz.3.5541': attribute type 13 has an invalid length. [ 393.031839][T20823] netlink: 14 bytes leftover after parsing attributes in process `syz.3.5544'. [ 393.109310][T20824] lo speed is unknown, defaulting to 1000 [ 393.586244][T20827] team0: Device gtp0 is of different type [ 393.911558][T20839] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5550'. [ 393.991947][T20852] netlink: 'syz.4.5553': attribute type 13 has an invalid length. [ 394.224030][T20872] netlink: 'syz.0.5560': attribute type 1 has an invalid length. [ 394.325816][T20875] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5562'. [ 394.522445][T20888] netlink: 'syz.0.5566': attribute type 13 has an invalid length. [ 394.794317][T20905] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5574'. [ 395.315580][T20886] lo speed is unknown, defaulting to 1000 [ 395.335516][T20931] netlink: 'syz.0.5581': attribute type 13 has an invalid length. [ 395.467182][T20936] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5583'. [ 395.522570][T20937] 9pnet: Could not find request transport:  [ 395.535189][T20886] chnl_net:caif_netlink_parms(): no params data found [ 395.545125][T20937] netlink: 'syz.2.5576': attribute type 29 has an invalid length. [ 395.590724][T20937] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5576'. [ 395.615557][T20941] 9pnet: Could not find request transport:  [ 395.629662][T20886] bridge0: port 1(bridge_slave_0) entered blocking state [ 395.636813][T20886] bridge0: port 1(bridge_slave_0) entered disabled state [ 395.649776][T20886] bridge_slave_0: entered allmulticast mode [ 395.667151][T20886] bridge_slave_0: entered promiscuous mode [ 395.674058][T20886] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.681244][T20886] bridge0: port 2(bridge_slave_1) entered disabled state [ 395.696414][T20886] bridge_slave_1: entered allmulticast mode [ 395.708300][T20941] netlink: 'syz.1.5578': attribute type 29 has an invalid length. [ 395.717221][T20886] bridge_slave_1: entered promiscuous mode [ 395.731419][T20941] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5578'. [ 395.751031][T20886] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 395.765356][T20886] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 395.788725][T20886] team0: Port device team_slave_0 added [ 395.800137][T20886] team0: Port device team_slave_1 added [ 396.017895][T20886] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 396.024880][T20886] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 396.050803][T20886] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 396.143050][T20886] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 396.150138][T20886] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 396.176180][T20886] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 396.194195][T20955] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5586'. [ 396.264222][T20886] hsr_slave_0: entered promiscuous mode [ 396.291925][T20886] hsr_slave_1: entered promiscuous mode [ 396.385416][T20966] netlink: 'syz.2.5590': attribute type 4 has an invalid length. [ 396.957001][T20968] lo speed is unknown, defaulting to 1000 [ 397.275696][T20977] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 397.555255][T20994] validate_nla: 2 callbacks suppressed [ 397.555272][T20994] netlink: '+}[@': attribute type 4 has an invalid length. [ 397.569342][T20994] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=20994 comm=+}[@ [ 397.586139][T20994] __nla_validate_parse: 1 callbacks suppressed [ 397.586158][T20994] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 397.601859][T20886] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 397.615606][T20886] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 397.622580][ T29] kauditd_printk_skb: 831 callbacks suppressed [ 397.622597][ T29] audit: type=1326 audit(1764883186.810:56530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20991 comm="syz.4.5597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 397.652559][ T29] audit: type=1326 audit(1764883186.810:56531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20991 comm="syz.4.5597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbeed95df90 code=0x7ffc0000 [ 397.676160][ T29] audit: type=1326 audit(1764883186.810:56532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20991 comm="syz.4.5597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbeed95df90 code=0x7ffc0000 [ 397.699761][ T29] audit: type=1326 audit(1764883186.810:56533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20991 comm="syz.4.5597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 397.723340][ T29] audit: type=1326 audit(1764883186.810:56534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20991 comm="syz.4.5597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 397.746872][ T29] audit: type=1326 audit(1764883186.810:56535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20991 comm="syz.4.5597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 397.770455][ T29] audit: type=1326 audit(1764883186.810:56536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20991 comm="syz.4.5597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 397.794067][ T29] audit: type=1326 audit(1764883186.810:56537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20991 comm="syz.4.5597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 397.817696][ T29] audit: type=1326 audit(1764883186.810:56538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20991 comm="syz.4.5597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 397.841282][ T29] audit: type=1326 