last executing test programs: 1m46.310421692s ago: executing program 3 (id=174): r0 = socket(0x11, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[], 0x48) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="120000002200000004000000"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r3, 0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000140)=r2}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r4, 0xffffffffffffffff}, &(0x7f0000000280), &(0x7f00000002c0)=r2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000400)={r5, &(0x7f0000000340), 0x0}, 0x20) r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x202740, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r7, 0x0, 0x11, &(0x7f0000000540)="17000000020001004003be8c5e687a8a6a003200020100ecff3f00000003a96c6b06169da9c0f8d94d5bbb6a880a00243c5197b29f9368bdd6c8db933e7a2fdfff0a175e0000dba67e06000000e289c46f8ab8b4028a7a63c900000200df0180000003000000000000000080c457681f009cee4a0a003dff010000b7315033bf79ac2df5bc080236e2b68c8eec25a02aff06011500000000010000000affff02dfcc580000000000", 0xa8) r8 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r8, &(0x7f0000004200)='t', 0x1) sendfile(r8, r6, 0x0, 0x3ffff) move_mount(r6, 0x0, r8, 0x0, 0x14) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xb, &(0x7f0000000a00)=ANY=[@ANYRES16=r6, @ANYRES16=r5, @ANYRES64=r0, @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0}, 0x94) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYRES32=r9], 0x48) timer_create(0x1, 0x0, &(0x7f00000001c0)=0x0) timer_settime(r11, 0x1, &(0x7f00000013c0)={{0x0, 0x3938700}, {0x0, 0x3938700}}, &(0x7f0000001400)) r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r12}, 0x10) open(&(0x7f0000000740)='./bus\x00', 0x143c62, 0x0) mount(&(0x7f0000000180)=@md0, &(0x7f0000000040)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x8000, &(0x7f0000000300)='trans=rdma,') bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) lsm_get_self_attr(0x64, 0xffffffffffffffff, &(0x7f0000000040)=0xfffffffffffffdb1, 0x0) 1m46.143909936s ago: executing program 3 (id=179): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x4b67) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x9, 0x80, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x4360}, 0x8, 0x9, 0x7d, 0x0, 0x1, 0xfe, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r2, 0x4008550d, 0x0) pipe2(&(0x7f0000000040), 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r3, 0x6, &(0x7f0000002000)={0x1}) fcntl$lock(r3, 0x26, &(0x7f00000031c0)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r4 = perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000180)='cpu==0||!') r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x8100) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r7, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1m45.068934724s ago: executing program 3 (id=194): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) (async) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040), 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="2c778a918bf3030a21f89f3540bb1ddc736dcfa35b31eea07ad1e62a598e33da03dc956a7483cada2b296bb548032f29879d3523a05656d074d6456296452ec4d5a281dbda818d31db28c099b3ead3d2ab7f0c1a40f81a4c868387a36f1f9cad60ccec09db881c7e13a6d781875cb52ccfa1f1ef07f413b237ec63160ebc"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2}, 0x94) (async, rerun: 64) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) (async, rerun: 64) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) (async) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r4, 0x6, 0x0, 0x0, 0x0) (async, rerun: 32) r5 = fsmount(r4, 0x0, 0x0) (rerun: 32) r6 = openat$cgroup_subtree(r5, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r6, &(0x7f0000000980)={[{0x2d, 'pids'}]}, 0x1f) 1m45.050217996s ago: executing program 3 (id=195): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000180)='./file2\x00', 0xa00010, &(0x7f00000001c0), 0x21, 