last executing test programs: 1.86525495s ago: executing program 2 (id=1137): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0x401}, 0x11) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="4000000010000305000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000100000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) 1.592458392s ago: executing program 2 (id=1144): r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x7fff, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x44, 0x0, r0, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r0, 0x625, 0x4c1, 0xc1, 0x0, 0x2000) 1.508423375s ago: executing program 2 (id=1146): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0xae8}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 1.451203968s ago: executing program 2 (id=1148): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000f1ffff000000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000e}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', r2, 0x0, 0x4804}, 0x18) r3 = socket$inet_sctp(0x2, 0x5, 0x84) close(r3) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e24, @private=0xa010100}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) sendmsg$inet_sctp(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}, {0x0, 0xe0}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r5}}], 0x20, 0x2400e044}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r6}, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x4, 0x0, 0x1, 0x2}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000340)={r7, &(0x7f0000000280), 0x0}, 0x20) 1.258501956s ago: executing program 3 (id=1155): bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b70300000003000085"], 0x0, 0x0, 0x0, 0x0, 0xce426abbd71cc858, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe3}, 0x94) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000040)=0xfffffffc, 0x4) recvmmsg(r0, &(0x7f0000000340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/33, 0x21}, 0x4}], 0x3d5, 0x45833af92e4b38ff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x3f, 0x40, 0x42}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)="c52c35ea4f0134beb954bed8e1d986ae4c318fe66f5102b1bd2e3edab67f066a80f87ee6daaeacff", &(0x7f0000000140), 0x1003, r2}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x14, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xc3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="796100000000000000007e000000d09a166eb369a3de29928799330dc46f9bde835092f09297852afec1191c9c4a97987aea5a548d2a2184e70d17f1412da4a49e678b41e89db444a770f5ca04dd6b285bb8815fc458e70557e7c2af225007"], 0x14}}, 0x4000054) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan1\x00'}) recvmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)=""/86, 0x56}, {&(0x7f0000000380)=""/165, 0xa5}], 0x2, &(0x7f00000004c0)=""/183, 0xb7}, 0x100) 922.44687ms ago: executing program 3 (id=1166): bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='inode_foreign_history\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0xffffffffffffffef) r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB, @ANYBLOB='\x00'/14], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000880)=ANY=[@ANYBLOB="0f000000040000000400000002000200000000007c16488999d63c3979b6c84da5abf687118d0efc381e6b775158c1c246e2569568680a58fbc87355bedc45d343225d890bda00789f1d2e9d434914184f00000080000000009191d58581fb176cd016c87972785bdb68b0d8b2b1bb3ed5d9abd51226c6090fe9ed19132ee4eba7651197663f2400fb8222d7a4e89ec96ef3bb87f1a8fccd25b7007bb6b6692ca93a8c39a5858d0bce07a5e0ac65", @ANYRESOCT, @ANYBLOB="fdffffff00"/14, @ANYRES8=r0, @ANYRESOCT=r2, @ANYRES32], 0x48) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000140)={0x4, 0x8b}, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, 0x0, 0x4010) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x0, &(0x7f0000000080)}) ioctl$TIOCSPGRP(r5, 0x5410, &(0x7f0000000040)=0xffffffffffffffff) unlinkat(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000400000080000000040000", @ANYRES32, @ANYBLOB="001a00000001deafe008ce898440292aace3de0c46ad15096b4ca879969c8bb237e209389ab4a7863255e5856c88315fac225e6d3862", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xd, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="1800"/15, @ANYBLOB="0000000000b7030000690000001b00004b00000000000000000000937bb429f07c4fb2d837a3a7f20e768c1b"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x28, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94) ioctl$SIOCGETSGCNT(0xffffffffffffffff, 0x89e1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wg1\x00'}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'syztnl1\x00', &(0x7f0000000080)={'syztnl0\x00', 0x0, 0xd3ca779c52fd0d2a, 0x4d, 0x1, 0x3fe, 0x41, @ipv4={'\x00', '\xff\xff', @loopback}, @private0, 0x8, 0x40, 0x0, 0x10001}}) stat(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wg0\x00'}) lstat(0x0, 0x0) 893.498562ms ago: executing program 3 (id=1167): r0 = socket(0x10, 0x80002, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) sendto$inet6(r1, &(0x7f0000000100)="15", 0x1, 0x1, &(0x7f0000000140)={0xa, 0x4e23, 0x7ff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, 0x1c) sendmsg$inet6(r1, &(0x7f0000000380)={&(0x7f0000000180)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, &(0x7f0000000340)=[{&(0x7f0000000480)='y', 0x1}], 0x1}, 0x0) shutdown(r1, 0x1) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, 0x0, 0x0, 0x4}, &(0x7f0000000080)=0x9c) r2 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000000206010700000000000000000000000014000300686173683a69702c706f72742c6970000900020073797a31000000000500010007000000050005000a0000000500040001000000c1590c9fe92c70409533a7acaf3d7072b144c5f5c963697b3ff9bea20eba159d251d57a146ac718289d253f3be698fed96dc6035adef29a07823dc76dea18307c0b1366c07f0145dcd4b556e3129ca"], 0x4c}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0) r5 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00'}) r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) modify_ldt$write2(0x11, &(0x7f0000000000)={0xffff, 0x0, 0x1000, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x10) sendmsg$SMC_PNETID_ADD(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010027bd7000fbd3df2502000000050004000100000005000400010000001400020076657468315f746f5f7465616d0000000900030073797a32000000000900010073797a"], 0x68}, 0x1, 0x0, 0x0, 0x4000145}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="3f00000000000000300012800b00010062726964676500002000028005000700080000000c002e0003000000030000000500170000000000548b67f7180f0ca391f3864383112267568d31ce6d00296d242dc3886e"], 0x50}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), 0xffffffffffffffff) close_range(r2, 0xffffffffffffffff, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910710007e570966f4366ec9d4"], 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) 646.258842ms ago: executing program 4 (id=1175): bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$nl_route(0x10, 0x3, 0x0) accept$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @empty}, 0x0) r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x140, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) syz_clone(0xc800411, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x2, 0x0, &(0x7f00000001c0), 0x4, 0x0) signalfd(0xffffffffffffffff, &(0x7f00000003c0)={[0xfffffffffffffffd]}, 0x8) mkdir(&(0x7f0000000140)='./control\x00', 0x5) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000300)={'veth1_to_bridge\x00', &(0x7f0000000280)=@ethtool_wolinfo={0x2, 0xf5, 0x6, "7a6b257ff11e"}}) gettid() close(r1) inotify_init1(0x800) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="01000000040000000400000008"], 0x50) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000a00)="39e8dcfa461ac09e8a722e34d7e498893ffa560200133b06000000000000001770faf047145bc79e0b9971bcbedac0eeaf3300000000000000000000cab0312cf6b68ced648cdb670a6bf4d650ac2b5546216e3c", 0x54}], 0x1) r3 = syz_open_dev$sg(&(0x7f0000001bc0), 0x208, 0x2c41) setreuid(0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r3]) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000000)=@req3={0x410000, 0x100000001, 0x210000, 0x1, 0xa, 0x0, 0xffffffff}, 0x1c) close(r4) 637.921652ms ago: executing program 1 (id=1177): bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='inode_foreign_history\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0xffffffffffffffef) r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB, @ANYBLOB='\x00'/14], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000880)=ANY=[@ANYBLOB="0f000000040000000400000002000200000000007c16488999d63c3979b6c84da5abf687118d0efc381e6b775158c1c246e2569568680a58fbc87355bedc45d343225d890bda00789f1d2e9d434914184f00000080000000009191d58581fb176cd016c87972785bdb68b0d8b2b1bb3ed5d9abd51226c6090fe9ed19132ee4eba7651197663f2400fb8222d7a4e89ec96ef3bb87f1a8fccd25b7007bb6b6692ca93a8c39a5858d0bce07a5e0ac65", @ANYRESOCT, @ANYBLOB="fdffffff00"/14, @ANYRES8=r0, @ANYRESOCT=r2, @ANYRES32], 0x48) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000140)={0x4, 0x8b}, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, 0x0, 0x4010) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x0, &(0x7f0000000080)}) ioctl$TIOCSPGRP(r5, 0x5410, &(0x7f0000000040)=0xffffffffffffffff) unlinkat(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000400000080000000040000", @ANYRES32, @ANYBLOB="001a00000001deafe008ce898440292aace3de0c46ad15096b4ca879969c8bb237e209389ab4a7863255e5856c88315fac225e6d3862", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xd, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="1800"/15, @ANYBLOB="0000000000b7030000690000001b00004b00000000000000000000937bb429f07c4fb2d837a3a7f20e768c1b"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x28, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94) ioctl$SIOCGETSGCNT(0xffffffffffffffff, 0x89e1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wg1\x00'}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'syztnl1\x00', &(0x7f0000000080)={'syztnl0\x00', 0x0, 0xd3ca779c52fd0d2a, 0x4d, 0x1, 0x3fe, 0x41, @ipv4={'\x00', '\xff\xff', @loopback}, @private0, 0x8, 0x40, 0x0, 0x10001}}) stat(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wg0\x00'}) lstat(0x0, 0x0) 614.707944ms ago: executing program 1 (id=1178): sendto(0xffffffffffffffff, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 554.948676ms ago: executing program 2 (id=1179): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$sock(r0, &(0x7f0000000300)={&(0x7f00000001c0)=@ax25={{0x3, @null, 0x1}, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000140)="9207fd0efed5a1cc63", 0x9}], 0x1, &(0x7f0000000280)=[@txtime={{0x18, 0x1, 0x3d, 0x1ff}}, @txtime={{0x18, 0x1, 0x3d, 0x7ff}}, @txtime={{0x18, 0x1, 0x3d, 0x6}}], 0x48}, 0x4000001) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b00000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='percpu_free_percpu\x00', r2}, 0x18) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = syz_io_uring_setup(0x1852, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000000c0)=0x0, &(0x7f00000001c0)=0x0) r8 = socket$isdn(0x22, 0x2, 0x22) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r8, 0x0, &(0x7f0000000500)=[{&(0x7f0000000400)=""/148, 0x94}], 0x1}) io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r3}, &(0x7f0000000200), &(0x7f0000000280)=r4}, 0x20) syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='schedstat\x00') syz_open_procfs(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x19, 0xc, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x7}, 0x48) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081084e81f782db44b904021d080006007c06e8fe55a10a0015400100142603600e120800060000000201a80016000900014003e01100036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) 554.594146ms ago: executing program 1 (id=1180): r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffc}, 0x10) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) r2 = dup3(r1, r0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000004000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES32=r0, @ANYRES16=r2, @ANYBLOB="b178acfe392b14281bf88f76b4b21b0cf3a4e5881529e7a06ad9136c980bc5cc265a4b6d2556dbf7946f7833eafcd238c547742918a3aa08c507501a1d75c16fb351110130b81b4d9ed0faee14ac87fee53f44b9ad420d28f8825fda90657b731b329893df60f197174cbcffdb61af832f7a102ed908d7cd9efb80421d9bece205de4d5ff206225985f5605491721f968e2e228d842b32682806963d1821042326ca09b3959af24384c96424e8a78eb69de90b4c978d795fdde4cb644a53127ca9", @ANYRESOCT=r2, @ANYRES16=r1, @ANYRES8=r0, @ANYRES64=r3, @ANYRES8=r3], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/devices\x00', 0x0, 0x0) preadv(r6, &(0x7f00000000c0)=[{&(0x7f0000001600)=""/4113, 0x1011}], 0x1, 0xf0, 0xa) 462.84225ms ago: executing program 4 (id=1181): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)=r1}, 0x20) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000380)={0x43, 0x4, 0x3, 0x3}, 0x10) sendmsg$tipc(r2, &(0x7f0000000400)={&(0x7f00000008c0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x4008030) 439.020171ms ago: executing program 1 (id=1182): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) io_setup(0x9, 0x0) clock_gettime(0x0, 0x0) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) io_getevents(0x0, 0x0, 0x3, &(0x7f0000000180)=[{}, {}, {}], &(0x7f0000000280)={r0, r1+60000000}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$getregs(0xc, r3, 0x800005, &(0x7f0000000100)=""/62) (fail_nth: 4) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYRES16=r4, @ANYRES8=0x0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r5}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000004c0)='./file1\x00', 0x3000046, &(0x7f0000000a80)={[{@dioread_nolock}, {@data_err_abort}, {@jqfmt_vfsold}, {@delalloc}, {@nouid32}, {@discard}, {@data_err_ignore}, {@journal_path={'journal_path', 0x3d, './file1'}}, {@dioread_lock}, {@user_xattr}, {@block_validity}, {@errors_remount}], [{@audit}, {@euid_lt={'euid<', 0xee00}}, {@obj_role={'obj_role', 0x3d, '\x00'}}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r6 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r7, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x6048800) syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000240)) sendmsg$TEAM_CMD_OPTIONS_SET(r6, 0x0, 0x200448c0) 399.809973ms ago: executing program 1 (id=1184): pipe(&(0x7f00000001c0)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) close(0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0xf3a, 0x0) close(0x4) splice(r0, 0x0, r3, 0x0, 0x80, 0x6) write(r1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x21c91c, &(0x7f0000000440)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800000}}, {@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@jqfmt_vfsold}, {@noinit_itable}, {@quota}, {@noauto_da_alloc}, {@sysvgroups}, {@resgid, 0x32}]}, 0x1, 0x4e0, &(0x7f0000001a40)="$eJzs3d9rW9cdAPDvla0sP5zZYXvIAsvCkmGHLZIdL4nZQ7bB2J4C27L3zLNlYyxbxpKT2ITNYX/AYIy10Kc+9aXQP6BQ8ieUQqB9L21pKW3SPhTaRkVXUuI4UuwQWUqtzweOdO7Rvfqeo4uO7rn3cBVA3zoVEacj4kG1Wj0bEcON8kwjxWY91da7f+/WTC0lUa1e/SyJSOpltdXGtrznkcZmByPir3+K+EfyZNzy+sbidLFYWG0s5ytLK/ny+sa5haXp+cJ8YXlycuLi1KWpC1PjHWnnUERc/sNH///Pa3+8/Navbrx/7ZOxfyaN8ohH7ei0etOz6WfRNBgRq3sRrEcG0xYCAPB90DzO/3lEnI3hGEiP5gAAAID9pPrbofgmiagCAAAA+1YmnQObZHKNeQBDkcnkcvU5vD+Ow5liqVz55VxpbXm2Pld2JLKZuYViYbwxV3gksklteSLNP1o+v215MiKORcT/hg+ly7mZUnG21yc/AAAAoE8c2Tb+/3K4Pv7f4uueVQ4AAADonJFeVwAAAADYc8b/AAAAsP8Z/wMAAMC+9ucrV2qp2vz/69nr62uLpevnZgvlxdzS2kxuprS6kpsvlebTe/Yt7fR+xVJp5dexvHYzXymUK/ny+sa1pdLacuXawmN/gQ0AAAB00bGf3XkviYjN3xxKU82BXlcK6IrBZ1n5w72rB9B9A72uANAzz/T7D+wr2V5XAOi5ZIfX207eebvzdQEAAPbG6E9aX/8f2PHcwGamS1UE9ojzf9C/XP+H/uX6P/SvbAyEgTz0t51uAfr81/+r1WeqEAAA0HFDaUoyuYj0PMBQZDK5XMTRdEyQTeYWioXxiPhhRLw7nP1BbXki3TLZcc4wAAAAAAAAAAAAAAAAAAAAAAAAAFBXrSZRBQAAAPa1iMzHSXo3/4jR4TND288PHEi+Gk6fI+LGK1dfujldqaxO1Mo/f1heeblRfr4XZzAAAACA7Zrj9OY4HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA66f69WzPN1M24n/4+IkZaxR+Mg+nzwchGxOEvkhjcsl0SEQMdiL95OyKOt4qf1KoVI41atIp/qMfxj3QgPvSzO7X+53etvn+ZOJU+t/7+XUx7qOfXvv/LPOz/BlrEr5Ud3WWME3ffyLeNfzvixGDr/qcZP2nT/5zeZfy//21jo91r1VcjRlv+/iSPxcpXllby5fWNcwtL0/OF+cLy5OTExalLUxemxvNzC8VC47FljP/+9M0HT2v/4TbxR3Zo/5ldtv/buzfv/aiezT7cPHkUf+x06/1/vE38TGP//6KRr70+2sxv1vNbnXz9nZNPa/9sm/bvtP/Hdtn+s3/59we7XBUA6ILy+sbidLFYWO3rzHN9GrXDoheiFS9mpva5vgDVaJn51x68c+3IvNft6kSmp90SAACwB54cAwMAAAAAAAAAAAAAAAAAAADd1o3biWW3xdxMHztx93wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM75LgAA///6fNJN") 399.540243ms