audit(1764883186.810:56539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20991 comm="syz.4.5597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeed95f749 code=0x7ffc0000 [ 397.867639][T20886] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 397.886056][T20886] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 397.903373][ T12] bridge_slave_1: left allmulticast mode [ 397.909252][ T12] bridge_slave_1: left promiscuous mode [ 397.914900][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 397.930264][ T12] bridge_slave_0: left allmulticast mode [ 397.936058][ T12] bridge_slave_0: left promiscuous mode [ 397.941858][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 397.987784][T21009] loop2: detected capacity change from 0 to 512 [ 398.014260][T21013] netlink: 'syz.1.5599': attribute type 1 has an invalid length. [ 398.051068][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 398.083691][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 398.101327][ T12] bond0 (unregistering): Released all slaves [ 398.147862][T21036] loop2: detected capacity change from 0 to 512 [ 398.160956][T21036] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.5608: inode has both inline data and extents flags [ 398.162821][T21033] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5607'. [ 398.179090][T20886] 8021q: adding VLAN 0 to HW filter on device bond0 [ 398.190789][T21036] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.5608: couldn't read orphan inode 15 (err -117) [ 398.203390][T21036] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 398.223878][T21036] netlink: '+}[@': attribute type 4 has an invalid length. [ 398.237342][T20886] 8021q: adding VLAN 0 to HW filter on device team0 [ 398.258938][ T787] bridge0: port 1(bridge_slave_0) entered blocking state [ 398.266005][ T787] bridge0: port 1(bridge_slave_0) entered forwarding state [ 398.284959][ T787] bridge0: port 2(bridge_slave_1) entered blocking state [ 398.292116][ T787] bridge0: port 2(bridge_slave_1) entered forwarding state [ 398.292529][T21043] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=21043 comm=syz.2.5608 [ 398.350748][T21036] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 398.371020][ T12] team0 (unregistering): Port device team_slave_1 removed [ 398.387507][ T12] team0 (unregistering): Port device team_slave_0 removed [ 398.445211][T20886] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 398.455616][T20886] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 398.458725][T21054] netlink: 'syz.4.5612': attribute type 13 has an invalid length. [ 398.496840][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 398.524221][T20886] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 398.538270][T21061] netlink: 'syz.0.5614': attribute type 13 has an invalid length. [ 398.568882][T21065] loop2: detected capacity change from 0 to 1024 [ 398.584632][T21073] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5616'. [ 398.600821][T21065] EXT4-fs: test_dummy_encryption option not supported [ 398.642212][T20886] veth0_vlan: entered promiscuous mode [ 398.660117][T20886] veth1_vlan: entered promiscuous mode [ 398.707327][T20886] veth0_macvtap: entered promiscuous mode [ 398.722929][T20886] veth1_macvtap: entered promiscuous mode [ 398.729759][T21085] netlink: 256 bytes leftover after parsing attributes in process `syz.2.5620'. [ 398.744870][T20886] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 398.762031][T21085] loop2: detected capacity change from 0 to 512 [ 398.770575][T20886] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 398.782784][ T787] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.793514][T21085] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 398.806389][T21085] ext4 filesystem being mounted at /393/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 398.818702][ T787] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.840864][T21097] netlink: '+}[@': attribute type 4 has an invalid length. [ 398.848512][T21097] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=21097 comm=+}[@ [ 398.861502][T21097] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 398.872666][ T787] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.899588][T21085] EXT4-fs error (device loop2): ext4_map_blocks:783: inode #2: block 18: comm syz.2.5620: lblock 23 mapped to illegal pblock 18 (length 1) [ 398.918931][ T787] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.042599][T21102] loop3: detected capacity change from 0 to 512 [ 399.057212][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 399.067143][T21102] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 399.126471][T21102] EXT4-fs (loop3): 1 truncate cleaned up [ 399.132993][T21102] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 399.388285][T20886] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 399.425422][T21112] netlink: 'syz.2.5624': attribute type 1 has an invalid length. [ 399.614132][T21131] loop2: detected capacity change from 0 to 128 [ 399.740794][T21134] netlink: 'syz.3.5634': attribute type 1 has an invalid length. [ 399.964770][T21155] FAULT_INJECTION: forcing a failure. [ 399.964770][T21155] name failslab, interval 1, probability 0, space 0, times 0 [ 399.977560][T21155] CPU: 1 UID: 0 PID: 21155 Comm: syz.2.5640 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 399.977593][T21155] Tainted: [W]=WARN [ 399.977601][T21155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 399.977618][T21155] Call Trace: [ 399.977626][T21155] [ 399.977635][T21155] __dump_stack+0x1d/0x30 [ 399.977691][T21155] dump_stack_lvl+0xe8/0x140 [ 