0x4bf, &(0x7f00000009c0)="$eJzs3U9vVF0ZAPDn3nbon7fv26Is1KggomgIM+0AlbDCjcYQEiNx5QJqOzRNZzpNZ4q0sijfwUQSV7rwA7gwcWHCyr073bnBhQkq0VATF2PmzhQKnSlF2s6b3t8vObn33DOd5zyd3HPaM+2cAHLrXERsRcSpiLgXEZPd60m3xM1OaT/u5YtH89svHs0n0Wrd+UeStbevxa6vafuo+5yjEfGD70b8ONkbt7GxuTxXrVbWuvVSs7ZaamxsXl6qzS1WFisr5fLszOz09SvXyoeW69nab55/Z+nWD3//uy89++PWN3/a7tZEt213Hoepk3rhVZy24Yi4dRTBBmCom8+pQXeE/0saEZ+JiPPZ/T8ZQ9mrCQCcZK3WZLQmd9cBgJMuzdbAkrQYUeicp2mx2FnDOxPjabXeaF66X19fWeislU1FIb2/VK1Md9cKp6KQtOsz2fnrevmt+pWIOB0RPxsZy+rF+Xp1YZA/+ABAjn30ev7P3gv490hn/gcATrjRQXcAADh25n8AyB/zPwDkj/kfAPLH/A8A+WP+B4D8Mf8DQK58//btdmltdz//euHBxvpy/cHlhUpjuVhbny/O19dWi4v1+mL2mT21dz1ftV5fnbka6w9LzUqjWWpsbN6t1ddXmnezz/W+WykcS1YAwH5On3365yQitm6MZSV27eVgroaTLR10B4CBGRp0B4CBsdsX5Jff8YEeW/S+ofMnQmN7G54cTX+Ao3fx89b/Ia+s/0N+Wf+H/LL+D/nVaiX2/AeAnLHGDxzs/f8evP8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAjk1kJUmL3b3AJyJNi8WIjyNiKgrJ/aVqZToiPomIP40URtr1mUF3GgD4QOnfku7+XxcnL0y83Xoq+c9IdoyIn/zizs8fzjWbazPt6//sXP/WWMST7vXyIPoPAHk09F6P3pmnd+bxHS9fPJrfKYffx/6ef7uzuWg77na3dFqGYzg7jkYhIsb/lXTrHcl7Z97b1uOI+Fyv/JNsbWSqu/Pp2/HbsT8+1vjpG/HTrK1zbH8vPnsIfYG8edoef272uv/SOJcde9//o9kI9eF2xr/tPeNf+mr8G+oz/p07SICxX0dc/cP3+sZ/HPGF4V7xk1fxkz7xLxwwx7988cvn+7W1fhlxMXrH3x2r1Kytlhobm5eXanOLlcXKSrk8OzM7ff3KtXIpW6Mu7axU7/X3G5c+2S//8T7xR9+R/9cOmP+v/nvvR1/ZJ/43vtr79T+zT/z2nPj1A8afG/9t3+272/EX+uT/rtf/0gHjP/vr5sIBHwoAHIPGxubyXLVaWRv0yU6HPi39ceIk1yeDHZeAo/f6ph90TwAAAAAAAAAAAAAAgH6O49+JBp0jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ9f/AgAA//9gOtV4") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) write$cgroup_int(r0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000380), 0x101bf) open(&(0x7f0000000180)='./bus\x00', 0xa37e, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) ftruncate(r2, 0x2008000) r3 = open(&(0x7f0000000000)='./bus\x00', 0x64942, 0x0) r4 = open(0x0, 0x0, 0x0) sendfile(r3, r4, 0x0, 0x1000200201005) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r5, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]}) write$P9_RUNLINKAT(r2, &(0x7f0000000b40)={0x7, 0x4d, 0x2}, 0x7) 1m43.725163693s ago: executing program 3 (id=217): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) socket$packet(0x11, 0x2, 0x300) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) socket$packet(0x11, 0xa, 0x300) sendto$packet(r2, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_emit_ethernet(0x3a, &(0x7f0000000980)=ANY=[], 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) process_mrelease(0xffffffffffffffff, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, 0x1, 0x2, 0x401, 0x0, 0x0, {0x2, 0x0, 0x2}, [@CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10000800}, 0x10) r5 = socket(0x40000000015, 0x5, 0x0) connect$inet(r5, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0xe) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYRES32=r5], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x17, '\x00', 0x0, 0x2}, 0xcb) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r6, 0x0, 0x4}, 0x18) personality(0x410000e) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(r7, &(0x7f0000000200), 0xffffffc1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22052, r7, 0x0) write$tun(r7, &(0x7f00000002c0)={@val={0x0, 0x5ad}, @val={0x1, 0x1, 0x1, 0x2, 0x8}, @x25={0x1, 0x9, 0x1b, "b4cc8a0fe96863c22eb93b2ee7dce6704c4ec93322ba3d9a08325365250022c3587d1c02f5cca9fe7b06e784e68dc8119239a6990db69a3cc73e8181cf46fe1ffb5e2417ecb6baeed6e21dfa0bd9c96a9e4549ef6716652be0ce74acecc036dab84648d29f9289a2da2c3a60b4f841db7b1befca0be5a85ae964d81286512d58d692bf25464865dbef5daa95e3f3041c2ec21c5ccf3ed05b7ee9c85bdef4f45d3a850a69f75ae91f804a28039c9597d4cb8a0359773ce47f3ec0abcf3c7dd5e465bb4ccdb67fc4ddc76045260756e04717bdda1da78b21fc0815022d76205b64265077a0f07a251b5ee44dcb54"}}, 0xfe) gettid() 1m43.093766325s ago: executing program 3 (id=231): r0 = socket(0x11, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[], 0x48) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000220000000400000002"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000280), &(0x7f00000002c0)=r2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000400)={r3, &(0x7f0000000340), 0x0}, 0x20) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x202740, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r5, 0x0, 