ago: executing program 4 (id=1185): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x6, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000faffffff0000000000004000850000002c0000001800000004000000000000000700000095"], &(0x7f0000000200)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x27, 0xe, 0x0, &(0x7f0000000640)="ed7e17526b2d6f70ac1ae867fd2a", 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) r1 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000580), &(0x7f0000000680)=0xe) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4}, 0x10) lsm_get_self_attr(0x64, 0x0, &(0x7f0000000000), 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000b00)={{r3}, &(0x7f0000000040), &(0x7f0000000200)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r6) r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0xe8) getdents(r7, &(0x7f0000000000)=""/53, 0x35) getdents(r7, 0xfffffffffffffffd, 0xbb) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r5}, 0x10) ustat(0x3, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x38, r9, 0x30d, 0x0, 0x0, {}, [@TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x300}, @TIPC_NLA_MON_REF={0xffffffffffffff93}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}]}, 0x38}}, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r2, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}]}]}, 0x2c}}, 0x0) 368.566764ms ago: executing program 0 (id=1186): ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000c40)={{0x80}, 'port0\x00', 0x41, 0xfe8ee28a1d9fac77, 0x6, 0x6, 0x2, 0x40, 0x3, 0x0, 0x6, 0x3}) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(0xffffffffffffffff, 0xc0a85320, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x200400) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f0000000100)={0x400, 0x6, 0x1, 'queue0\x00', 0xffffceaf}) unshare(0x6a040000) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000040)={{0x3, 0x9}, {0xfd, 0x1}, 0x6, 0x5, 0x3}) socket$igmp6(0xa, 0x3, 0x2) sendmsg$nl_route_sched(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0) 368.167174ms ago: executing program 4 (id=1187): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) setuid(0x0) 309.374956ms ago: executing program 4 (id=1188): pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000003c0)={0x0, r0, 0x4, 0x9, 0x4, 0x6}) preadv(r1, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/31, 0x1f}, {&(0x7f0000000180)=""/173, 0xad}, {&(0x7f0000000300)=""/168, 0xa8}], 0x3, 0x1, 0x3ff) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x1800406, &(0x7f0000000140)=ANY=[]) 291.687607ms ago: executing program 2 (id=1189): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000f1ffff000000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000e}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', r2, 0x0, 0x4804}, 0x18) r3 = socket$inet_sctp(0x2, 0x5, 0x84) close(r3) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e24, @private=0xa010100}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) sendmsg$inet_sctp(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}, {0x0, 0xe0}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r5}}], 0x20, 0x2400e044}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x4, 0x0, 0x1, 0x2}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000340)={r6, &(0x7f0000000280), 0x0}, 0x20) 273.789738ms ago: executing program 4 (id=1190): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000f1ffff000000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000e}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', r2, 0x0, 0x4804}, 0x18) r3 = socket$inet_sctp(0x2, 0x5, 0x84) close(r3) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e24, @private=0xa010100}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) sendmsg$inet_sctp(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}, {0x0, 0xe0}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r5}}], 0x20, 0x2400e044}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r6}, 0x10) syz_emit_ethernet(0xfc0, &(0x7f0000002340)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd6fd3b6af0f8a1100fc020000000000000000000000000000fe8000000000000000000000000000aa87"], 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x4, 0x0, 0x1, 0x2}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000340)={r7, &(0x7f0000000280), 0x0}, 0x20) 273.210448ms ago: executing program 0 (id=1191): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket(0x26, 0xa, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00'}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sys_enter\x00', r4}, 0x18) fsync(r4) getresuid(&(0x7f0000000100), &(0x7f0000000140), &(0x7f00000001c0)=0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c0000002000000827bd7000ffdbdf256c000000ac1e000100000000000000000000e00000010000000000000000000000004e2400094e2200070a00a0005c000000", @ANYRES32=0x0, @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x4000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SCAN(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0) 233.925599ms ago: executing program 0 (id=1192): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0x401}, 0x11) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="4000000010000305000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000100000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) 186.103821ms ago: executing program 1 (id=1193): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x181) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x5ccc6e75, @rand_addr, 0x3}, 0x1c) listen(r0, 0x3) mount$9p_tcp(&(0x7f0000000100), &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000004e22']) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB], &(0x7f0000000500)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r2, 0x0, 0x800000000006}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close_range(r0, r0, 0x0) 87.968556ms ago: executing program 0 (id=1194): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r0}, 0x18) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000280), 0x88182, 0x0) writev(r1, &(0x7f0000000040)=[{&(0x7f0000002500)='\f7', 0x2}, {&(0x7f0000000080)='0', 0x62}], 0x2) 56.435437ms ago: executing program 0 (id=1195): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)=r1}, 0x20) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000380)={0x43, 0x4, 0x3, 0x3}, 0x10) sendmsg$tipc(r2, &(0x7f0000000400)={&(0x7f00000008c0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x4008030) 56.048847ms ago: executing program 0 (id=1196): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0xb9f1, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x149c3, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x8) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x0, 0x0, 0x400, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000400180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) r1 = socket$kcm(0x2, 0x5, 0x0) sendmsg$inet(r1, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="9f", 0x1}], 0x1}, 0x3e8) 38.037068ms ago: executing program 3 (id=1197): socket$nl_route(0x10, 0x3, 0x0) socket(0x11, 0x80a, 0x1) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x3f73, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x282}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) r1 = socket$inet(0x2, 0x80001, 0x84) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) socket(0x11, 0x80a, 0x1) (async) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) (async) io_uring_setup(0x3f73, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x282}) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) (async) socket$inet(0x2, 0x80001, 0x84) (async) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0) (async) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) (async) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) (async) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) (async) 414.86µs ago: executing program 3 (id=1198): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) setuid(0x0) 0s ago: executing program 3 (id=1199): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r0}, 0x18) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000280), 0x88182, 0x0) writev(r1, &(0x7f0000000040)=[{&(0x7f0000002500)='\f7', 0x2}, {&(0x7f0000000080)='0', 0x1}], 0x2) (fail_nth: 4) 0s ago: executing program 3 (id=1201): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) (async, rerun: 64) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) (rerun: 64) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r1, 0x0, 0x5}, 0x18) (async, rerun: 64) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) (async, rerun: 64) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_rdma(0x10, 0x3, 0x14) (async) sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002ec0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="5953fdfffffffddbdf256b000000080043"], 0x28}}, 0x50) (async) r4 = socket$netlink(0x10, 0x3, 0x14) (async, rerun: 64) syz_mount_image$vfat(&(0x7f0000000100), &(0x7f00000001c0)='./bus\x00', 0x1000000, &(0x7f00000005c0)=ANY=[], 0x1, 0x126f, &(0x7f0000001600)="$eJzs3U1rY1UcB+B/2vQtY5uq4+gMiAfdKEKcduHKTZEZEAtKtQMqCHdsqqFpU5pQiIhTV64EP4aoS3eC+AW6ceNaEES6cTkL8UqbjDNp0o522lSG59ncwznnd8+5veXCDedw9175cn1ttVlZzVoxUihEcXMsirdTpBiJ0ejYiRdu/PzL02+98+7rC4uL15ZSur7w9tzLKaWZZ35475Nvn/2xdeHGdzPfT8Tu7Pt7f8z/untp9/LeX99ErZlqzbTRaKUs3Ww0WtnNejWt1JprlZTerFezZjVNdse4275ab2xutlO2sTJd2tyqNpsp22intWo7tQqptdVO2YdZbSNVKpU0XQoexPLXt/M8j8jzsRiPPM/zqSjFhXgkpmMmyjEbj8Zj8XhcjCfiUjwZT8Xlg17nPW8AAAAAAAAAAAAAAAAAAAB4uNxn/3+hf///xHlPGQAAAAAAAAAAAAAAAAAAAB46h/f/FyN8/x8AAAAAAAAAAAAAAAAAAACG7D7f/z+0//9F+/8BAAAAAAAAAAAAAAAAAADgLEx2DkspTUasf769vL3cOXbqF1ajFvWoxtUox59xsPu/o1O+/tritavpwGy8tH6rm7+1vTzam58bK8dsYWB+rpNPvfmJKN2bn49yXBw8/vzA/GQ8/9x+/rNOvhLl+OmDaEQ9ViIK3as/yH86l9KrbyxO9eav7Pc70ugZ3xYAAAA4TZX0j/73951up4Htnabu+3nq9iwc8/vAoffzYlwpntdVc0ez/fFaVq9Xt05YGD/6POO9NVPdniceqxARWU98pvTb0v4pTzr5UyuMDnXQseP7PMA9jeL/4I95CoXfv7qnZjKGO/pI9x89q+8/P/9dKnby/EwnNj6oaeK41NHPjMIZP5MYnrs3/bxnAgAAAAAAAAAAwH8xcPXfVET0rQf8qK/mzvLw3nj/mY8e/YshXCEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA3O3AsAAAAACDM3zqNjg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//+E38bU") (rerun: 64) r5 = open(&(0x7f0000000040)='./file2\x00', 0x4440, 0x4) preadv2(r5, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0) (async) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r6, 0x29, 0x31, 0x0, 0x0) ioctl$USBDEVFS_SETCONFIGURATION(r5, 0x80045505, &(0x7f0000000140)=0xe) (async, rerun: 64) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a2f000000000800410072786500140033007465616d5f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x8844) (rerun: 64) kernel console output (not intermixed with test programs): mode [ 36.487790][ T3322] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.494856][ T3322] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.502096][ T3322] bridge_slave_0: entered allmulticast mode [ 36.508530][ T3322] bridge_slave_0: entered promiscuous mode [ 36.520330][ T3316] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.527594][ T3316] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.534755][ T3316] bridge_slave_0: entered allmulticast mode [ 36.541391][ T3316] bridge_slave_0: entered promiscuous mode [ 36.557356][ T3322] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.564514][ T3322] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.571873][ T3322] bridge_slave_1: entered allmulticast mode [ 36.578467][ T3322] bridge_slave_1: entered promiscuous mode [ 36.585872][ T3325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.595077][ T3316] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.602208][ T3316] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.609375][ T3316] bridge_slave_1: entered allmulticast mode [ 36.615855][ T3316] bridge_slave_1: entered promiscuous mode [ 36.623270][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.633607][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.648726][ T3325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.668797][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.679138][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.712905][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.723040][ T3325] team0: Port device team_slave_0 added [ 36.730058][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.750257][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.760101][ T3325] team0: Port device team_slave_1 added [ 36.766809][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.776616][ T3315] team0: Port device team_slave_0 added [ 36.782931][ T3318] team0: Port device team_slave_0 added [ 36.804792][ T3315] team0: Port device team_slave_1 added [ 36.811078][ T3318] team0: Port device team_slave_1 added [ 36.842229][ T3322] team0: Port device team_slave_0 added [ 36.848244][ T3325] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.855194][ T3325] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.881142][ T3325] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.892922][ T3316] team0: Port device team_slave_0 added [ 36.909015][ T3322] team0: Port device team_slave_1 added [ 36.914881][ T3325] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.921873][ T3325] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.947937][ T3325] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.959556][ T3316] team0: Port device team_slave_1 added [ 36.965499][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.972447][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.998452][ T3315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.009616][ T3318] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.016600][ T3318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.042577][ T3318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.067850][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.074806][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.100751][ T3315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.111821][ T3318] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.118805][ T3318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.144750][ T3318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.160986][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.167987][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.193910][ T3322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.223728][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.230741][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.256733][ T3322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.268437][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.275425][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.301387][ T3316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.313548][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.320514][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.346626][ T3316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.384908][ T3325] hsr_slave_0: entered promiscuous mode [ 37.391242][ T3325] hsr_slave_1: entered promiscuous mode [ 37.420993][ T3315] hsr_slave_0: entered promiscuous mode [ 37.427115][ T3315] hsr_slave_1: entered promiscuous mode [ 37.432899][ T3315] debugfs: 'hsr0' already exists in 'hsr' [ 37.438676][ T3315] Cannot create hsr debugfs directory [ 37.467719][ T3322] hsr_slave_0: entered promiscuous mode [ 37.473828][ T3322] hsr_slave_1: entered promiscuous mode [ 37.479777][ T3322] debugfs: 'hsr0' already exists in 'hsr' [ 37.485580][ T3322] Cannot create hsr debugfs directory [ 37.493228][ T3318] hsr_slave_0: entered promiscuous mode [ 37.499370][ T3318] hsr_slave_1: entered promiscuous mode [ 37.505189][ T3318] debugfs: 'hsr0' already exists in 'hsr' [ 37.511004][ T3318] Cannot create hsr debugfs directory [ 37.518892][ T3316] hsr_slave_0: entered promiscuous mode [ 37.524862][ T3316] hsr_slave_1: entered promiscuous mode [ 37.530874][ T3316] debugfs: 'hsr0' already exists in 'hsr' [ 37.536649][ T3316] Cannot create hsr debugfs directory [ 37.757237][ T3325] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 37.766169][ T3325] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 37.777454][ T3325] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 37.788922][ T3325] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 37.798271][ T3315] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 37.808590][ T3315] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 37.818679][ T3315] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 37.830475][ T3315] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 37.858674][ T3318] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 37.868757][ T3318] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 37.878116][ T3318] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 37.891235][ T3318] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 37.929846][ T3322] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 37.941254][ T3322] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 37.953092][ T3322] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 37.962216][ T3322] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 38.009583][ T3316] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 38.020434][ T3316] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 38.032839][ T3316] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 38.044246][ T3316] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 38.063291][ T3325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.079700][ T3325] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.098149][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.118866][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.125931][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.142310][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.149378][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.162951][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.176291][ T3315] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.190342][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.202735][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.209835][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.226370][ T3322] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.240504][ T1662] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.247615][ T1662] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.262024][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.269095][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.283827][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.291060][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.300363][ T3318] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.318603][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.325702][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.347751][ T416] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.354837][ T416] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.391902][ T3315] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 38.414587][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.446770][ T3316] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.463443][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.470554][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.504983][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.514968][ T3325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.541886][ T804] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.549064][ T804] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.607153][ T3322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.631069][ T3318] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.663041][ T3325] veth0_vlan: entered promiscuous mode [ 38.683644][ T3325] veth1_vlan: entered promiscuous mode [ 38.726091][ T3325] veth0_macvtap: entered promiscuous mode [ 38.736896][ T3325] veth1_macvtap: entered promiscuous mode [ 38.754758][ T3315] veth0_vlan: entered promiscuous mode [ 38.778496][ T3325] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.795797][ T3315] veth1_vlan: entered promiscuous mode [ 38.810118][ T3316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.819827][ T3325] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.839643][ T3322] veth0_vlan: entered promiscuous mode [ 38.851462][ T3322] veth1_vlan: entered promiscuous mode [ 38.857582][ T804] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.884377][ T3322] veth0_macvtap: entered promiscuous mode [ 38.892391][ T804] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.904569][ T3318] veth0_vlan: entered promiscuous mode [ 38.922219][ T3322] veth1_macvtap: entered promiscuous mode [ 38.930177][ T804] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.943688][ T3315] veth0_macvtap: entered promiscuous mode [ 38.951315][ T804] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.963804][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.973796][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.987581][ T3315] veth1_macvtap: entered promiscuous mode [ 38.994168][ T3318] veth1_vlan: entered promiscuous mode [ 39.001999][ T3325] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 39.004114][ T804] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.033500][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.041652][ T804] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.055638][ T804] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.067061][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.087094][ T804] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.116768][ T804] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.137679][ T804] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.165209][ T3318] veth0_macvtap: entered promiscuous mode [ 39.178104][ T804] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.191114][ T3318] veth1_macvtap: entered promiscuous mode [ 39.201731][ T804] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.236333][ T3316] veth0_vlan: entered promiscuous mode [ 39.247091][ T3318] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.272250][ T3318] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.286153][ T3316] veth1_vlan: entered promiscuous mode [ 39.304436][ T37] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.340622][ T37] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.349846][ T3506] FAULT_INJECTION: forcing a failure. [ 39.349846][ T3506] name failslab, interval 1, probability 0, space 0, times 1 [ 39.353347][ T3316] veth0_macvtap: entered promiscuous mode [ 39.362619][ T3506] CPU: 1 UID: 0 PID: 3506 Comm: syz.0.9 Not tainted syzkaller #0 PREEMPT(voluntary) [ 39.362694][ T3506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 39.362712][ T3506] Call Trace: [ 39.362727][ T3506] [ 39.362737][ T3506] __dump_stack+0x1d/0x30 [ 39.362811][ T3506] dump_stack_lvl+0xe8/0x140 [ 39.362875][ T3506] dump_stack+0x15/0x1b [ 39.362903][ T3506] should_fail_ex+0x265/0x280 [ 39.362968][ T3506] should_failslab+0x8c/0xb0 [ 39.362998][ T3506] __kmalloc_noprof+0xb9/0x5a0 [ 39.363031][ T3506] ? alloc_pipe_info+0x1c9/0x340 [ 39.363071][ T3506] ? alloc_pipe_info+0xae/0x340 [ 39.363100][ T3506] alloc_pipe_info+0x1c9/0x340 [ 39.363128][ T3506] splice_direct_to_actor+0x592/0x680 [ 39.363232][ T3506] ? kstrtouint_from_user+0x9f/0xf0 [ 39.363335][ T3506] ? __pfx_direct_splice_actor+0x10/0x10 [ 39.363363][ T3506] ? __rcu_read_unlock+0x4f/0x70 [ 39.363388][ T3506] ? get_pid_task+0x96/0xd0 [ 39.363416][ T3506] ? avc_policy_seqno+0x15/0x30 [ 39.363440][ T3506] ? selinux_file_permission+0x1e2/0x320 [ 39.363490][ T3506] do_splice_direct+0xda/0x150 [ 39.363517][ T3506] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 39.363632][ T3506] do_sendfile+0x380/0x650 [ 39.363673][ T3506] __x64_sys_sendfile64+0x105/0x150 [ 39.363710][ T3506] x64_sys_call+0x2db1/0x3000 [ 39.363745][ T3506] do_syscall_64+0xd8/0x2a0 [ 39.363909][ T3506] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 39.363940][ T3506] RIP: 0033:0x7fbeea95f749 [ 39.363966][ T3506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 39.363993][ T3506] RSP: 002b:00007fbee93bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 39.364025][ T3506] RAX: ffffffffffffffda RBX: 00007fbeeabb5fa0 RCX: 00007fbeea95f749 [ 39.364043][ T3506] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 39.364105][ T3506] RBP: 00007fbee93bf090 R08: 0000000000000000 R09: 0000000000000000 [ 39.364123][ T3506] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001 [ 39.364140][ T3506] R13: 00007fbeeabb6038 R14: 00007fbeeabb5fa0 R15: 00007ffd4a749f38 [ 39.364165][ T3506] [ 39.400965][ T3507] x_tables: duplicate underflow at hook 1 [ 39.410302][ T29] kauditd_printk_skb: 37 callbacks suppressed [ 39.410322][ T29] audit: type=1400 audit(1765414676.649:109): avc: denied { create } for pid=3503 comm="syz.2.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 39.421622][ T3505] loop2: detected capacity change from 0 to 512 [ 39.426339][ T29] audit: type=1400 audit(1765414676.649:110): avc: denied { setopt } for pid=3503 comm="syz.2.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 39.483752][ T3316] veth1_macvtap: entered promiscuous mode [ 39.505635][ T3505] EXT4-fs (loop2): 1 truncate cleaned up [ 39.557266][ T37] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.568114][ T3505] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.583468][ T3514] loop1: detected capacity change from 0 to 1024 [ 39.620826][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.626087][ T29] audit: type=1400 audit(1765414676.759:111): avc: denied { create } for pid=3510 comm="syz.0.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 39.651856][ T3514] EXT4-fs: Ignoring removed orlov option [ 39.652692][ T29] audit: type=1400 audit(1765414676.759:112): avc: denied { write } for pid=3510 comm="syz.0.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 39.680352][ T37] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.687151][ T29] audit: type=1400 audit(1765414676.759:113): avc: denied { connect } for pid=3510 comm="syz.0.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 39.708775][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.712076][ T29] audit: type=1400 audit(1765414676.759:114): avc: denied { name_connect } for pid=3510 comm="syz.0.12" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 39.786472][ T29] audit: type=1400 audit(1765414676.829:115): avc: denied { shutdown } for pid=3510 comm="syz.0.12" lport=55867 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 39.806922][ T29] audit: type=1400 audit(1765414676.839:116): avc: denied { getopt } for pid=3510 comm="syz.0.12" lport=55867 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 39.827208][ T29] audit: type=1400 audit(1765414676.839:117): avc: denied { create } for pid=3510 comm="syz.0.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 39.830019][ T3514] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.847622][ T29] audit: type=1400 audit(1765414676.839:118): avc: denied { write } for pid=3510 comm="syz.0.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 39.893623][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.912777][ C1] hrtimer: interrupt took 88433 ns [ 39.929880][ T37] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.961560][ T37] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.971102][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.998027][ T416] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.015699][ T416] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.037579][ T3527] loop3: detected capacity change from 0 to 512 [ 40.111525][ T3527] EXT4-fs warning (device loop3): ext4_xattr_inode_get:546: inode #11: comm syz.3.15: ea_inode file size=0 entry size=6 [ 40.132953][ T3527] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 40.147327][ T3527] ------------[ cut here ]------------ [ 40.152815][ T3527] EA inode 11 i_nlink=2 [ 40.152844][ T3527] WARNING: fs/ext4/xattr.c:1058 at 0x0, CPU#0: syz.3.15/3527 [ 40.164502][ T3527] Modules linked in: [ 40.168496][ T3527] CPU: 0 UID: 0 PID: 3527 Comm: syz.3.15 Not tainted syzkaller #0 PREEMPT(voluntary) [ 40.178125][ T3527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 40.188360][ T3527] RIP: 0010:ext4_xattr_inode_update_ref+0x305/0x320 [ 40.195036][ T3527] Code: c1 d2 9c ff 4c 8d 2d 4a bf 20 05 49 8d 7e 40 e8 01 65 b8 ff 49 8b 6e 40 4c 89 e7 e8 15 60 b8 ff 41 8b 56 48 4c 89 ef 48 89 ee <67> 48 0f b9 3a e9 2b ff ff ff e8 7c df ba 03 66 66 66 2e 0f 1f 84 [ 40.214700][ T3527] RSP: 0018:ffffc90001a1b778 EFLAGS: 00010246 [ 40.220842][ T3527] RAX: ffff88811ba50a90 RBX: ffff888107df9c18 RCX: ffffffff81bb4bab [ 40.228876][ T3527] RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff86dc0ae0 [ 40.236928][ T3527] RBP: 000000000000000b R08: 0001888107df9bcb R09: 0000000000000000 [ 40.244913][ T3527] R10: ffffc90001a1b6a8 R11: 0001c90001a1b6a8 R12: ffff888107df9bc8 [ 40.253001][ T3527] R13: ffffffff86dc0ae0 R14: ffff888107df9b80 R15: 0000000000000001 [ 40.261097][ T3527] FS: 00007f46053b76c0(0000) GS:ffff8882aedc3000(0000) knlGS:0000000000000000 [ 40.270089][ T3527] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.276818][ T3527] CR2: 0000001b33e24000 CR3: 000000011bb90000 CR4: 00000000003506f0 [ 40.284810][ T3527] Call Trace: [ 40.288138][ T3527] [ 40.291089][ T3527] ext4_xattr_inode_dec_ref_all+0x57c/0x870 [ 40.297036][ T3527] ? errseq_check+0x2c/0x50 [ 40.301592][ T3527] ext4_xattr_delete_inode+0x6b7/0x790 [ 40.307181][ T3527] ? ext4_truncate+0x92b/0xae0 [ 40.312105][ T3527] ext4_evict_inode+0xa20/0xd40 [ 40.317076][ T3527] ? __pfx_ext4_evict_inode+0x10/0x10 [ 40.322470][ T3527] evict+0x2af/0x510 [ 40.325846][ T3534] loop4: detected capacity change from 0 to 1024 [ 40.326421][ T3527] ? __dquot_initialize+0x146/0x7c0 [ 40.337001][ T3535] netlink: 24 bytes leftover after parsing attributes in process `syz.2.13'. [ 40.338016][ T3527] iput+0x4bd/0x650 [ 40.350577][ T3527] ext4_process_orphan+0x1a9/0x1c0 [ 40.355799][ T3527] ext4_orphan_cleanup+0x6a8/0xa00 [ 40.360944][ T3527] ext4_fill_super+0x3411/0x37a0 [ 40.365999][ T3527] ? set_blocksize+0x1a8/0x310 [ 40.370848][ T3527] ? sb_set_blocksize+0xfc/0x170 [ 40.375834][ T3527] ? setup_bdev_super+0x30e/0x370 [ 40.380874][ T3527] ? __pfx_ext4_fill_super+0x10/0x10 [ 40.386250][ T3527] get_tree_bdev_flags+0x291/0x300 [ 40.391375][ T3527] ? __pfx_ext4_fill_super+0x10/0x10 [ 40.396743][ T3527] get_tree_bdev+0x1f/0x30 [ 40.399380][ T3534] EXT4-fs: Ignoring removed orlov option [ 40.401204][ T3527] ext4_get_tree+0x1c/0x30 [ 40.411335][ T3527] vfs_get_tree+0x57/0x1d0 [ 40.415853][ T3527] do_new_mount+0x24d/0x6a0 [ 40.420386][ T3527] path_mount+0x4ab/0xb80 [ 40.424732][ T3527] ? user_path_at+0xbf/0x130 [ 40.429430][ T3527] __se_sys_mount+0x28c/0x2e0 [ 40.434186][ T3527] __x64_sys_mount+0x67/0x80 [ 40.438817][ T3527] x64_sys_call+0x2cca/0x3000 [ 40.443566][ T3527] do_syscall_64+0xd8/0x2a0 [ 40.448141][ T3527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 40.454109][ T3527] RIP: 0033:0x7f4606950eea [ 40.458608][ T3527] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 40.478389][ T3527] RSP: 002b:00007f46053b6e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 40.486912][ T3527] RAX: ffffffffffffffda RBX: 00007f46053b6ef0 RCX: 00007f4606950eea [ 40.494917][ T3527] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f46053b6eb0 [ 40.503006][ T3527] RBP: 0000200000000180 R08: 00007f46053b6ef0 R09: 0000000000800700 [ 40.511029][ T3527] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 40.519060][ T3527] R13: 00007f46053b6eb0 R14: 0000000000000473 R15: 0000200000000680 [ 40.527117][ T3527] [ 40.530146][ T3527] ---[ end trace 0000000000000000 ]--- [ 40.567136][ T3527] EXT4-fs (loop3): 1 orphan inode deleted [ 40.573419][ T3527] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.587333][ T3534] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.782233][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.870899][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.132148][ T3544] loop0: detected capacity change from 0 to 2048 [ 41.181087][ T3556] loop4: detected capacity change from 0 to 1024 [ 41.189222][ T3544] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.205456][ T3556] EXT4-fs: Ignoring removed orlov option [ 41.252612][ T3556] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.269461][ T3552] loop1: detected capacity change from 0 to 2048 [ 41.290384][ T3552] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.348066][ T3557] SELinux: failed to load policy [ 41.360474][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.474609][ T3573] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 41.485613][ T3573] SELinux: failed to load policy [ 41.507683][ T3571] SELinux: failed to load policy [ 41.709504][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.709781][ T3325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.947698][ T3598] loop0: detected capacity change from 0 to 1024 [ 41.959464][ T3576] loop3: detected capacity change from 0 to 512 [ 41.994793][ T3598] EXT4-fs: inline encryption not supported [ 42.000815][ T3598] EXT4-fs: Ignoring removed orlov option [ 42.094029][ T3587] syz.1.31 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 42.108124][ T3587] CPU: 0 UID: 0 PID: 3587 Comm: syz.1.31 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 42.108240][ T3587] Tainted: [W]=WARN [ 42.108247][ T3587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 42.108259][ T3587] Call Trace: [ 42.108267][ T3587] [ 42.108275][ T3587] __dump_stack+0x1d/0x30 [ 42.108306][ T3587] dump_stack_lvl+0xe8/0x140 [ 42.108376][ T3587] dump_stack+0x15/0x1b [ 42.108405][ T3587] dump_header+0x81/0x240 [ 42.108434][ T3587] oom_kill_process+0x295/0x350 [ 42.108468][ T3587] out_of_memory+0x97b/0xb80 [ 42.108559][ T3587] try_charge_memcg+0x610/0xa10 [ 42.108602][ T3587] obj_cgroup_charge_pages+0xa6/0x150 [ 42.108644][ T3587] __memcg_kmem_charge_page+0x9f/0x170 [ 42.108855][ T3587] __alloc_frozen_pages_noprof+0x18f/0x360 [ 42.108900][ T3587] alloc_pages_mpol+0xb3/0x260 [ 42.108976][ T3587] alloc_pages_noprof+0x90/0x130 [ 42.109074][ T3587] __vmalloc_node_range_noprof+0xa7b/0x1310 [ 42.109204][ T3587] __kvmalloc_node_noprof+0x492/0x6b0 [ 42.109342][ T3587] ? ip_set_alloc+0x24/0x30 [ 42.109372][ T3587] ? ip_set_alloc+0x24/0x30 [ 42.109437][ T3587] ip_set_alloc+0x24/0x30 [ 42.109473][ T3587] hash_netiface_create+0x282/0x740 [ 42.109514][ T3587] ? __pfx_hash_netiface_create+0x10/0x10 [ 42.109610][ T3587] ip_set_create+0x3cc/0x970 [ 42.109656][ T3587] ? __nla_parse+0x40/0x60 [ 42.109684][ T3587] nfnetlink_rcv_msg+0x4c6/0x590 [ 42.109781][ T3587] netlink_rcv_skb+0x123/0x220 [ 42.109816][ T3587] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 42.109857][ T3587] nfnetlink_rcv+0x167/0x16c0 [ 42.109887][ T3587] ? kmem_cache_free+0xe3/0x3a0 [ 42.109942][ T3587] ? __kfree_skb+0x109/0x150 [ 42.109992][ T3587] ? nlmon_xmit+0x4f/0x60 [ 42.110012][ T3587] ? consume_skb+0x49/0x150 [ 42.110036][ T3587] ? nlmon_xmit+0x4f/0x60 [ 42.110057][ T3587] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 42.110100][ T3587] ? __dev_queue_xmit+0x138d/0x1ec0 [ 42.110216][ T3587] ? __dev_queue_xmit+0x148/0x1ec0 [ 42.110246][ T3587] ? ref_tracker_free+0x37d/0x3e0 [ 42.110291][ T3587] ? __netlink_deliver_tap+0x4dc/0x500 [ 42.110383][ T3587] netlink_unicast+0x5c0/0x690 [ 42.110425][ T3587] netlink_sendmsg+0x58b/0x6b0 [ 42.110497][ T3587] ? __pfx_netlink_sendmsg+0x10/0x10 [ 42.110541][ T3587] __sock_sendmsg+0x145/0x180 [ 42.110612][ T3587] ____sys_sendmsg+0x31e/0x4a0 [ 42.110655][ T3587] ___sys_sendmsg+0x17b/0x1d0 [ 42.110709][ T3587] __x64_sys_sendmsg+0xd4/0x160 [ 42.110741][ T3587] x64_sys_call+0x17ba/0x3000 [ 42.110807][ T3587] do_syscall_64+0xd8/0x2a0 [ 42.110853][ T3587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 42.110880][ T3587] RIP: 0033:0x7ff03852f749 [ 42.110896][ T3587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 42.110967][ T3587] RSP: 002b:00007ff036f97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 42.110988][ T3587] RAX: ffffffffffffffda RBX: 00007ff038785fa0 RCX: 00007ff03852f749 [ 42.111005][ T3587] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003 [ 42.111021][ T3587] RBP: 00007ff0385b3f91 R08: 0000000000000000 R09: 0000000000000000 [ 42.111041][ T3587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 42.111057][ T3587] R13: 00007ff038786038 R14: 00007ff038785fa0 R15: 00007ffe3a8d3ea8 [ 42.111083][ T3587] [ 42.111139][ T3587] memory: usage 307200kB, limit 307200kB, failcnt 164 [ 42.446725][ T3587] memory+swap: usage 278312kB, limit 9007199254740988kB, failcnt 0 [ 42.454672][ T3587] kmem: usage 277892kB, limit 9007199254740988kB, failcnt 0 [ 42.461989][ T3587] Memory cgroup stats for /syz1: [ 42.479666][ T3587] cache 155648 [ 42.488323][ T3587] rss 20480 [ 42.491501][ T3587] shmem 0 [ 42.494576][ T3587] mapped_file 155648 [ 42.498559][ T3587] dirty 155648 [ 42.502082][ T3587] writeback 0 [ 42.505420][ T3587] workingset_refault_anon 40 [ 42.510024][ T3587] workingset_refault_file 64 [ 42.514658][ T3587] swap 61440 [ 42.517942][ T3587] swapcached 61440 [ 42.521674][ T3587] pgpgin 4664 [ 42.525073][ T3587] pgpgout 4609 [ 42.525590][ T3598] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 42.528468][ T3587] pgfault 4136 [ 42.541603][ T3587] pgmajfault 28 [ 42.545081][ T3587] inactive_anon 65536 [ 42.549134][ T3587] active_anon 4096 [ 42.552958][ T3587] inactive_file 155648 [ 42.557244][ T3587] active_file 0 [ 42.558176][ T3576] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.29: bad orphan inode 11862016 [ 42.560711][ T3587] unevictable 0 [ 42.560723][ T3587] hierarchical_memory_limit 314572800 [ 42.560735][ T3587] hierarchical_memsw_limit 9223372036854771712 [ 42.586413][ T3587] total_cache 155648 [ 42.590389][ T3587] total_rss 20480 [ 42.593434][ T3576] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 42.594094][ T3587] total_shmem 0 [ 42.608973][ T3598] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e840c018, mo2=0002] [ 42.610236][ T3587] total_mapped_file 155648 [ 42.618175][ T3598] System zones: 0-1 [ 42.622563][ T3587] total_dirty 155648 [ 42.622576][ T3587] total_writeback 0 [ 42.626411][ T3598] , 3-12 [ 42.630303][ T3587] total_workingset_refault_anon 40 [ 42.630317][ T3587] total_workingset_refault_file 64 [ 42.630329][ T3587] total_swap 61440 [ 42.634131][ T3598] [ 42.634353][ T3576] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.637034][ T3587] total_swapcached 61440 [ 42.637045][ T3587] total_pgpgin 4664 [ 42.637054][ T3587] total_pgpgout 4609 [ 42.637062][ T3587] total_pgfault 4136 [ 42.637071][ T3587] total_pgmajfault 28 [ 42.637080][ T3587] total_inactive_anon 65536 [ 42.637098][ T3587] total_active_anon 4096 [ 42.637107][ T3587] total_inactive_file 155648 [ 42.637116][ T3587] total_active_file 0 [ 42.637125][ T3587] total_unevictable 0 [ 42.637135][ T3587] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 42.670535][ T3598] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.671877][ T3587] ,cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.31,pid=3584,uid=0 [ 42.734382][ T3587] Memory cgroup out of memory: Killed process 3584 (syz.1.31) total-vm:104208kB, anon-rss:1136kB, file-rss:21676kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 42.817962][ T3611] FAULT_INJECTION: forcing a failure. [ 42.817962][ T3611] name failslab, interval 1, probability 0, space 0, times 0 [ 42.830734][ T3611] CPU: 1 UID: 0 PID: 3611 Comm: syz.4.39 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 42.830791][ T3611] Tainted: [W]=WARN [ 42.830800][ T3611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 42.830815][ T3611] Call Trace: [ 42.830822][ T3611] [ 42.830831][ T3611] __dump_stack+0x1d/0x30 [ 42.830939][ T3611] dump_stack_lvl+0xe8/0x140 [ 42.831047][ T3611] dump_stack+0x15/0x1b [ 42.831074][ T3611] should_fail_ex+0x265/0x280 [ 42.831101][ T3611] should_failslab+0x8c/0xb0 [ 42.831130][ T3611] kmem_cache_alloc_noprof+0x69/0x4b0 [ 42.831227][ T3611] ? getname_flags+0x80/0x3b0 [ 42.831253][ T3611] ? vfs_write+0x7e8/0x960 [ 42.831276][ T3611] getname_flags+0x80/0x3b0 [ 42.831308][ T3611] user_path_at+0x28/0x130 [ 42.831389][ T3611] vfs_open_tree+0xef/0x580 [ 42.831473][ T3611] __x64_sys_open_tree+0x5e/0xd0 [ 42.831549][ T3611] x64_sys_call+0x15ec/0x3000 [ 42.831582][ T3611] do_syscall_64+0xd8/0x2a0 [ 42.831627][ T3611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 42.831655][ T3611] RIP: 0033:0x7fa01d94f749 [ 42.831671][ T3611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 42.831696][ T3611] RSP: 002b:00007fa01c3b7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac [ 42.831744][ T3611] RAX: ffffffffffffffda RBX: 00007fa01dba5fa0 RCX: 00007fa01d94f749 [ 42.831758][ T3611] RDX: 0000000000000800 RSI: 0000200000000040 RDI: ffffffffffffffff [ 42.831803][ T3611] RBP: 00007fa01c3b7090 R08: 0000000000000000 R09: 0000000000000000 [ 42.831819][ T3611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 42.831835][ T3611] R13: 00007fa01dba6038 R14: 00007fa01dba5fa0 R15: 00007ffe967a5c18 [ 42.831859][ T3611] [ 43.016688][ T3611] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 43.028721][ T3611] x_tables: duplicate underflow at hook 1 [ 43.028942][ T3587] syz.1.31 (3587) used greatest stack depth: 7408 bytes left [ 43.068281][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 43.133889][ T3602] loop2: detected capacity change from 0 to 512 [ 43.227165][ T3625] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 43.230644][ T3602] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.37: bad orphan inode 11862016 [ 43.252033][ T3625] netlink: 4 bytes leftover after parsing attributes in process `syz.1.43'. [ 43.263086][ T3602] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 43.280181][ T3621] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.302598][ T3602] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 43.327154][ T3628] netlink: 48 bytes leftover after parsing attributes in process `syz.1.43'. [ 43.354692][ T3618] SELinux: failed to load policy [ 43.366140][ T3325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.404514][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 43.500716][ T3638] EXT4-fs: Ignoring removed orlov option [ 43.528681][ T3638] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.609702][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.718215][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.876376][ T3664] netlink: 'syz.4.55': attribute type 1 has an invalid length. [ 43.908704][ T3660] SELinux: failed to load policy [ 44.007620][ T3664] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3664 comm=syz.4.55 [ 44.062218][ T3669] netlink: 'syz.4.55': attribute type 10 has an invalid length. [ 44.070282][ T3669] netlink: 40 bytes leftover after parsing attributes in process `syz.4.55'. [ 44.083063][ T3669] dummy0: entered promiscuous mode [ 44.097630][ T3658] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.56: bad orphan inode 11862016 [ 44.133721][ T3658] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 44.162996][ T3658] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 44.215473][ T3684] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=3684 comm=syz.3.59 [ 44.348097][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 44.389657][ T3693] x_tables: duplicate underflow at hook 1 [ 44.425035][ T29] kauditd_printk_skb: 56 callbacks suppressed [ 44.425053][ T29] audit: type=1326 audit(1765414681.669:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3691 comm="syz.1.66" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 44.457225][ T3698] FAULT_INJECTION: forcing a failure. [ 44.457225][ T3698] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 44.470505][ T3698] CPU: 0 UID: 0 PID: 3698 Comm: syz.0.68 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 44.470624][ T3698] Tainted: [W]=WARN [ 44.470633][ T3698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 44.470649][ T3698] Call Trace: [ 44.470659][ T3698] [ 44.470669][ T3698] __dump_stack+0x1d/0x30 [ 44.470699][ T3698] dump_stack_lvl+0xe8/0x140 [ 44.470722][ T3698] dump_stack+0x15/0x1b [ 44.470741][ T3698] should_fail_ex+0x265/0x280 [ 44.470778][ T3698] should_fail+0xb/0x20 [ 44.470805][ T3698] should_fail_usercopy+0x1a/0x20 [ 44.470836][ T3698] _copy_to_user+0x20/0xa0 [ 44.470893][ T3698] __se_sys_shmctl+0x3d1/0x420 [ 44.471006][ T3698] __x64_sys_shmctl+0x43/0x50 [ 44.471028][ T3698] x64_sys_call+0x1765/0x3000 [ 44.471056][ T3698] do_syscall_64+0xd8/0x2a0 [ 44.471099][ T3698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 44.471127][ T3698] RIP: 0033:0x7fbeea95f749 [ 44.471146][ T3698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 44.471172][ T3698] RSP: 002b:00007fbee93bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000001f [ 44.471194][ T3698] RAX: ffffffffffffffda RBX: 00007fbeeabb5fa0 RCX: 00007fbeea95f749 [ 44.471209][ T3698] RDX: 0000200000000100 RSI: 000000000000000e RDI: 0000000000000000 [ 44.471224][ T3698] RBP: 00007fbee93bf090 R08: 0000000000000000 R09: 0000000000000000 [ 44.471239][ T3698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 44.471254][ T3698] R13: 00007fbeeabb6038 R14: 00007fbeeabb5fa0 R15: 00007ffd4a749f38 [ 44.471331][ T3698] [ 44.645466][ T29] audit: type=1326 audit(1765414681.669:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3691 comm="syz.1.66" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 44.668775][ T29] audit: type=1326 audit(1765414681.669:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3691 comm="syz.1.66" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 44.692038][ T29] audit: type=1326 audit(1765414681.669:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3691 comm="syz.1.66" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 44.715305][ T29] audit: type=1326 audit(1765414681.679:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3691 comm="syz.1.66" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 44.738542][ T29] audit: type=1326 audit(1765414681.679:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3691 comm="syz.1.66" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 44.909580][ T29] audit: type=1326 audit(1765414682.019:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3691 comm="syz.1.66" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 44.932881][ T29] audit: type=1326 audit(1765414682.019:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3691 comm="syz.1.66" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 44.956280][ T29] audit: type=1326 audit(1765414682.089:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3691 comm="syz.1.66" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 44.979688][ T29] audit: type=1326 audit(1765414682.089:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3691 comm="syz.1.66" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 45.015963][ T3710] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 45.085486][ T3710] SELinux: failed to load policy [ 45.370681][ T3725] dummy0: entered allmulticast mode [ 45.399231][ T3725] set_capacity_and_notify: 3 callbacks suppressed [ 45.399246][ T3725] loop4: detected capacity change from 0 to 1024 [ 45.479541][ T3725] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 45.537750][ T3725] EXT4-fs error (device loop4): ext4_map_blocks:825: inode #3: block 1: comm syz.4.78: lblock 1 mapped to illegal pblock 1 (length 1) [ 45.642721][ T3741] x_tables: duplicate underflow at hook 1 [ 45.703834][ T3725] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.78: Failed to acquire dquot type 0 [ 45.842472][ T3725] EXT4-fs error (device loop4): ext4_free_blocks:6728: comm syz.4.78: Freeing blocks not in datazone - block = 0, count = 4096 [ 45.965665][ T3725] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.78: Invalid inode bitmap blk 0 in block_group 0 [ 45.985706][ T1662] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:10: lblock 1 mapped to illegal pblock 1 (length 1) [ 46.105063][ T1662] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:10: Failed to release dquot type 0 [ 46.116827][ T3725] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 46.131862][ T3725] EXT4-fs (loop4): 1 orphan inode deleted [ 46.148906][ T3746] SELinux: failed to load policy [ 46.158721][ T3725] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.181324][ T3749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.84'. [ 46.210582][ T3724] dummy0: left allmulticast mode [ 46.308817][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.341483][ T3753] only policy match revision 0 supported [ 46.341505][ T3753] unable to load match [ 46.383273][ T3760] loop1: detected capacity change from 0 to 512 [ 46.397265][ T3760] vfat: Unknown parameter 'nonumta' [ 46.459764][ T3767] loop3: detected capacity change from 0 to 2048 [ 46.500137][ T3770] SELinux: failed to load policy [ 46.526636][ T3767] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.576326][ T3779] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.91'. [ 46.600020][ T3780] loop4: detected capacity change from 0 to 256 [ 46.606928][ T3780] ======================================================= [ 46.606928][ T3780] WARNING: The mand mount option has been deprecated and [ 46.606928][ T3780] and is ignored by this