399.977761][T21155] dump_stack+0x15/0x1b [ 399.977785][T21155] should_fail_ex+0x265/0x280 [ 399.977828][T21155] should_failslab+0x8c/0xb0 [ 399.977942][T21155] kmem_cache_alloc_noprof+0x50/0x4a0 [ 399.977985][T21155] ? audit_log_start+0x342/0x720 [ 399.978025][T21155] audit_log_start+0x342/0x720 [ 399.978121][T21155] ? kstrtouint+0x76/0xc0 [ 399.978157][T21155] audit_seccomp+0x48/0x100 [ 399.978250][T21155] ? __seccomp_filter+0x832/0x1260 [ 399.978314][T21155] __seccomp_filter+0x843/0x1260 [ 399.978348][T21155] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 399.978399][T21155] ? vfs_write+0x7e8/0x960 [ 399.978448][T21155] ? __rcu_read_unlock+0x4f/0x70 [ 399.978473][T21155] ? __fget_files+0x184/0x1c0 [ 399.978548][T21155] __secure_computing+0x82/0x150 [ 399.978579][T21155] syscall_trace_enter+0xcf/0x1e0 [ 399.978609][T21155] do_syscall_64+0xb2/0x2a0 [ 399.978641][T21155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.978688][T21155] RIP: 0033:0x7f46ddcff749 [ 399.978706][T21155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 399.978728][T21155] RSP: 002b:00007f46dc746038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 399.978750][T21155] RAX: ffffffffffffffda RBX: 00007f46ddf56090 RCX: 00007f46ddcff749 [ 399.978766][T21155] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff [ 399.978822][T21155] RBP: 00007f46dc746090 R08: 0000000000000044 R09: 0000000000000012 [ 399.978838][T21155] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 399.978922][T21155] R13: 00007f46ddf56128 R14: 00007f46ddf56090 R15: 00007ffc3bd8f518 [ 399.978940][T21155] [ 400.436745][T21176] netlink: 'syz.0.5649': attribute type 13 has an invalid length. [ 400.479783][T21181] netlink: 'syz.4.5648': attribute type 1 has an invalid length. [ 400.501617][T21179] 9pnet: Could not find request transport:  [ 400.566510][T21188] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=21188 comm=+}[@ [ 400.579295][T21179] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5638'. [ 400.579314][T21188] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 401.255206][T21226] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=21226 comm=+}[@ [ 401.273450][T21226] netlink: 48 bytes leftover after parsing attributes in process `+}[@'. [ 401.373213][T21233] netlink: 14 bytes leftover after parsing attributes in process `syz.1.5668'. [ 401.482765][T21232] syzkaller0: entered promiscuous mode [ 401.488467][T21232] syzkaller0: entered allmulticast mode [ 401.987540][T21263] loop3: detected capacity change from 0 to 512 [ 402.023570][T21263] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.5678: inode has both inline data and extents flags [ 402.076014][T21263] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.5678: couldn't read orphan inode 15 (err -117) [ 402.104211][T21263] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 402.133931][T21267] 9pnet: Could not find request transport:  [ 402.774126][T21263] validate_nla: 5 callbacks suppressed [ 402.774143][T21263] netlink: '+}[@': attribute type 4 has an invalid length. [ 402.796837][ T29] kauditd_printk_skb: 770 callbacks suppressed [ 402.796851][ T29] audit: type=1326 audit(1764883191.990:57308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21276 comm="syz.2.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 402.842692][T21263] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=36641 sclass=netlink_route_socket pid=21263 comm=+}[@ [ 402.859692][T21281] __nla_validate_parse: 2 callbacks suppressed [ 402.859785][T21281] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5684'. [ 402.895162][ T29] audit: type=1326 audit(1764883192.020:57309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21276 comm="syz.2.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 402.918837][ T29] audit: type=1326 audit(1764883192.020:57310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21276 comm="syz.2.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 402.942447][ T29] audit: type=1326 audit(1764883192.020:57311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21276 comm="syz.2.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 402.966310][ T29] audit: type=1326 audit(1764883192.020:57312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21276 comm="syz.2.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f46ddcfdf90 code=0x7ffc0000 [ 402.989982][ T29] audit: type=1326 audit(1764883192.020:57313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21276 comm="syz.2.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 403.013634][ T29] audit: type=1326 audit(1764883192.020:57314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21276 comm="syz.2.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 403.037349][ T29] audit: type=1326 audit(1764883192.020:57315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21276 comm="syz.2.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 403.061163][ T29] audit: type=1326 audit(1764883192.020:57316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21276 comm="syz.2.