0x11, &(0x7f0000000540)="17000000020001004003be8c5e687a8a6a003200020100ecff3f00000003a96c6b06169da9c0f8d94d5bbb6a880a00243c5197b29f9368bdd6c8db933e7a2fdfff0a175e0000dba67e06000000e289c46f8ab8b4028a7a63c900000200df0180000003000000000000000080c457681f009cee4a0a003dff010000b7315033bf79ac2df5bc080236e2b68c8eec25a02aff06011500000000010000000affff02dfcc580000000000", 0xa8) r6 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r6, &(0x7f0000004200)='t', 0x1) sendfile(r6, r4, 0x0, 0x3ffff) move_mount(r4, 0x0, r6, 0x0, 0x14) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xb, &(0x7f0000000a00)=ANY=[@ANYRES16=r4, @ANYRES16=r3, @ANYRES64=r0, @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYRES32=r7], 0x48) timer_create(0x1, 0x0, &(0x7f00000001c0)=0x0) timer_settime(r9, 0x1, &(0x7f00000013c0)={{0x0, 0x3938700}, {0x0, 0x3938700}}, &(0x7f0000001400)) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x10) open(&(0x7f0000000740)='./bus\x00', 0x143c62, 0x0) mount(&(0x7f0000000180)=@md0, &(0x7f0000000040)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x8000, &(0x7f0000000300)='trans=rdma,') bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) lsm_get_self_attr(0x64, 0xffffffffffffffff, &(0x7f0000000040)=0xfffffffffffffdb1, 0x0) 1m43.072731017s ago: executing program 32 (id=231): r0 = socket(0x11, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[], 0x48) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000220000000400000002"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000280), &(0x7f00000002c0)=r2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000400)={r3, &(0x7f0000000340), 0x0}, 0x20) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x202740, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r5, 0x0, 0x11, &(0x7f0000000540)="17000000020001004003be8c5e687a8a6a003200020100ecff3f00000003a96c6b06169da9c0f8d94d5bbb6a880a00243c5197b29f9368bdd6c8db933e7a2fdfff0a175e0000dba67e06000000e289c46f8ab8b4028a7a63c900000200df0180000003000000000000000080c457681f009cee4a0a003dff010000b7315033bf79ac2df5bc080236e2b68c8eec25a02aff06011500000000010000000affff02dfcc580000000000", 0xa8) r6 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r6, &(0x7f0000004200)='t', 0x1) sendfile(r6, r4, 0x0, 0x3ffff) move_mount(r4, 0x0, r6, 0x0, 0x14) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xb, &(0x7f0000000a00)=ANY=[@ANYRES16=r4, @ANYRES16=r3, @ANYRES64=r0, @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYRES32=r7], 0x48) timer_create(0x1, 0x0, &(0x7f00000001c0)=0x0) timer_settime(r9, 0x1, &(0x7f00000013c0)={{0x0, 0x3938700}, {0x0, 0x3938700}}, &(0x7f0000001400)) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x10) open(&(0x7f0000000740)='./bus\x00', 0x143c62, 0x0) mount(&(0x7f0000000180)=@md0, &(0x7f0000000040)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x8000, &(0x7f0000000300)='trans=rdma,') bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) lsm_get_self_attr(0x64, 0xffffffffffffffff, &(0x7f0000000040)=0xfffffffffffffdb1, 0x0) 2.205187589s ago: executing program 4 (id=1849): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', 0x0}) bind$packet(r0, &(0x7f0000000080)={0x11, 0x1a, r1, 0x1, 0x8, 0x6, @broadcast}, 0x14) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) 2.093725948s ago: executing program 4 (id=1850): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000800)="21ae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dbfaf8eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff", 0x2ac}, {&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26", 0xad}, {&(0x7f0000000140)="f610e61ac81cc3edc86f0500194d27a5a443f10dfd1ecda0fd0ed9a444b7fb76afe3a0002f0a5eafcd3555a6cad574af080de74a37f54ee5f10fe3f42b445293ca980200000000000000", 0x4a}], 0x3, 0x0, 0x0, 0x900}}], 0x1, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000000)=""/102, 0x365}, {&(0x7f0000000280)=""/76, 0x14c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/92, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x188}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 2.042118123s ago: executing program 4 (id=1853): io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x20008004) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="b80000001300e99900000000fedbdf25fc000000000000000000000000000000ac1414bb0000000000000000000000000000e9d8000100c40a0060"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000048000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x4000) 