kernel. Remove the mand [ 46.606928][ T3780] option from the mount to silence this warning. [ 46.606928][ T3780] ======================================================= [ 46.789135][ T3786] netlink: 'syz.4.98': attribute type 83 has an invalid length. [ 46.855161][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.220666][ T3797] loop2: detected capacity change from 0 to 512 [ 47.274369][ T3797] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.102: inode has both inline data and extents flags [ 47.342301][ T3797] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.102: couldn't read orphan inode 15 (err -117) [ 47.381408][ T3771] syz.1.95 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 47.392331][ T3771] CPU: 1 UID: 0 PID: 3771 Comm: syz.1.95 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 47.392369][ T3771] Tainted: [W]=WARN [ 47.392389][ T3771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 47.392417][ T3771] Call Trace: [ 47.392428][ T3771] [ 47.392438][ T3771] __dump_stack+0x1d/0x30 [ 47.392511][ T3771] dump_stack_lvl+0xe8/0x140 [ 47.392578][ T3771] dump_stack+0x15/0x1b [ 47.392597][ T3771] dump_header+0x81/0x240 [ 47.392621][ T3771] oom_kill_process+0x295/0x350 [ 47.392649][ T3771] out_of_memory+0x97b/0xb80 [ 47.392684][ T3771] ? __cond_resched+0x4e/0x90 [ 47.392710][ T3771] try_charge_memcg+0x610/0xa10 [ 47.392775][ T3771] charge_memcg+0x51/0xc0 [ 47.392806][ T3771] mem_cgroup_swapin_charge_folio+0xcc/0x150 [ 47.392847][ T3771] __read_swap_cache_async+0x17b/0x2d0 [ 47.392961][ T3771] swap_cluster_readahead+0x362/0x3c0 [ 47.393006][ T3771] swapin_readahead+0xde/0x820 [ 47.393108][ T3771] ? mod_memcg_lruvec_state+0x1a1/0x280 [ 47.393134][ T3771] ? __rcu_read_unlock+0x34/0x70 [ 47.393153][ T3771] ? __rcu_read_unlock+0x4f/0x70 [ 47.393176][ T3771] ? swap_cache_get_folio+0x277/0x280 [ 47.393209][ T3771] do_swap_page+0x2b4/0x21e0 [ 47.393263][ T3771] ? css_rstat_updated+0xb7/0x240 [ 47.393331][ T3771] ? __pfx_default_wake_function+0x10/0x10 [ 47.393370][ T3771] handle_mm_fault+0x9d8/0x2c60 [ 47.393418][ T3771] do_user_addr_fault+0x630/0x1080 [ 47.393537][ T3771] exc_page_fault+0x62/0xa0 [ 47.393569][ T3771] asm_exc_page_fault+0x26/0x30 [ 47.393589][ T3771] RIP: 0033:0x7ff03840134f [ 47.393602][ T3771] Code: 7f 6a 38 00 00 48 89 ee 48 89 df 0f 85 fa 06 00 00 e8 65 e8 00 00 41 89 c7 45 31 f6 eb 3f 0f 1f 44 00 00 48 8d 1d d1 43 eb 00 <8b> 74 24 0c 41 0f b6 c8 48 89 ea 80 3d 48 6a 38 00 00 48 89 df 0f [ 47.393677][ T3771] RSP: 002b:00007ffe3a8d3fa0 EFLAGS: 00010202 [ 47.393715][ T3771] RAX: 00007ff038785fa0 RBX: 00007ff0392b5720 RCX: 0000000000000026 [ 47.393726][ T3771] RDX: 0000000000000001 RSI: 00007ff038786038 RDI: 0000000000000001 [ 47.393738][ T3771] RBP: 00007ff038786038 R08: 0000000000000000 R09: 0000000000000026 [ 47.393748][ T3771] R10: 3fffffffffffffff R11: 0000000000000293 R12: 0000000000000001 [ 47.393760][ T3771] R13: 0000000000000026 R14: ffffffffffffffff R15: 00007ffe3a8d4120 [ 47.393795][ T3771] [ 47.393801][ T3771] memory: usage 307200kB, limit 307200kB, failcnt 445 [ 47.623311][ T3771] memory+swap: usage 307180kB, limit 9007199254740988kB, failcnt 0 [ 47.631246][ T3771] kmem: usage 294540kB, limit 9007199254740988kB, failcnt 0 [ 47.638561][ T3771] Memory cgroup stats for /syz1: [ 47.641570][ T3797] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.684924][ T3797] bridge_slave_0: left allmulticast mode [ 47.690698][ T3797] bridge_slave_0: left promiscuous mode [ 47.696394][ T3797] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.704577][ T3771] cache 446464 [ 47.708168][ T3771] rss 4096 [ 47.711207][ T3771] shmem 0 [ 47.714209][ T3771] mapped_file 0 [ 47.717717][ T3771] dirty 0 [ 47.720767][ T3771] writeback 0 [ 47.724065][ T3771] workingset_refault_anon 63 [ 47.728708][ T3771] workingset_refault_file 877 [ 47.733427][ T3771] swap 208896 [ 47.736763][ T3771] swapcached 4096 [ 47.740406][ T3771] pgpgin 13949 [ 47.743884][ T3771] pgpgout 13839 [ 47.747368][ T3771] pgfault 9102 [ 47.750760][ T3771] pgmajfault 51 [ 47.754230][ T3771] inactive_anon 0 [ 47.757982][ T3771] active_anon 4096 [ 47.761793][ T3771] inactive_file 0 [ 47.765481][ T3771] active_file 376832 [ 47.769471][ T3771] unevictable 0 [ 47.772940][ T3771] hierarchical_memory_limit 314572800 [ 47.778399][ T3771] hierarchical_memsw_limit 9223372036854771712 [ 47.784750][ T3771] total_cache 446464 [ 47.788698][ T3771] total_rss 4096 [ 47.792277][ T3771] total_shmem 0 [ 47.795778][ T3771] total_mapped_file 0 [ 47.799779][ T3771] total_dirty 0 [ 47.803242][ T3771] total_writeback 0 [ 47.807218][ T3771] total_workingset_refault_anon 63 [ 47.812340][ T3771] total_workingset_refault_file 877 [ 47.817560][ T3771] total_swap 208896 [ 47.821413][ T3771] total_swapcached 4096 [ 47.825658][ T3771] total_pgpgin 13949 [ 47.829633][ T3771] total_pgpgout 13839 [ 47.833622][ T3771] total_pgfault 9102 [ 47.837636][ T3771] total_pgmajfault 51 [ 47.841642][ T3771] total_inactive_anon 0 [ 47.845853][ T3771] total_active_anon 4096 [ 47.850108][ T3771] total_inactive_file 0 [ 47.854291][ T3771] total_active_file 376832 [ 47.858760][ T3771] total_unevictable 0 [ 47.862755][ T3771] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.95,pid=3771,uid=0 [ 47.877235][ T3771] Memory cgroup out of memory: Killed process 3771 (syz.1.95) total-vm:96016kB, anon-rss:1136kB, file-rss:22332kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 47.894345][ T3772] syz.1.95 (3772) used greatest stack depth: 7256 bytes left [ 47.903274][ T3797] bridge_slave_1: left allmulticast mode [ 47.908984][ T3797] bridge_slave_1: left promiscuous mode [ 47.914716][ T3797] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.981973][ T3797] bond0: (slave bond_slave_0): Releasing backup interface [ 47.986833][ T3810] SELinux: failed to load policy [ 48.018729][ T3797] bond0: (slave bond_slave_1): Releasing backup interface [ 48.035674][ T3797] team0: Port device team_slave_0 removed [ 48.049045][ T3797] team0: Port device team_slave_1 removed [ 48.063331][ T3797] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 48.070802][ T3797] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 48.092656][ T3797] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 48.100298][ T3797] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 48.125549][ T3797] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 48.237179][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.249919][ T3828] 9pnet_virtio: no channels available for device 127.0.0.1 [ 48.400476][ T3814] loop0: detected capacity change from 0 to 512 [ 48.461930][ T3814] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.109: bad orphan inode 11862016 [ 48.462400][ T3843] SELinux: failed to load policy [ 48.526664][ T3814] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 48.566666][ T3853] SELinux: Context × is not valid (left unmapped). [ 48.652786][ T3814] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.756183][ T3853] loop2: detected capacity change from 0 to 1024 [ 48.791981][ T3866] loop3: detected capacity change from 0 to 512 [ 48.819142][ T3853] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 48.832309][ T3853] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 48.920001][ T3866] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.940762][ T3853] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 48.951845][ T3853] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 48.962891][ T3866] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.985224][ T3866] Zero length message leads to an empty skb [ 48.993432][ T3853] JBD2: no valid journal superblock found [ 48.999251][ T3853] EXT4-fs (loop2): Could not load journal inode [ 49.008993][ T3325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 49.018415][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.126250][ T3878] 9pnet_virtio: no channels available for device 127.0.0.1 [ 49.270666][ T3881] SELinux: failed to load policy [ 49.426011][ T29] kauditd_printk_skb: 251 callbacks suppressed [ 49.426029][ T29] audit: type=1400 audit(1765414686.679:433): avc: denied { firmware_load } for pid=3879 comm="syz.1.134" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 49.523530][ T29] audit: type=1400 audit(1765414686.769:434): avc: denied { map } for pid=3904 comm="syz.2.144" path="socket:[5095]" dev="sockfs" ino=5095 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 49.629487][ T3908] vlan2: entered allmulticast mode [ 49.634754][ T3908] bridge_slave_0: entered allmulticast mode [ 49.651350][ T3911] 9pnet_virtio: no channels available for device 127.0.0.1 [ 49.913916][ T29] audit: type=1326 audit(1765414687.159:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f954cf749 code=0x7ffc0000 [ 50.016235][ T3915] loop2: detected capacity change from 0 to 1024 [ 50.033221][ T29] audit: type=1326 audit(1765414687.189:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f954cf749 code=0x7ffc0000 [ 50.056736][ T29] audit: type=1326 audit(1765414687.189:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f954cf749 code=0x7ffc0000 [ 50.073361][ T3915] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 50.080018][ T29] audit: type=1326 audit(1765414687.189:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f954cf749 code=0x7ffc0000 [ 50.113167][ T29] audit: type=1326 audit(1765414687.199:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f954cf749 code=0x7ffc0000 [ 50.136457][ T29] audit: type=1326 audit(1765414687.199:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f954cf749 code=0x7ffc0000 [ 50.159773][ T29] audit: type=1326 audit(1765414687.199:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f954cf749 code=0x7ffc0000 [ 50.183335][ T29] audit: type=1326 audit(1765414687.199:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f954cf749 code=0x7ffc0000 [ 50.214723][ T3915] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 50.225666][ T3915] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 50.270728][ T3915] JBD2: no valid journal superblock found [ 50.276634][ T3915] EXT4-fs (loop2): Could not load journal inode [ 50.387754][ T3923] SELinux: failed to load policy [ 50.628305][ T3933] netlink: 24 bytes leftover after parsing attributes in process `syz.4.156'. [ 50.711631][ T3962] netlink: 24 bytes leftover after parsing attributes in process `syz.3.161'. [ 50.730133][ T3950] netlink: 24 bytes leftover after parsing attributes in process `syz.2.162'. [ 50.750615][ T3953] netlink: 24 bytes leftover after parsing attributes in process `syz.0.164'. [ 50.874443][ T3969] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=3969 comm=syz.1.168 [ 51.286091][ T3968] syz.1.168 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 51.300202][ T3968] CPU: 0 UID: 0 PID: 3968 Comm: syz.1.168 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 51.300249][ T3968] Tainted: [W]=WARN [ 51.300258][ T3968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 51.300275][ T3968] Call Trace: [ 51.300284][ T3968] [ 51.300295][ T3968] __dump_stack+0x1d/0x30 [ 51.300329][ T3968] dump_stack_lvl+0xe8/0x140 [ 51.300360][ T3968] dump_stack+0x15/0x1b [ 51.300446][ T3968] dump_header+0x81/0x240 [ 51.300469][ T3968] oom_kill_process+0x295/0x350 [ 51.300494][ T3968] out_of_memory+0x97b/0xb80 [ 51.300601][ T3968] try_charge_memcg+0x610/0xa10 [ 51.300659][ T3968] obj_cgroup_charge_pages+0xa6/0x150 [ 51.300761][ T3968] __memcg_kmem_charge_page+0x9f/0x170 [ 51.300804][ T3968] __alloc_frozen_pages_noprof+0x18f/0x360 [ 51.300848][ T3968] alloc_pages_mpol+0xb3/0x260 [ 51.300946][ T3968] alloc_pages_noprof+0x90/0x130 [ 51.301055][ T3968] __vmalloc_node_range_noprof+0xa7b/0x1310 [ 51.301105][ T3968] __kvmalloc_node_noprof+0x492/0x6b0 [ 51.301187][ T3968] ? ip_set_alloc+0x24/0x30 [ 51.301225][ T3968] ? ip_set_alloc+0x24/0x30 [ 51.301266][ T3968] ip_set_alloc+0x24/0x30 [ 51.301304][ T3968] hash_netiface_create+0x282/0x740 [ 51.301366][ T3968] ? __pfx_hash_netiface_create+0x10/0x10 [ 51.301407][ T3968] ip_set_create+0x3cc/0x970 [ 51.301485][ T3968] ? __nla_parse+0x40/0x60 [ 51.301546][ T3968] nfnetlink_rcv_msg+0x4c6/0x590 [ 51.301605][ T3968] netlink_rcv_skb+0x123/0x220 [ 51.301643][ T3968] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 51.301686][ T3968] nfnetlink_rcv+0x167/0x16c0 [ 51.301783][ T3968] ? kmem_cache_free+0xe3/0x3a0 [ 51.301817][ T3968] ? __kfree_skb+0x109/0x150 [ 51.301849][ T3968] ? nlmon_xmit+0x4f/0x60 [ 51.301872][ T3968] ? consume_skb+0x49/0x150 [ 51.301938][ T3968] ? nlmon_xmit+0x4f/0x60 [ 51.301962][ T3968] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 51.302001][ T3968] ? __dev_queue_xmit+0x138d/0x1ec0 [ 51.302072][ T3968] ? __dev_queue_xmit+0x148/0x1ec0 [ 51.302218][ T3968] ? __pte_offset_map_lock+0x1d9/0x240 [ 51.302254][ T3968] ? ref_tracker_free+0x37d/0x3e0 [ 51.302331][ T3968] ? __netlink_deliver_tap+0x4dc/0x500 [ 51.302373][ T3968] netlink_unicast+0x5c0/0x690 [ 51.302412][ T3968] netlink_sendmsg+0x58b/0x6b0 [ 51.302454][ T3968] ? __pfx_netlink_sendmsg+0x10/0x10 [ 51.302558][ T3968] __sock_sendmsg+0x145/0x180 [ 51.302579][ T3968] ____sys_sendmsg+0x31e/0x4a0 [ 51.302651][ T3968] ___sys_sendmsg+0x17b/0x1d0 [ 51.302770][ T3968] __x64_sys_sendmsg+0xd4/0x160 [ 51.302812][ T3968] x64_sys_call+0x17ba/0x3000 [ 51.302912][ T3968] do_syscall_64+0xd8/0x2a0 [ 51.302948][ T3968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.302969][ T3968] RIP: 0033:0x7ff03852f749 [ 51.302993][ T3968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.303017][ T3968] RSP: 002b:00007ff036f97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 51.303042][ T3968] RAX: ffffffffffffffda RBX: 00007ff038785fa0 RCX: 00007ff03852f749 [ 51.303075][ T3968] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000006 [ 51.303145][ T3968] RBP: 00007ff0385b3f91 R08: 0000000000000000 R09: 0000000000000000 [ 51.303159][ T3968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 51.303223][ T3968] R13: 00007ff038786038 R14: 00007ff038785fa0 R15: 00007ffe3a8d3ea8 [ 51.303295][ T3968] [ 51.303304][ T3968] memory: usage 307200kB, limit 307200kB, failcnt 802 [ 51.314343][ T3981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=3981 comm=syz.4.169 [ 51.314623][ T3968] memory+swap: usage 307440kB, limit 9007199254740988kB, failcnt 0 [ 51.430226][ T3985] loop3: detected capacity change from 0 to 1024 [ 51.434113][ T3968] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0 [ 51.434133][ T3968] Memory cgroup stats for [ 51.505679][ T3992] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 51.507700][ T3968] /syz1: [ 51.519961][ T3968] cache 0 [ 51.523563][ T3985] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 51.528267][ T3968] rss 0 [ 51.528278][ T3968] shmem 0 [ 51.528285][ T3968] mapped_file 0 [ 51.528293][ T3968] dirty 0 [ 51.528302][ T3968] writeback 0 [ 51.528310][ T3968] workingset_refault_anon 110 [ 51.528319][ T3968] workingset_refault_file 1281 [ 51.528327][ T3968] swap 245760 [ 51.528335][ T3968] swapcached 12288 [ 51.535139][ T3992] SELinux: failed to load policy [ 51.537798][ T3968] pgpgin 17631 [ 51.567386][ T3985] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 51.587162][ T3968] pgpgout 17628 [ 51.596380][ T3985] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 51.627188][ T3985] JBD2: no valid journal superblock found [ 51.629829][ T3968] pgfault 13446 [ 51.637783][ T3985] EXT4-fs (loop3): Could not load journal inode [ 51.640800][ T3968] pgmajfault 93 [ 51.761546][ T4001] FAULT_INJECTION: forcing a failure. [ 51.761546][ T4001] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 51.763013][ T3968] inactive_anon 12288 [ 51.766499][ T4001] CPU: 1 UID: 0 PID: 4001 Comm: syz.2.175 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 51.766544][ T4001] Tainted: [W]=WARN [ 51.766554][ T4001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 51.766621][ T4001] Call Trace: [ 51.766632][ T4001] [ 51.766643][ T4001] __dump_stack+0x1d/0x30 [ 51.766709][ T4001] dump_stack_lvl+0xe8/0x140 [ 51.766740][ T4001] dump_stack+0x15/0x1b [ 51.766768][ T4001] should_fail_ex+0x265/0x280 [ 51.766810][ T4001] should_fail+0xb/0x20 [ 51.766838][ T4001] should_fail_usercopy+0x1a/0x20 [ 51.766916][ T4001] strncpy_from_user+0x27/0x260 [ 51.766963][ T4001] path_setxattrat+0xeb/0x310 [ 51.767023][ T4001] __x64_sys_fsetxattr+0x6b/0x80 [ 51.767059][ T4001] x64_sys_call+0x23c4/0x3000 [ 51.767140][ T4001] do_syscall_64+0xd8/0x2a0 [ 51.767261][ T4001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.767290][ T4001] RIP: 0033:0x7f2f954cf749 [ 51.767358][ T4001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.767438][ T4001] RSP: 002b:00007f2f93f2f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be [ 51.767463][ T4001] RAX: ffffffffffffffda RBX: 00007f2f95725fa0 RCX: 00007f2f954cf749 [ 51.767480][ T4001] RDX: 0000000000000000 RSI: 0000200000000200 RDI: ffffffffffffffff [ 51.767498][ T4001] RBP: 00007f2f93f2f090 R08: 0000000000000002 R09: 0000000000000000 [ 51.767515][ T4001] R10: 00000000000000d7 R11: 0000000000000246 R12: 0000000000000001 [ 51.767532][ T4001] R13: 00007f2f95726038 R14: 00007f2f95725fa0 R15: 00007ffd94a78968 [ 51.767594][ T4001] [ 51.976047][ T3968] active_anon 0 [ 51.979586][ T3968] inactive_file 0 [ 51.983206][ T3968] active_file 0 [ 51.986686][ T3968] unevictable 0 [ 51.990223][ T3968] hierarchical_memory_limit 314572800 [ 51.995622][ T3968] hierarchical_memsw_limit 9223372036854771712 [ 52.001791][ T3968] total_cache 0 [ 52.005249][ T3968] total_rss 0 [ 52.008554][ T3968] total_shmem 0 [ 52.012075][ T3968] total_mapped_file 0 [ 52.016125][ T3968] total_dirty 0 [ 52.019592][ T3968] total_writeback 0 [ 52.023399][ T3968] total_workingset_refault_anon 110 [ 52.028659][ T3968] total_workingset_refault_file 1281 [ 52.033947][ T3968] total_swap 245760 [ 52.037790][ T3968] total_swapcached 12288 [ 52.042065][ T3968] total_pgpgin 17631 [ 52.045987][ T3968] total_pgpgout 17628 [ 52.050006][ T3968] total_pgfault 13446 [ 52.053990][ T3968] total_pgmajfault 93 [ 52.058066][ T3968] total_inactive_anon 12288 [ 52.062643][ T3968] total_active_anon 0 [ 52.066703][ T3968] total_inactive_file 0 [ 52.070876][ T3968] total_active_file 0 [ 52.074878][ T3968] total_unevictable 0 [ 52.075402][ T4013] netlink: 24 bytes leftover after parsing attributes in process `syz.2.177'. [ 52.078913][ T3968] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.168,pid=3967,uid=0 [ 52.102372][ T3968] Memory cgroup out of memory: Killed process 3967 (syz.1.168) total-vm:93968kB, anon-rss:1260kB, file-rss:22568kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 52.430228][ T4025] x_tables: duplicate underflow at hook 1 [ 52.947488][ T4039] loop0: detected capacity change from 0 to 2048 [ 53.015632][ T4039] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.201344][ T4064] loop3: detected capacity change from 0 to 2048 [ 53.259426][ T4064] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.370029][ T3325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.504559][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.658221][ T4067] loop1: detected capacity change from 0 to 512 [ 53.700405][ T4067] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.198: bad orphan inode 11862016 [ 53.737224][ T4067] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 53.786904][ T4067] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.944247][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 54.003018][ T4096] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.053939][ T4101] loop0: detected capacity change from 0 to 2048 [ 54.082123][ T4101] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.141193][ T4096] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.239697][ T4096] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.278359][ T4110] loop3: detected capacity change from 0 to 1024 [ 54.285148][ T4110] EXT4-fs: Ignoring removed nomblk_io_submit option [ 54.294463][ T4096] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.298065][ T4110] EXT4-fs: Ignoring removed oldalloc option [ 54.310809][ T4110] EXT4-fs: Ignoring removed bh option [ 54.316791][ T4094] loop2: detected capacity change from 0 to 512 [ 54.357921][ T4094] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.206: bad orphan inode 11862016 [ 54.372110][ T4110] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.390978][ T4094] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 54.394776][ T4110] EXT4-fs error (device loop3): mb_free_blocks:2037: group 0, inode 15: block 225:freeing already freed block (bit 14); block bitmap corrupt. [ 54.403683][ T4094] ext4 filesystem being mounted at /45/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.434517][ T2720] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.446403][ T4107] loop1: detected capacity change from 0 to 512 [ 54.467452][ T2720] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.479322][ T2720] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.487883][ T2720] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.496866][ T4107] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.207: bad orphan inode 11862016 [ 54.520947][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.550663][ T4120] x_tables: duplicate underflow at hook 1 [ 54.552940][ T4107] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 54.569445][ T4107] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.579922][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 54.603830][ T29] kauditd_printk_skb: 244 callbacks suppressed [ 54.603844][ T29] audit: type=1326 audit(1765414691.849:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 54.656752][ T29] audit: type=1326 audit(1765414691.879:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 54.680097][ T29] audit: type=1326 audit(1765414691.879:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 54.703456][ T29] audit: type=1326 audit(1765414691.879:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 54.726799][ T29] audit: type=1326 audit(1765414691.879:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 54.750063][ T29] audit: type=1326 audit(1765414691.889:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 54.773410][ T29] audit: type=1326 audit(1765414691.889:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.4.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 54.838186][ T3325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.881784][ T29] audit: type=1326 audit(1765414692.099:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4123 comm="syz.4.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 54.905132][ T29] audit: type=1326 audit(1765414692.099:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4123 comm="syz.4.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 54.928430][ T29] audit: type=1326 audit(1765414692.099:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4123 comm="syz.4.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 54.966960][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 55.014437][ T4129] loop2: detected capacity change from 0 to 512 [ 55.092855][ T4129] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.218: inode has both inline data and extents flags [ 55.163331][ T4129] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.218: couldn't read orphan inode 15 (err -117) [ 55.193789][ T4129] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.319566][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.457658][ T4155] loop4: detected capacity change from 0 to 1024 [ 55.464423][ T4155] EXT4-fs: Ignoring removed nomblk_io_submit option [ 55.469387][ T4161] netlink: 24 bytes leftover after parsing attributes in process `syz.0.219'. [ 55.480164][ T4155] EXT4-fs: Ignoring removed oldalloc option [ 55.486415][ T4155] EXT4-fs: Ignoring removed bh option [ 55.517366][ T4155] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.552182][ T4155] EXT4-fs error (device loop4): mb_free_blocks:2037: group 0, inode 15: block 225:freeing already freed block (bit 14); block bitmap corrupt. [ 55.597688][ T4134] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.217: bad orphan inode 11862016 [ 55.616403][ T4171] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 55.632342][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.661785][ T4171] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 55.672734][ T4171] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 55.686125][ T4134] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 55.710679][ T4171] JBD2: no valid journal superblock found [ 55.716525][ T4171] EXT4-fs (loop2): Could not load journal inode [ 55.723141][ T4134] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.771312][ T4173] SELinux: failed to load policy [ 55.806940][ T4122] syz.3.212 (4122) used greatest stack depth: 6312 bytes left [ 55.882252][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 56.000128][ T4176] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.227: bad orphan inode 11862016 [ 56.022813][ T4176] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 56.080719][ T4192] x_tables: duplicate underflow at hook 1 [ 56.112478][ T4176] ext4 filesystem being mounted at /52/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 56.205401][ T4201] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 56.240953][ T4201] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 56.251916][ T4201] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 56.280693][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 56.293512][ T4201] JBD2: no valid journal superblock found [ 56.299342][ T4201] EXT4-fs (loop1): Could not load journal inode [ 56.410014][ T4219] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 56.445224][ T4219] SELinux: failed to load policy [ 56.554967][ T4229] netlink: 8 bytes leftover after parsing attributes in process `syz.3.247'. [ 56.563927][ T4229] netlink: 20 bytes leftover after parsing attributes in process `syz.3.247'. [ 56.584478][ T416] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 56.593427][ T416] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 56.627226][ T416] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 56.646516][ T416] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 57.017181][ T4231] set_capacity_and_notify: 4 callbacks suppressed [ 57.017201][ T4231] loop2: detected capacity change from 0 to 512 [ 57.076493][ T4245] loop4: detected capacity change from 0 to 2048 [ 57.083313][ T4231] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.250: bad orphan inode 11862016 [ 57.103734][ T4231] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 57.134831][ T4231] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.257011][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 57.329969][ T4245] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 57.610614][ T4262] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 57.635705][ T4262] SELinux: failed to load policy [ 57.653713][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.024545][ T4282] loop4: detected capacity change from 0 to 512 [ 58.083098][ T4282] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.266: bad orphan inode 11862016 [ 58.094293][ T4282] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 58.129889][ T4297] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 58.139731][ T4297] SELinux: failed to load policy [ 58.216719][ T4282] ext4 filesystem being mounted at /52/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.698601][ T4317] x_tables: duplicate underflow at hook 1 [ 58.708894][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 58.756154][ T4323] netlink: 'syz.3.282': attribute type 1 has an invalid length. [ 58.794053][ T4328] loop2: detected capacity change from 0 to 1024 [ 58.822143][ T4328] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 58.855862][ T4328] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 58.867016][ T4328] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 58.887446][ T4323] 8021q: adding VLAN 0 to HW filter on device bond1 [ 58.921087][ T4328] JBD2: no valid journal superblock found [ 58.926891][ T4328] EXT4-fs (loop2): Could not load journal inode [ 58.939078][ T4337] netlink: 48 bytes leftover after parsing attributes in process `syz.1.287'. [ 58.967981][ T4331] bond1: (slave veth3): Enslaving as an active interface with a down link [ 59.159844][ T4363] x_tables: duplicate underflow at hook 1 [ 59.184361][ T4365] x_tables: duplicate underflow at hook 1 [ 59.413499][ T4368] netlink: 24 bytes leftover after parsing attributes in process `syz.3.298'. [ 59.468511][ T4377] netlink: 48 bytes leftover after parsing attributes in process `syz.0.303'. [ 59.674469][ T4383] netlink: 24 bytes leftover after parsing attributes in process `syz.0.305'. [ 59.753755][ T4408] netlink: 48 bytes leftover after parsing attributes in process `syz.2.316'. [ 59.877506][ T4424] loop2: detected capacity change from 0 to 2048 [ 59.900592][ T29] kauditd_printk_skb: 355 callbacks suppressed [ 59.900608][ T29] audit: type=1326 audit(1765414697.149:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.1.325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 59.930654][ T29] audit: type=1326 audit(1765414697.179:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.1.325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 59.954056][ T29] audit: type=1326 audit(1765414697.179:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.1.325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 59.977427][ T29] audit: type=1326 audit(1765414697.179:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.1.325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 60.000787][ T29] audit: type=1326 audit(1765414697.179:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.1.325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 60.002035][ T4427] loop1: detected capacity change from 0 to 1024 [ 60.024106][ T29] audit: type=1326 audit(1765414697.179:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.1.325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 60.024143][ T29] audit: type=1326 audit(1765414697.179:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.1.325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 60.024195][ T29] audit: type=1326 audit(1765414697.179:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.1.325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 60.100556][ T29] audit: type=1326 audit(1765414697.179:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.1.325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 60.124032][ T29] audit: type=1326 audit(1765414697.179:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4426 comm="syz.1.325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff03852f749 code=0x7ffc0000 [ 60.148383][ T4427] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 60.163206][ T4427] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 60.174201][ T4427] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 60.184768][ T4427] JBD2: no valid journal superblock found [ 60.190556][ T4427] EXT4-fs (loop1): Could not load journal inode [ 60.271904][ T4434] netlink: 24 bytes leftover after parsing attributes in process `syz.3.328'. [ 60.581471][ T4481] loop2: detected capacity change from 0 to 2048 [ 60.606060][ T4483] netlink: 36 bytes leftover after parsing attributes in process `syz.0.348'. [ 60.872214][ T4510] FAULT_INJECTION: forcing a failure. [ 60.872214][ T4510] name failslab, interval 1, probability 0, space 0, times 0 [ 60.885002][ T4510] CPU: 1 UID: 0 PID: 4510 Comm: syz.0.358 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 60.885043][ T4510] Tainted: [W]=WARN [ 60.885126][ T4510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 60.885220][ T4510] Call Trace: [ 60.885229][ T4510] [ 60.885239][ T4510] __dump_stack+0x1d/0x30 [ 60.885271][ T4510] dump_stack_lvl+0xe8/0x140 [ 60.885300][ T4510] dump_stack+0x15/0x1b [ 60.885326][ T4510] should_fail_ex+0x265/0x280 [ 60.885424][ T4510] should_failslab+0x8c/0xb0 [ 60.885455][ T4510] kmem_cache_alloc_node_noprof+0x6b/0x4c0 [ 60.885485][ T4510] ? __alloc_skb+0x324/0x4d0 [ 60.885557][ T4510] __alloc_skb+0x324/0x4d0 [ 60.885585][ T4510] ? __alloc_skb+0x24d/0x4d0 [ 60.885616][ T4510] netlink_alloc_large_skb+0xbf/0xf0 [ 60.885651][ T4510] netlink_sendmsg+0x3cf/0x6b0 [ 60.885779][ T4510] ? __pfx_netlink_sendmsg+0x10/0x10 [ 60.885818][ T4510] __sock_sendmsg+0x145/0x180 [ 60.885842][ T4510] ____sys_sendmsg+0x31e/0x4a0 [ 60.885883][ T4510] ___sys_sendmsg+0x17b/0x1d0 [ 60.885930][ T4510] __x64_sys_sendmsg+0xd4/0x160 [ 60.886033][ T4510] x64_sys_call+0x17ba/0x3000 [ 60.886058][ T4510] do_syscall_64+0xd8/0x2a0 [ 60.886112][ T4510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.886169][ T4510] RIP: 0033:0x7fbeea95f749 [ 60.886188][ T4510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.886210][ T4510] RSP: 002b:00007fbee93bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 60.886233][ T4510] RAX: ffffffffffffffda RBX: 00007fbeeabb5fa0 RCX: 00007fbeea95f749 [ 60.886249][ T4510] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 60.886261][ T4510] RBP: 00007fbee93bf090 R08: 0000000000000000 R09: 0000000000000000 [ 60.886274][ T4510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.886307][ T4510] R13: 00007fbeeabb6038 R14: 00007fbeeabb5fa0 R15: 00007ffd4a749f38 [ 60.886331][ T4510] [ 60.899311][ T4501] netlink: 24 bytes leftover after parsing attributes in process `syz.1.349'. [ 61.387859][ T4541] netlink: 36 bytes leftover after parsing attributes in process `syz.3.369'. [ 62.432283][ T4582] netlink: 24 bytes leftover after parsing attributes in process `syz.2.382'. [ 62.495101][ T4561] loop3: detected capacity change from 0 to 512 [ 62.519642][ T4561] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.376: bad orphan inode 11862016 [ 62.543150][ T4561] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.656156][ T37] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 62.685286][ T37] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 62.701557][ T37] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 62.719578][ T37] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 63.829783][ T4623] loop3: detected capacity change from 0 to 512 [ 63.863165][ T4623] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.403: bad orphan inode 11862016 [ 63.907611][ T4623] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.083278][ T4661] loop3: detected capacity change from 0 to 1024 [ 64.090763][ T4661] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 64.101172][ T4661] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 64.112228][ T4661] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 64.162331][ T4661] JBD2: no valid journal superblock found [ 64.168172][ T4661] EXT4-fs (loop3): Could not load journal inode [ 64.209578][ T4672] netlink: 'syz.3.422': attribute type 13 has an invalid length. [ 64.238423][ T4672] __nla_validate_parse: 4 callbacks suppressed [ 64.238438][ T4672] netlink: 24 bytes leftover after parsing attributes in process `syz.3.422'. [ 64.253706][ T4672] netlink: 24 bytes leftover after parsing attributes in process `syz.3.422'. [ 64.750590][ T4694] netlink: 8 bytes leftover after parsing attributes in process `syz.3.425'. [ 64.759574][ T4694] netlink: 20 bytes leftover after parsing attributes in process `syz.3.425'. [ 65.017764][ T29] kauditd_printk_skb: 313 callbacks suppressed [ 65.017780][ T29] audit: type=1400 audit(1765414702.259:1375): avc: denied { unmount } for pid=4705 comm="syz.4.433" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 65.084030][ T29] audit: type=1326 audit(1765414702.329:1376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4707 comm="syz.4.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 65.228246][ T4714] loop0: detected capacity change from 0 to 2048 [ 65.244610][ T29] audit: type=1326 audit(1765414702.359:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4707 comm="syz.4.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 65.268051][ T29] audit: type=1326 audit(1765414702.359:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4707 comm="syz.4.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 65.291527][ T29] audit: type=1326 audit(1765414702.359:1379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4707 comm="syz.4.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 65.315013][ T29] audit: type=1326 audit(1765414702.399:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4707 comm="syz.4.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 65.338432][ T29] audit: type=1326 audit(1765414702.399:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4707 comm="syz.4.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 65.361792][ T29] audit: type=1326 audit(1765414702.399:1382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4707 comm="syz.4.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 65.385384][ T29] audit: type=1326 audit(1765414702.399:1383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4707 comm="syz.4.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 65.408776][ T29] audit: type=1326 audit(1765414702.399:1384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4707 comm="syz.4.434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 67.062536][ T4786] netlink: 20 bytes leftover after parsing attributes in process `syz.2.464'. [ 67.869035][ T4808] loop1: detected capacity change from 0 to 512 [ 67.879308][ T4829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.481'. [ 67.899882][ T4808] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.472: bad orphan inode 11862016 [ 67.926176][ T4808] ext4 filesystem being mounted at /89/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.977110][ T4843] loop0: detected capacity change from 0 to 2048 [ 68.340873][ T4876] netlink: 8 bytes leftover after parsing attributes in process `syz.2.495'. [ 68.905151][ T4910] netlink: 8 bytes leftover after parsing attributes in process `syz.2.507'. [ 69.085535][ T4918] netlink: 'syz.2.509': attribute type 4 has an invalid length. [ 69.139200][ T4927] syz.2.513 uses obsolete (PF_INET,SOCK_PACKET) [ 69.140684][ T4928] sctp: [Deprecated]: syz.4.514 (pid 4928) Use of int in maxseg socket option. [ 69.140684][ T4928] Use struct sctp_assoc_value instead [ 69.232271][ T4935] netlink: 4 bytes leftover after parsing attributes in process `syz.2.517'. [ 69.289890][ T4941] netlink: 8 bytes leftover after parsing attributes in process `syz.4.518'. [ 69.310504][ T4939] netlink: 16 bytes leftover after parsing attributes in process `syz.2.517'. [ 69.346915][ T4944] netlink: 'syz.4.519': attribute type 1 has an invalid length. [ 70.056951][ T29] kauditd_printk_skb: 279 callbacks suppressed [ 70.057036][ T29] audit: type=1400 audit(1765414707.309:1664): avc: denied { getopt } for pid=4981 comm="syz.2.535" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 70.086205][ T4983] netlink: 48 bytes leftover after parsing attributes in process `syz.2.535'. [ 70.098910][ T4983] netlink: 12 bytes leftover after parsing attributes in process `syz.2.535'. [ 70.145769][ T4990] FAULT_INJECTION: forcing a failure. [ 70.145769][ T4990] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 70.159990][ T4990] CPU: 0 UID: 0 PID: 4990 Comm: syz.3.536 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 70.160023][ T4990] Tainted: [W]=WARN [ 70.160029][ T4990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 70.160042][ T4990] Call Trace: [ 70.160047][ T4990] [ 70.160055][ T4990] __dump_stack+0x1d/0x30 [ 70.160093][ T4990] dump_stack_lvl+0xe8/0x140 [ 70.160120][ T4990] dump_stack+0x15/0x1b [ 70.160146][ T4990] should_fail_ex+0x265/0x280 [ 70.160217][ T4990] should_fail+0xb/0x20 [ 70.160236][ T4990] should_fail_usercopy+0x1a/0x20 [ 70.160265][ T4990] _copy_from_iter+0xcf/0xe70 [ 70.160297][ T4990] ? __alloc_skb+0x3bb/0x4d0 [ 70.160382][ T4990] ? __alloc_skb+0x24d/0x4d0 [ 70.160407][ T4990] netlink_sendmsg+0x471/0x6b0 [ 70.160441][ T4990] ? __pfx_netlink_sendmsg+0x10/0x10 [ 70.160505][ T4990] __sock_sendmsg+0x145/0x180 [ 70.160530][ T4990] ____sys_sendmsg+0x31e/0x4a0 [ 70.160568][ T4990] ___sys_sendmsg+0x17b/0x1d0 [ 70.160649][ T4990] __x64_sys_sendmsg+0xd4/0x160 [ 70.160720][ T4990] x64_sys_call+0x17ba/0x3000 [ 70.160748][ T4990] do_syscall_64+0xd8/0x2a0 [ 70.160849][ T4990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.160877][ T4990] RIP: 0033:0x7f460694f749 [ 70.160896][ T4990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.160979][ T4990] RSP: 002b:00007f46053b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 70.161002][ T4990] RAX: ffffffffffffffda RBX: 00007f4606ba5fa0 RCX: 00007f460694f749 [ 70.161045][ T4990] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000006 [ 70.161057][ T4990] RBP: 00007f46053b7090 R08: 0000000000000000 R09: 0000000000000000 [ 70.161069][ T4990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 70.161158][ T4990] R13: 00007f4606ba6038 R14: 00007f4606ba5fa0 R15: 00007ffe0107ebe8 [ 70.161177][ T4990] [ 70.487665][ T29] audit: type=1326 audit(1765414707.739:1665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4989 comm="syz.2.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f954cf749 code=0x7ffc0000 [ 70.540490][ T29] audit: type=1326 audit(1765414707.759:1666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4989 comm="syz.2.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2f954cf749 code=0x7ffc0000 [ 70.563936][ T29] audit: type=1400 audit(1765414707.759:1667): avc: denied { sqpoll } for pid=4989 comm="syz.2.537" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 70.576176][ T5005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.538'. [ 70.583156][ T29] audit: type=1326 audit(1765414707.769:1668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4989 comm="syz.2.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f954cf749 code=0x7ffc0000 [ 70.591888][ T5005] netlink: 20 bytes leftover after parsing attributes in process `syz.1.538'. [ 70.615233][ T29] audit: type=1326 audit(1765414707.769:1669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4989 comm="syz.2.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2f954cf749 code=0x7ffc0000 [ 70.647599][ T29] audit: type=1326 audit(1765414707.769:1670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4989 comm="syz.2.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2f954cf783 code=0x7ffc0000 [ 70.670833][ T29] audit: type=1326 audit(1765414707.769:1671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4989 comm="syz.2.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2f954cf783 code=0x7ffc0000 [ 70.694072][ T29] audit: type=1326 audit(1765414707.769:1672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4989 comm="syz.2.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f954cf749 code=0x7ffc0000 [ 70.717571][ T29] audit: type=1326 audit(1765414707.769:1673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4989 comm="syz.2.537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f954cf749 code=0x7ffc0000 [ 70.769517][ T5009] netlink: 8 bytes leftover after parsing attributes in process `syz.3.543'. [ 70.918922][ T5013] netlink: 12 bytes leftover after parsing attributes in process `syz.3.544'. [ 70.928285][ T5013] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 70.961916][ T5020] loop0: detected capacity change from 0 to 1024 [ 71.016148][ T5020] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 71.040296][ T5020] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 71.051293][ T5020] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 71.077391][ T5020] JBD2: no valid journal superblock found [ 71.083148][ T5020] EXT4-fs (loop0): Could not load journal inode [ 72.449644][ T5062] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5062 comm=syz.3.562 [ 72.592458][ T5087] FAULT_INJECTION: forcing a failure. [ 72.592458][ T5087] name failslab, interval 1, probability 0, space 0, times 0 [ 72.605395][ T5087] CPU: 1 UID: 0 PID: 5087 Comm: syz.0.573 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 72.605465][ T5087] Tainted: [W]=WARN [ 72.605474][ T5087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 72.605490][ T5087] Call Trace: [ 72.605497][ T5087] [ 72.605505][ T5087] __dump_stack+0x1d/0x30 [ 72.605562][ T5087] dump_stack_lvl+0xe8/0x140 [ 72.605585][ T5087] dump_stack+0x15/0x1b [ 72.605604][ T5087] should_fail_ex+0x265/0x280 [ 72.605690][ T5087] should_failslab+0x8c/0xb0 [ 72.605721][ T5087] __kmalloc_noprof+0xb9/0x5a0 [ 72.605745][ T5087] ? kobject_get_path+0x92/0x1c0 [ 72.605791][ T5087] kobject_get_path+0x92/0x1c0 [ 72.605813][ T5087] input_devices_seq_show+0x36/0x470 [ 72.605919][ T5087] seq_read_iter+0x636/0x950 [ 72.605955][ T5087] seq_read+0x270/0x2b0 [ 72.605989][ T5087] ? __pfx_seq_read+0x10/0x10 [ 72.606052][ T5087] proc_reg_read+0x128/0x1c0 [ 72.606085][ T5087] ? __pfx_proc_reg_read+0x10/0x10 [ 72.606183][ T5087] vfs_readv+0x3fb/0x690 [ 72.606219][ T5087] __x64_sys_preadv+0xfd/0x1c0 [ 72.606243][ T5087] x64_sys_call+0x2805/0x3000 [ 72.606343][ T5087] do_syscall_64+0xd8/0x2a0 [ 72.606380][ T5087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.606401][ T5087] RIP: 0033:0x7fbeea95f749 [ 72.606417][ T5087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.606491][ T5087] RSP: 002b:00007fbee93bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 72.606511][ T5087] RAX: ffffffffffffffda RBX: 00007fbeeabb5fa0 RCX: 00007fbeea95f749 [ 72.606523][ T5087] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000006 [ 72.606535][ T5087] RBP: 00007fbee93bf090 R08: 000000000000000a R09: 0000000000000000 [ 72.606618][ T5087] R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000000001 [ 72.606630][ T5087] R13: 00007fbeeabb6038 R14: 00007fbeeabb5fa0 R15: 00007ffd4a749f38 [ 72.606649][ T5087] [ 72.836852][ T5092] loop1: detected capacity change from 0 to 1024 [ 72.852163][ T5092] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 72.885595][ T5092] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 72.896581][ T5092] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 72.914911][ T5092] JBD2: no valid journal superblock found [ 72.920765][ T5092] EXT4-fs (loop1): Could not load journal inode [ 73.233169][ T5119] netlink: 8 bytes leftover after parsing attributes in process `syz.1.582'. [ 73.242052][ T5119] netlink: 20 bytes leftover after parsing attributes in process `syz.1.582'. [ 74.118571][ T5155] loop3: detected capacity change from 0 to 512 [ 74.230878][ T5155] ext3: Unknown parameter 'subj_type' [ 74.386988][ T5167] netlink: 204 bytes leftover after parsing attributes in process `syz.0.602'. [ 74.854626][ T5210] netlink: 4 bytes leftover after parsing attributes in process `syz.2.623'. [ 75.288616][ T5202] netlink: 'syz.4.617': attribute type 1 has an invalid length. [ 75.528192][ T5236] netlink: 20 bytes leftover after parsing attributes in process `syz.2.630'. [ 75.558748][ T5237] loop1: detected capacity change from 0 to 2048 [ 75.577853][ T5202] bond1: entered promiscuous mode [ 75.579474][ T5237] EXT4-fs mount: 14 callbacks suppressed [ 75.579492][ T5237] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.592314][ T5202] 8021q: adding VLAN 0 to HW filter on device bond1 [ 75.829107][ T5255] netlink: 8 bytes leftover after parsing attributes in process `syz.2.634'. [ 75.838117][ T5255] netlink: 20 bytes leftover after parsing attributes in process `syz.2.634'. [ 75.847282][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.916869][ T1614] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 75.938556][ T1614] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 75.974104][ T1614] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 75.985041][ T29] kauditd_printk_skb: 613 callbacks suppressed [ 75.985056][ T29] audit: type=1326 audit(1765414713.229:2287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5264 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f460694f749 code=0x7ffc0000 [ 75.999099][ T1614] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 76.057894][ T29] audit: type=1326 audit(1765414713.229:2288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5264 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7f460694f749 code=0x7ffc0000 [ 76.081472][ T29] audit: type=1326 audit(1765414713.229:2289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5264 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f460694f749 code=0x7ffc0000 [ 76.105039][ T29] audit: type=1326 audit(1765414713.229:2290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5264 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f460694f749 code=0x7ffc0000 [ 76.128548][ T29] audit: type=1326 audit(1765414713.239:2291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5264 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f460694f749 code=0x7ffc0000 [ 76.152096][ T29] audit: type=1326 audit(1765414713.239:2292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5264 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f460694f749 code=0x7ffc0000 [ 76.175679][ T29] audit: type=1326 audit(1765414713.239:2293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5264 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f460694f749 code=0x7ffc0000 [ 76.199024][ T29] audit: type=1326 audit(1765414713.239:2294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5264 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f460694f749 code=0x7ffc0000 [ 76.222321][ T29] audit: type=1326 audit(1765414713.239:2295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5264 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f460694f749 code=0x7ffc0000 [ 76.245831][ T29] audit: type=1326 audit(1765414713.239:2296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5264 comm="syz.3.