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 403.084698][ T29] audit: type=1326 audit(1764883192.020:57317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21276 comm="syz.2.5682" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 403.137184][T21283] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5684'. [ 403.229849][T20886] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 403.594462][T21289] syzkaller0: entered promiscuous mode [ 403.600210][T21289] syzkaller0: entered allmulticast mode [ 403.931699][T21325] netlink: 'syz.0.5696': attribute type 13 has an invalid length. [ 404.155998][T21341] netlink: 'syz.3.5703': attribute type 1 has an invalid length. [ 404.359120][T21339] team0: Device gtp1 is of different type [ 404.590325][T21366] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5710'. [ 404.613493][T21366] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 404.621184][T21366] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 404.630499][T21366] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 404.638205][T21366] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 404.760038][T21382] netlink: 14 bytes leftover after parsing attributes in process `syz.4.5717'. [ 405.009442][T21392] loop3: detected capacity change from 0 to 512 [ 405.016812][T21392] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 405.028575][T21392] EXT4-fs (loop3): 1 truncate cleaned up [ 405.034529][T21392] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 405.280418][T21395] netlink: 'syz.2.5714': attribute type 29 has an invalid length. [ 405.293135][T21395] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5714'. [ 405.811314][T20886] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 405.877311][T21409] netlink: 256 bytes leftover after parsing attributes in process `syz.2.5724'. [ 405.921601][T21409] loop2: detected capacity change from 0 to 512 [ 406.000564][T21409] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 406.054370][T21409] ext4 filesystem being mounted at /407/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 406.075539][T21403] EXT4-fs error (device loop2): ext4_map_blocks:783: inode #2: block 18: comm syz.2.5724: lblock 23 mapped to illegal pblock 18 (length 1) [ 406.286697][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 406.552663][T21425] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5729'. [ 406.741475][T21383] chnl_net:caif_netlink_parms(): no params data found [ 406.816004][T21443] loop3: detected capacity change from 0 to 512 [ 406.816202][T21438] loop2: detected capacity change from 0 to 1024 [ 406.840736][T21438] EXT4-fs: test_dummy_encryption option not supported [ 406.868815][T21443] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 406.908384][T21383] bridge0: port 1(bridge_slave_0) entered blocking state [ 406.915544][T21383] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.925319][T21443] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 406.945815][T21383] bridge_slave_0: entered allmulticast mode [ 406.960001][T21383] bridge_slave_0: entered promiscuous mode [ 406.980122][T21383] bridge0: port 2(bridge_slave_1) entered blocking state [ 406.987213][T21383] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.995644][T21383] bridge_slave_1: entered allmulticast mode [ 407.016462][T21383] bridge_slave_1: entered promiscuous mode [ 407.063025][T20886] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 407.081008][T21383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 407.091794][T21383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 407.119118][T21383] team0: Port device team_slave_0 added [ 407.144397][T21383] team0: Port device team_slave_1 added [ 407.198752][T21383] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 407.205745][T21383] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 407.231686][T21383] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 407.258964][T21383] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 407.265972][T21383] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 407.291947][T21383] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 407.305873][T21464] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5740'. [ 407.349271][T21383] hsr_slave_0: entered promiscuous mode [ 407.355350][T21383] hsr_slave_1: entered promiscuous mode [ 407.361958][T21383] debugfs: 'hsr0' already exists in 'hsr' [ 407.367748][T21383] Cannot create hsr debugfs directory [ 407.380399][T21467] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5741'. [ 407.514333][T21480] netlink: 'syz.3.5745': attribute type 1 has an invalid length. [ 407.537266][T21473] netlink: 'syz.4.5733': attribute type 29 has an invalid length. [ 407.550133][T21473] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5733'. [ 407.637007][T21491] syzkaller0: entered promiscuous mode [ 407.642534][T21491] syzkaller0: entered allmulticast mode [ 407.694146][ T12] bridge_slave_1: left allmulticast mode [ 407.699901][ T12] bridge_slave_1: left promiscuous mode [ 407.705575][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.716197][ T12] bridge_slave_0: left allmulticast mode [ 407.721949][ T12] bridge_slave_0: left promiscuous mode [ 407.727752][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.807595][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 407.819517][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 407.896627][ T12] bond0 (unregistering): Released all slaves [ 407.982779][T21511] netlink: 14 bytes leftover after parsing attributes in process `syz.3.5759'. [ 408.006150][T21511] hsr_slave_0: left promiscuous mode [ 408.018452][T21511] hsr_slave_1: left promiscuous mode [ 408.027950][ T29] kauditd_printk_skb: 798 callbacks suppressed [ 408.027966][ T29] audit: type=1326 audit(1764883197.220:58116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21514 comm="syz.2.5760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 408.096664][ T29] audit: type=1326 audit(1764883197.220:58117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21514 comm="syz.2.5760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 408.120318][ T29] audit: type=1326 