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f460694f749 code=0x7ffc0000 [ 76.279219][ T5275] netlink: 4 bytes leftover after parsing attributes in process `syz.0.643'. [ 76.356930][ T5280] netlink: 'syz.3.645': attribute type 10 has an invalid length. [ 76.387791][ T5280] team0 (unregistering): Port device team_slave_0 removed [ 76.398298][ T5280] team0 (unregistering): Port device team_slave_1 removed [ 76.578120][ T5280] netlink: 32 bytes leftover after parsing attributes in process `syz.3.645'. [ 77.064346][ T5323] netlink: 'syz.3.660': attribute type 21 has an invalid length. [ 77.098343][ T5323] netlink: 'syz.3.660': attribute type 1 has an invalid length. [ 77.106079][ T5323] netlink: 144 bytes leftover after parsing attributes in process `syz.3.660'. [ 77.448712][ T5338] netlink: 8 bytes leftover after parsing attributes in process `syz.0.666'. [ 77.457604][ T5338] netlink: 'syz.0.666': attribute type 30 has an invalid length. [ 77.476563][ T5341] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.664'. [ 77.487207][ T37] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.498723][ T37] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.529677][ T37] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.553190][ T37] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.603916][ T5352] process 'syz.1.672' launched '/dev/fd/7' with NULL argv: empty string added [ 77.769766][ T5357] loop1: detected capacity change from 0 to 1024 [ 77.783353][ T5357] EXT4-fs: Ignoring removed nomblk_io_submit option [ 77.790141][ T5357] EXT4-fs: Ignoring removed orlov option [ 77.795873][ T5357] ext2: Bad value for 'mb_optimize_scan' [ 77.964575][ T5381] netlink: 'syz.2.683': attribute type 10 has an invalid length. [ 78.852474][ T5430] syzkaller0: entered allmulticast mode [ 78.860127][ T5430] syzkaller0 (unregistering): left allmulticast mode [ 78.911356][ T5443] SELinux: Context @ is not valid (left unmapped). [ 79.111151][ T5471] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 79.111151][ T5471] program syz.0.721 not setting count and/or reply_len properly [ 79.295158][ T37] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 79.302749][ T37] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 79.315684][ T3747] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 79.405483][ T3747] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 79.865897][ T3477] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 80.242870][ T5553] __nla_validate_parse: 2 callbacks suppressed [ 80.242885][ T5553] netlink: 80 bytes leftover after parsing attributes in process `syz.0.752'. [ 80.283550][ T5559] netlink: 48 bytes leftover after parsing attributes in process `syz.3.756'. [ 81.012298][ T29] kauditd_printk_skb: 539 callbacks suppressed [ 81.012318][ T29] audit: type=1326 audit(1765414718.249:2836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 81.042112][ T29] audit: type=1326 audit(1765414718.249:2837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 81.065479][ T29] audit: type=1326 audit(1765414718.249:2838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 81.089147][ T29] audit: type=1326 audit(1765414718.249:2839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 81.112670][ T29] audit: type=1326 audit(1765414718.249:2840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 81.136308][ T29] audit: type=1326 audit(1765414718.249:2841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 81.159913][ T29] audit: type=1326 audit(1765414718.249:2842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 81.183562][ T29] audit: type=1326 audit(1765414718.249:2843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 81.207069][ T29] audit: type=1326 audit(1765414718.249:2844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 81.230447][ T29] audit: type=1326 audit(1765414718.249:2845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 81.622855][ T5662] netlink: 4 bytes leftover after parsing attributes in process `syz.2.802'. [ 82.291568][ T5708] loop0: detected capacity change from 0 to 512 [ 82.322982][ T5708] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.821: bad orphan inode 11862016 [ 82.396368][ T5708] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 82.465567][ T5708] ext4 filesystem being mounted at /169/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.548398][ T3325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 82.902905][ T5786] netlink: 12 bytes leftover after parsing attributes in process `syz.0.850'. [ 82.918773][ T5786] netlink: 4 bytes leftover after parsing attributes in process `syz.0.850'. [ 83.595464][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 84.378903][ T5905] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 84.470194][ T5905] xt_hashlimit: max too large, truncated to 1048576 [ 84.477833][ T5905] xt_CT: You must specify a L4 protocol and not use inversions on it [ 84.544205][ T5918] netlink: 4 bytes leftover after parsing attributes in process `syz.0.909'. [ 84.784468][ T5935] loop0: detected capacity change from 0 to 512 [ 84.808914][ T5935] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.911: bad orphan inode 11862016 [ 84.820495][ T5935] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 84.833590][ T5935] ext4 filesystem being mounted at /179/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 84.881788][ T3325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 85.013582][ T5965] netlink: 4 bytes leftover after parsing attributes in process `syz.4.925'. [ 85.059356][ T5969] netlink: 4 bytes leftover after parsing attributes in process `syz.1.927'. [ 85.375265][ T5996] netlink: 4 bytes leftover after parsing attributes in process `syz.3.939'. [ 85.838001][ T6034] netlink: 4 bytes leftover after parsing attributes in process `syz.1.953'. [ 85.848503][ T6034] netlink: 32 bytes leftover after parsing attributes in process `syz.1.953'. [ 86.354110][ T29] kauditd_printk_skb: 431 callbacks suppressed [ 86.354126][ T29] audit: type=1326 audit(1765414723.599:3277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6072 comm="syz.4.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 86.385546][ T29] audit: type=1326 audit(1765414723.629:3278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6072 comm="syz.4.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 86.409516][ T29] audit: type=1326 audit(1765414723.639:3279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6072 comm="syz.4.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 86.432867][ T29] audit: type=1326 audit(1765414723.639:3280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6072 comm="syz.4.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 86.456238][ T29] audit: type=1326 audit(1765414723.639:3281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6072 comm="syz.4.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 86.479640][ T29] audit: type=1326 audit(1765414723.659:3282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6072 comm="syz.4.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 86.504252][ T29] audit: type=1326 audit(1765414723.659:3283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6072 comm="syz.4.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 86.527635][ T29] audit: type=1326 audit(1765414723.679:3284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6072 comm="syz.4.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01d94f749 code=0x7ffc0000 [ 86.589710][ T6077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.971'. [ 86.806168][ T6074] loop0: detected capacity change from 0 to 512 [ 86.838290][ T6074] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.969: bad orphan inode 11862016 [ 86.852892][ T6074] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 86.867140][ T6074] ext4 filesystem being mounted at /192/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 86.870422][ T6059] 9pnet_fd: p9_fd_create_tcp (6059): problem connecting socket to 127.0.0.1 [ 86.901163][ T29] audit: type=1326 audit(1765414724.149:3285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6105 comm="syz.3.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f460694f749 code=0x7ffc0000 [ 86.937383][ T29] audit: type=1326 audit(1765414724.149:3286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6105 comm="syz.3.982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f460694f749 code=0x7ffc0000 [ 87.010668][ T3325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 87.064244][ T6120] netlink: 28 bytes leftover after parsing attributes in process `syz.3.989'. [ 87.166926][ T6136] netlink: 4 bytes leftover after parsing attributes in process `syz.0.996'. [ 87.628270][ T6188] syz.2.1018 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 88.015334][ T6207] xt_l2tp: v2 sid > 0xffff: 4294901760 [ 88.024911][ T6206] bridge7: entered promiscuous mode [ 88.063179][ T6206] 9p: Bad value for 'wfdno' [ 88.315697][ T6169] 9pnet_fd: p9_fd_create_tcp (6169): problem connecting socket to 127.0.0.1 [ 88.562079][ T6238] netlink: 4436 bytes leftover after parsing attributes in process `syz.0.1037'. [ 88.633113][ T6238] x_tables: ip_tables: osf.0 match: invalid size 48 (kernel) != (user) 4096 [ 88.874724][ T6238] loop0: detected capacity change from 0 to 512 [ 88.888455][ T6238] EXT4-fs warning (device loop0): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 88.905909][ T6238] EXT4-fs (loop0): mount failed [ 89.139655][ T6273] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 89.214475][ T6284] loop0: detected capacity change from 0 to 512 [ 89.247689][ T3005] udevd[3005]: worker [4576] terminated by signal 33 (Unknown signal 33) [ 89.258397][ T6284] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.271330][ T6284] ext4 filesystem being mounted at /205/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.283900][ T3005] udevd[3005]: worker [4576] failed while handling '/devices/virtual/block/loop0' [ 89.325506][ T6284] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1054'. [ 89.334515][ T6284] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1054'. [ 89.465291][ T3325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.154433][ T6308] loop0: detected capacity change from 0 to 512 [ 90.223072][ T6308] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.1062: bad orphan inode 11862016 [ 90.255059][ T6308] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 90.275621][ T6308] ext4 filesystem being mounted at /208/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 90.336099][ T6323] Process accounting resumed [ 90.381769][ T3325] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 90.429556][ T6339] netlink: 4436 bytes leftover after parsing attributes in process `syz.1.1075'. [ 90.479233][ T6339] x_tables: ip_tables: osf.0 match: invalid size 48 (kernel) != (user) 4096 [ 90.905538][ T6393] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6393 comm=syz.2.1097 [ 90.977276][ T6393] netlink: 'syz.2.1097': attribute type 2 has an invalid length. [ 91.130711][ T6420] program syz.0.1105 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 91.157006][ T6424] netlink: 'syz.3.1108': attribute type 13 has an invalid length. [ 91.164948][ T6424] netlink: 'syz.3.1108': attribute type 27 has an invalid length. [ 91.373090][ T6433] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.1112' sets config #1 [ 91.406110][ T6433] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1112'. [ 91.491528][ T6431] mmap: syz.2.1107 (6431) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 91.535922][ T29] kauditd_printk_skb: 243 callbacks suppressed [ 91.535939][ T29] audit: type=1326 audit(1765414728.789:3529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6444 comm="syz.0.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 91.582506][ T29] audit: type=1326 audit(1765414728.819:3530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6444 comm="syz.0.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 91.606039][ T29] audit: type=1326 audit(1765414728.819:3531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6444 comm="syz.0.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 91.629525][ T29] audit: type=1326 audit(1765414728.819:3532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6444 comm="syz.0.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 91.652989][ T29] audit: type=1326 audit(1765414728.819:3533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6444 comm="syz.0.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 91.676365][ T29] audit: type=1326 audit(1765414728.819:3534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6444 comm="syz.0.1118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 91.765198][ T29] audit: type=1326 audit(1765414729.009:3535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6457 comm="syz.0.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 91.789315][ T6401] 9pnet_fd: p9_fd_create_tcp (6401): problem connecting socket to 127.0.0.1 [ 91.790521][ T29] audit: type=1326 audit(1765414729.039:3536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6457 comm="syz.0.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fbeea95f749 code=0x7ffc0000 [ 91.821608][ T29] audit: type=1326 audit(1765414729.039:3537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6457 comm="syz.0.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbeea95f783 code=0x7ffc0000 [ 91.844932][ T29] audit: type=1326 audit(1765414729.039:3538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6457 comm="syz.0.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbeea95f783 code=0x7ffc0000 [ 92.556765][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 92.733813][ T6536] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1156'. [ 93.084904][ T6564] netlink: 'syz.1.1168': attribute type 30 has an invalid length. [ 93.220953][ T6572] dummy0: left promiscuous mode [ 93.229922][ T6576] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1171'. [ 93.239727][ T6572] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 93.546063][ T6611] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1185'. [ 93.567460][ T6591] netlink: 'syz.2.1179': attribute type 21 has an invalid length. [ 93.578059][ T6591] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1179'. [ 93.619494][ T6591] delete_channel: no stack [ 93.626673][ T6614] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 93.682739][ T6623] netlink: 'syz.0.1191': attribute type 3 has an invalid length. [ 93.971317][ T6654] ================================================================== [ 93.979463][ T6654] BUG: KCSAN: data-race in __anon_vma_prepare / handle_mm_fault [ 93.987126][ T6654] [ 93.989456][ T6654] write to 0xffff888105045400 of 8 bytes by task 6655 on cpu 1: [ 93.997100][ T6654] __anon_vma_prepare+0x172/0x2f0 [ 94.002156][ T6654] handle_mm_fault+0x1d91/0x2c60 [ 94.007122][ T6654] __get_user_pages+0x1024/0x1ed0 [ 94.012183][ T6654] __mm_populate+0x243/0x3a0 [ 94.016791][ T6654] vm_mmap_pgoff+0x232/0x2e0 [ 94.021395][ T6654] ksys_mmap_pgoff+0xc2/0x310 [ 94.026080][ T6654] x64_sys_call+0x16bb/0x3000 [ 94.030764][ T6654] do_syscall_64+0xd8/0x2a0 [ 94.035283][ T6654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.041205][ T6654] [ 94.043529][ T6654] read to 0xffff888105045400 of 8 bytes by task 6654 on cpu 0: [ 94.051070][ T6654] handle_mm_fault+0xec1/0x2c60 [ 94.055931][ T6654] do_user_addr_fault+0x3fe/0x1080 [ 94.061042][ T6654] exc_page_fault+0x62/0xa0 [ 94.065550][ T6654] asm_exc_page_fault+0x26/0x30 [ 94.070439][ T6654] [ 94.072755][ T6654] value changed: 0x0000000000000000 -> 0xffff88811c262618 [ 94.079887][ T6654] [ 94.082220][ T6654] Reported by Kernel Concurrency Sanitizer on: [ 94.088375][ T6654] CPU: 0 UID: 0 PID: 6654 Comm: syz.3.1201 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 94.099659][ T6654] Tainted: [W]=WARN [ 94.103464][ T6654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 94.113522][ T6654] ================================================================== [ 94.587992][ T6634] 9pnet_fd: p9_fd_create_tcp (6634): problem connecting socket to 127.0.0.1