audit(1764883197.250:58118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21514 comm="syz.2.5760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 408.143880][ T29] audit: type=1326 audit(1764883197.250:58119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21514 comm="syz.2.5760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 408.167484][ T29] audit: type=1326 audit(1764883197.250:58120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21514 comm="syz.2.5760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 408.191129][ T29] audit: type=1326 audit(1764883197.250:58121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21514 comm="syz.2.5760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 408.214723][ T29] audit: type=1326 audit(1764883197.250:58122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21514 comm="syz.2.5760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 408.238345][ T29] audit: type=1326 audit(1764883197.250:58124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21514 comm="syz.2.5760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 408.262002][ T29] audit: type=1326 audit(1764883197.250:58125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21514 comm="syz.2.5760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 408.285617][ T29] audit: type=1326 audit(1764883197.250:58126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21514 comm="syz.2.5760" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46ddcff749 code=0x7ffc0000 [ 408.338055][ T12] team0 (unregistering): Port device team_slave_1 removed [ 408.361425][ T12] team0 (unregistering): Port device team_slave_0 removed [ 408.522727][T21383] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 408.533038][T21542] loop3: detected capacity change from 0 to 1024 [ 408.543130][T21383] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 408.550299][T21542] EXT4-fs: Ignoring removed nobh option [ 408.558748][T21383] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 408.565602][T21542] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 408.577308][T21383] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 408.588163][T21542] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 408.598461][T21542] EXT4-fs error (device loop3): ext4_get_journal_inode:5849: comm syz.3.5770: inode #4294967295: comm syz.3.5770: iget: illegal inode # [ 408.614274][T21542] EXT4-fs (loop3): no journal found [ 408.619521][T21542] EXT4-fs (loop3): can't get journal size [ 408.627005][T21542] EXT4-fs (loop3): failed to initialize system zone (-22) [ 408.634331][T21542] EXT4-fs (loop3): mount failed [ 408.677341][T21542] netlink: 'syz.3.5770': attribute type 13 has an invalid length. [ 408.709311][T21383] 8021q: adding VLAN 0 to HW filter on device bond0 [ 408.761660][T21542] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.768888][T21542] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.782308][T21551] netlink: 'syz.2.5760': attribute type 29 has an invalid length. [ 408.835244][T21554] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5760'. [ 408.915328][ T37] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.931785][T21383] 8021q: adding VLAN 0 to HW filter on device team0 [ 408.975786][ T37] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.986781][ T4456] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.993838][ T4456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 409.019927][ T37] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.038856][ T37] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.050511][ T4456] bridge0: port 2(bridge_slave_1) entered blocking state [ 409.057619][ T4456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 409.232650][T21561] loop3: detected capacity change from 0 to 128 [ 409.258082][T21561] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 409.270718][T21561] ext4 filesystem being mounted at /42/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 409.537216][T21383] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 409.758344][T21383] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 409.937174][T21383] veth0_vlan: entered promiscuous mode [ 409.957150][T21383] veth1_vlan: entered promiscuous mode [ 409.982296][T21383] veth0_macvtap: entered promiscuous mode [ 409.993801][T21383] veth1_macvtap: entered promiscuous mode [ 410.008477][T21383] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 410.030591][T21383] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 410.049129][ T4007] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.085754][ T4007] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.092218][T21591] loop2: detected capacity change from 0 to 1024 [ 410.101554][T21591] EXT4-fs: Ignoring removed orlov option [ 410.107928][ T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.125813][ T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.136260][T21591] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 410.221188][T21589] team0: Device gtp1 is of different type [ 410.490481][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 410.510254][T20886] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 410.649965][T21620] loop2: detected capacity change from 0 to 512 [ 410.675657][T21620] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 410.694938][T21620] ext4 filesystem being mounted at /418/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 410.756941][T21630] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5790'. [ 410.807457][T13959] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 410.821629][T21634] 8021q: adding VLAN 0 to HW filter on device bond0 [ 410.830219][T21634] 8021q: adding VLAN 0 to HW filter on device team0 [ 410.854772][T21634] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 410.957983][T21637] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 410.973943][T21636] syzkaller0: entered promiscuous mode [ 410.987474][T21642] syzkaller0 (unregistering): left promiscuous mode [ 412.045310][T21664] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5802'. [ 412.099889][T21664] 8021q: adding VLAN 0 to HW filter on device bond1 [ 412.144377][T21672] netlink: 14 bytes leftover after parsing attributes in process `syz.4.5805'. [ 412.171010][T21673] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5804'. [ 412.304013][T21681] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5809'. [ 412.336284][T21681] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5809'. [ 412.452340][T21676] team0: Device gtp0 is of different type [ 412.505270][T21683] loop3: detected capacity change from 0 to 512 [ 412.519925][T21683] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 412.534988][T21683] EXT4-fs (loop3): mount failed [ 412.839107][T21718] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5819'. [ 412.862262][T21718] ip6tnl0: Caught tx_queue_len zero misconfig [ 412.968573][T21728] loop2: detected capacity change from 0 to 2048 [ 412.986184][T21728] loop2: p2 < > p3 < p5 > p4 [ 412.990913][T21728] loop2: partition table partially beyond EOD, truncated [ 412.994174][T21729] 9pnet: Could not find request transport:  [ 413.000417][T21728] loop2: p2 start 4278190080 is beyond EOD, truncated [ 413.036324][T21729] netlink: 'syz.1.5811': attribute type 29 has an invalid length. [ 413.044639][T21728] loop2: p4 size 8192 extends beyond EOD, truncated [ 413.052782][ T29] kauditd_printk_skb: 944 callbacks suppressed [ 413.052802][ T29] audit: type=1326 audit(1764883202.250:59069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21686 comm="syz.1.5811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 413.076048][T21728] loop2: p5 size 8192 extends beyond EOD, truncated [ 413.093772][ T29] audit: type=1326 audit(1764883202.280:59071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21686 comm="syz.1.5811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 413.117512][ T29] audit: type=1326 audit(1764883202.280:59072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21686 comm="syz.1.5811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 413.142880][T21729] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5811'. [ 413.143166][ T29] audit: type=1326 audit(1764883202.270:59070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21686 comm="syz.1.5811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 413.143208][ T29] audit: type=1326 audit(1764883202.280:59073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21686 comm="syz.1.5811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 413.143255][ T29] audit: type=1326 audit(1764883202.310:59074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21686 comm="syz.1.5811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 413.143286][ T29] audit: type=1326 audit(1764883202.340:59075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21686 comm="syz.1.5811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 413.143334][ T29] audit: type=1326 audit(1764883202.340:59076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21686 comm="syz.1.5811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 413.270233][ T29] audit: type=1326 audit(1764883202.340:59077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21686 comm="syz.1.5811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 413.293847][ T29] audit: type=1326 audit(1764883202.340:59078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21686 comm="syz.1.5811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f80b55af749 code=0x7ffc0000 [ 413.331031][T21731] team0: Device gtp0 is of different type [ 413.344621][T21728] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 413.354699][T21728] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 413.464383][T21740] netlink: 14 bytes leftover after parsing attributes in process `syz.1.5826'. [ 413.547482][T21746] netlink: 256 bytes leftover after parsing attributes in process `syz.3.5828'. [ 413.564642][T21746] loop3: detected capacity change from 0 to 512 [ 413.580928][T21746] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 413.593583][T21746] ext4 filesystem being mounted at /57/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 413.611731][T21746] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #2: block 18: comm syz.3.5828: lblock 23 mapped to illegal pblock 18 (length 1) [ 413.661582][T20886] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 413.701684][T21760] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5833'. [ 413.999431][T21782] team0: Device gtp0 is of different type [ 414.170061][T21798] netlink: 256 bytes leftover after parsing attributes in process `syz.3.5842'. [ 414.183787][T21800] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5844'. [ 414.193131][T21789] loop3: detected capacity change from 0 to 512 [ 414.208294][T21789] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 414.221211][T21789] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 414.287006][T21798] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #2: block 18: comm syz.3.5842: lblock 23 mapped to illegal pblock 18 (length 1) [ 414.323097][T21815] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 414.329633][T21815] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 414.337820][T21815] vhci_hcd vhci_hcd.0: Device attached [ 414.344110][T21816] vhci_hcd: connection closed [ 414.344423][ T4007] vhci_hcd: stop threads [ 414.353463][ T4007] vhci_hcd: release socket [ 414.357993][ T4007] vhci_hcd: disconnect device [ 414.363122][T20886] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 414.374138][T21818] 8021q: VLANs not supported on ip_vti0 [ 414.448644][T21824] netlink: 'syz.3.5849': attribute type 1 has an invalid length. [ 414.503067][T21826] team0: Device gtp0 is of different type [ 414.548614][T21827] 9pnet: Could not find request transport:  [ 414.567233][T21827] netlink: 'syz.1.5836': attribute type 29 has an invalid length. [ 414.584123][T21827] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5836'. [ 414.601659][T21832] netlink: 332 bytes leftover after parsing attributes in process `syz.3.5852'. [ 414.630166][T21834] FAULT_INJECTION: forcing a failure. [ 414.630166][T21834] name failslab, interval 1, probability 0, space 0, times 0 [ 414.643167][T21834] CPU: 1 UID: 0 PID: 21834 Comm: syz.3.5853 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 414.643249][T21834] Tainted: [W]=WARN [ 414.643255][T21834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 414.643267][T21834] Call Trace: [ 414.643273][T21834] [ 414.643316][T21834] __dump_stack+0x1d/0x30 [ 414.643340][T21834] dump_stack_lvl+0xe8/0x140 [ 414.643363][T21834] dump_stack+0x15/0x1b [ 414.643386][T21834] should_fail_ex+0x265/0x280 [ 414.643478][T21834] should_failslab+0x8c/0xb0 [ 414.643510][T21834] kmem_cache_alloc_node_noprof+0x57/0x4c0 [ 414.643545][T21834] ? __alloc_skb+0x324/0x4d0 [ 414.643565][T21834] __alloc_skb+0x324/0x4d0 [ 414.643708][T21834] ? __alloc_skb+0x24d/0x4d0 [ 414.643726][T21834] netlink_alloc_large_skb+0xbf/0xf0 [ 414.643747][T21834] netlink_sendmsg+0x3cf/0x6b0 [ 414.643825][T21834] ? __pfx_netlink_sendmsg+0x10/0x10 [ 414.643850][T21834] __sock_sendmsg+0x145/0x180 [ 414.643876][T21834] ____sys_sendmsg+0x31e/0x4a0 [ 414.643969][T21834] ___sys_sendmsg+0x17b/0x1d0 [ 414.644013][T21834] __x64_sys_sendmsg+0xd4/0x160 [ 414.644102][T21834] x64_sys_call+0x17ba/0x3000 [ 414.644139][T21834] do_syscall_64+0xd8/0x2a0 [ 414.644227][T21834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.644244][T21834] RIP: 0033:0x7efef281f749 [ 414.644255][T21834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.644325][T21834] RSP: 002b:00007efef1287038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 414.644339][T21834] RAX: ffffffffffffffda RBX: 00007efef2a75fa0 RCX: 00007efef281f749 [ 414.644395][T21834] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 414.644405][T21834] RBP: 00007efef1287090 R08: 0000000000000000 R09: 0000000000000000 [ 414.644415][T21834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 414.644425][T21834] R13: 00007efef2a76038 R14: 00007efef2a75fa0 R15: 00007fff6306f838 [ 414.644440][T21834] [ 414.856946][ T3305] ================================================================== [ 414.865064][ T3305] BUG: KCSAN: data-race in virtqueue_disable_cb / virtqueue_disable_cb [ 414.873344][ T3305] [ 414.875652][ T3305] read to 0xffff888101f92e78 of 2 bytes by interrupt on cpu 0: [ 414.883180][ T3305] virtqueue_disable_cb+0x58/0x150 [ 414.888303][ T3305] skb_xmit_done+0x67/0x1a0 [ 414.892809][ T3305] vring_interrupt+0x155/0x180 [ 414.897604][ T3305] __handle_irq_event_percpu+0x9d/0x510 [ 414.903155][ T3305] handle_irq_event+0x64/0xf0 [ 414.907825][ T3305] handle_edge_irq+0x154/0x470 [ 414.912618][ T3305] __common_interrupt+0x60/0xb0 [ 414.917468][ T3305] common_interrupt+0x7e/0x90 [ 414.922155][ T3305] asm_common_interrupt+0x26/0x40 [ 414.927172][ T3305] _raw_spin_unlock_irqrestore+0x3c/0x60 [ 414.932814][ T3305] free_percpu+0x502/0xa20 [ 414.937229][ T3305] xt_percpu_counter_free+0x67/0x80 [ 414.942439][ T3305] cleanup_entry+0x186/0x1b0 [ 414.947037][ T3305] __do_replace+0x458/0x570 [ 414.951555][ T3305] do_ipt_set_ctl+0x6ea/0x820 [ 414.956237][ T3305] nf_setsockopt+0x199/0x1b0 [ 414.960839][ T3305] ip_setsockopt+0x102/0x110 [ 414.965418][ T3305] tcp_setsockopt+0x98/0xb0 [ 414.969918][ T3305] sock_common_setsockopt+0x69/0x80 [ 414.975139][ T3305] __sys_setsockopt+0x184/0x200 [ 414.979978][ T3305] __x64_sys_setsockopt+0x64/0x80 [ 414.985002][ T3305] x64_sys_call+0x21d5/0x3000 [ 414.989675][ T3305] do_syscall_64+0xd8/0x2a0 [ 414.994173][ T3305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.000055][ T3305] [ 415.002371][ T3305] write to 0xffff888101f92e78 of 2 bytes by task 3305 on cpu 1: [ 415.009982][ T3305] virtqueue_disable_cb+0x7a/0x150 [ 415.015091][ T3305] start_xmit+0x10e/0x17a0 [ 415.019500][ T3305] dev_hard_start_xmit+0x125/0x3e0 [ 415.024688][ T3305] sch_direct_xmit+0x192/0x550 [ 415.029445][ T3305] __dev_queue_xmit+0xcb2/0x1ec0 [ 415.034374][ T3305] ip_finish_output2+0x77f/0x8b0 [ 415.039299][ T3305] ip_finish_output+0x114/0x2a0 [ 415.044135][ T3305] ip_output+0xbd/0x190 [ 415.048282][ T3305] __ip_queue_xmit+0xbbf/0xc00 [ 415.053041][ T3305] ip_queue_xmit+0x39/0x50 [ 415.057448][ T3305] __tcp_transmit_skb+0x17fd/0x1c10 [ 415.062641][ T3305] tcp_write_xmit+0x129c/0x30f0 [ 415.067501][ T3305] __tcp_push_pending_frames+0x6d/0x1b0 [ 415.073141][ T3305] tcp_push+0x311/0x330 [ 415.077290][ T3305] tcp_sendmsg_locked+0x2458/0x2c00 [ 415.082489][ T3305] tcp_sendmsg+0x2f/0x50 [ 415.086723][ T3305] inet_sendmsg+0x76/0xd0 [ 415.091043][ T3305] __sock_sendmsg+0x102/0x180 [ 415.095719][ T3305] sock_write_iter+0x1a7/0x1f0 [ 415.100496][ T3305] vfs_write+0x52a/0x960 [ 415.104734][ T3305] ksys_write+0xda/0x1a0 [ 415.109068][ T3305] __x64_sys_write+0x40/0x50 [ 415.113654][ T3305] x64_sys_call+0x2847/0x3000 [ 415.118331][ T3305] do_syscall_64+0xd8/0x2a0 [ 415.122834][ T3305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.128854][ T3305] [ 415.131202][ T3305] value changed: 0x0000 -> 0x0001 [ 415.136301][ T3305] [ 415.138626][ T3305] Reported by Kernel Concurrency Sanitizer on: [ 415.144777][ T3305] CPU: 1 UID: 0 PID: 3305 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(voluntary) SYZFAIL: failed to send rpc fd=3 want=56 sent=0 n=-1 (errno 32: Broken pipe) [ 415.156246][ T3305] Tainted: [W]=WARN [ 415.160054][ T3305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 415.170113][ T3305] ================================================================== [ 415.332500][T21838] loop0: detected capacity change from 0 to 128 [ 416.598716][ T4456] bridge_slave_1: left allmulticast mode [ 416.604540][ T4456] bridge_slave_1: left promiscuous mode [ 416.610223][ T4456] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.647218][ T4456] bridge_slave_0: left allmulticast mode [ 416.653201][ T4456] bridge_slave_0: left promiscuous mode [ 416.659276][ T4456] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.857300][ T4456] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 416.886717][ T4456] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 416.910032][ T4456] bond0 (unregistering): Released all slaves [ 417.127832][ T4456] team0 (unregistering): Port device team_slave_1 removed [ 417.137350][ T4456] team0 (unregistering): Port device team_slave_0 removed [ 418.022096][ T4456] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.068840][ T4456] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.108743][ T4456] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.189232][ T4456] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.241559][ T4456] bridge_slave_1: left allmulticast mode [ 418.247288][ T4456] bridge_slave_1: left promiscuous mode [ 418.252945][ T4456] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.260659][ T4456] bridge_slave_0: left allmulticast mode [ 418.266413][ T4456] bridge_slave_0: left promiscuous mode [ 418.272046][ T4456] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.280566][ T4456] bridge_slave_1: left allmulticast mode [ 418.286259][ T4456] bridge_slave_1: left promiscuous mode [ 418.291861][ T4456] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.299722][ T4456] bridge_slave_0: left allmulticast mode [ 418.305437][ T4456] bridge_slave_0: left promiscuous mode [ 418.311068][ T4456] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.319692][ T4456] bridge_slave_1: left allmulticast mode [ 418.325332][ T4456] bridge_slave_1: left promiscuous mode [ 418.331081][ T4456] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.338706][ T4456] bridge_slave_0: left allmulticast mode [ 418.344362][ T4456] bridge_slave_0: left promiscuous mode [ 418.350040][ T4456] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.358392][ T4456] bridge_slave_1: left allmulticast mode [ 418.364085][ T4456] bridge_slave_1: left promiscuous mode [ 418.369724][ T4456] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.377526][ T4456] bridge_slave_0: left allmulticast mode [ 418.383228][ T4456] bridge_slave_0: left promiscuous mode [ 418.388883][ T4456] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.478028][ T4456] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 418.487254][ T4456] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 418.496189][ T4456] bond0 (unregistering): Released all slaves [ 418.558603][ T4456] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 418.567874][ T4456] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 418.576712][ T4456] bond0 (unregistering): Released all slaves [ 418.657807][ T4456] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 418.667280][ T4456] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 418.676274][ T4456] bond0 (unregistering): Released all slaves [ 418.684646][ T4456] bond1 (unregistering): Released all slaves [ 418.737601][ T4456] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 418.747293][ T4456] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 418.756783][ T4456] bond0 (unregistering): Released all slaves [ 418.919165][ T4456] hsr_slave_0: left promiscuous mode [ 418.924849][ T4456] hsr_slave_1: left promiscuous mode [ 418.930493][ T4456] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 418.939187][ T4456] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 418.946714][ T4456] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 418.954158][ T4456] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 418.964285][ T4456] veth1_macvtap: left promiscuous mode [ 418.970289][ T4456] veth0_macvtap: left promiscuous mode [ 418.975868][ T4456] veth1_vlan: left promiscuous mode [ 418.981108][ T4456] veth0_vlan: left promiscuous mode [ 419.036700][ T4456] team0 (unregistering): Port device team_slave_1 removed [ 419.046664][ T4456] team0 (unregistering): Port device team_slave_0 removed [ 419.054226][ T4007] smc: removing ib device syz! [ 419.062813][ T1988] smc: removing ib device syz0 [ 419.107324][ T4456] team0 (unregistering): Port device team_slave_1 removed [ 419.120029][ T4456] team0 (unregistering): Port device team_slave_0 removed [ 419.173405][ T4456] team0 (unregistering): Port device team_slave_1 removed [ 419.183127][ T4456] team0 (unregistering): Port device team_slave_0 removed [ 419.237563][ T4456] team0 (unregistering): Port device team_slave_1 removed [ 419.247844][ T4456] team0 (unregistering): Port device team_slave_0 removed