2.041699582s ago: executing program 0 (id=1854): r0 = socket(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2716, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002) 2.034224353s ago: executing program 4 (id=1855): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f00000001c0)=0x1, 0x4) sendmmsg(r0, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) 2.021571914s ago: executing program 0 (id=1856): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, 0x0, &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0x1}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r2 = fcntl$dupfd(r1, 0x0, r1) write$sndseq(r2, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @tick=0x4, {}, {}, @result={0x1, 0x2}}, {0x0, 0x0, 0xff, 0x3, @tick=0xf27, {0x1, 0x31}, {}, @addr={0x2a, 0x5}}], 0x38) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r3}, 0x18) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f00000000c0)=[@in={0x2, 0x4e20, @rand_addr=0x64010100}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x84, &(0x7f0000000280)={r5, @in={{0x2, 0x4e24, @empty}}, 0x0, 0x83}, 0x90) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x23, &(0x7f0000001100)={r5, 0x7f69}, 0x8) sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="dfbf00000000000000006700000008000300", @ANYRES32, @ANYBLOB="0800c30074"], 0x30}, 0x1, 0x0, 0x0, 0x240408c3}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000000000000000800038004000380080005"], 0x3c}, 0x1, 0x0, 0x0, 0x4008040}, 0x0) 1.916397663s ago: executing program 4 (id=1857): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) madvise(&(0x7f0000304000/0x3000)=nil, 0x3000, 0x9) r5 = socket$inet_udp(0x2, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 1.229219949s ago: executing program 2 (id=1862): bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd608a"], 0x0) 1.2127191s ago: executing program 5 (id=1863): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000800)="21ae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dbfaf8eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff", 0x2ac}, {&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26", 0xad}, {&(0x7f0000000140)="f610e61ac81cc3edc86f0500194d27a5a443f10dfd1ecda0fd0ed9a444b7fb76afe3a0002f0a5eafcd3555a6cad574af080de74a37f54ee5f10fe3f42b445293ca980200000000000000", 0x4a}], 0x3, 0x0, 0x0, 0x900}}], 0x1, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000000)=""/102, 0x365}, {&(0x7f0000000280)=""/76, 0x14c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/92, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x188}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 1.162268644s ago: executing program 2 (id=1864): r0 = socket$inet(0x2, 0x2, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e21, @multicast2}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb", 0x5}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @remote, @remote}}}], 0x20}, 0x40010) 1.150982075s ago: executing program 0 (id=1865): syz_emit_ethernet(0x3e, &(0x7f0000000480)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x64, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x38}}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x11, 0x7, 0x65, 0x0, 0x9, 0x33, 0x6b6, @broadcast, @private=0xa010100}}}}}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000540)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x4d, 0x6, 0x1, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}, {"8a72294aaf59a2420882fafe60c614c0ef01907ee72dc0a5403b5cc6090b1cee633596201a5f05ed8640e1ddecde2a6957e26987c7e2cff077"}}}}}}}, 0x0) 1.145157306s ago: executing program 5 (id=1866): io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x20008004) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="b80000001300e99900000000fedbdf25fc000000000000000000000000000000ac1414bb0000000000000000000000000000e9d8000100c40a0060"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000048000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x4000) 1.124723137s ago: executing program 2 (id=1867): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ptrace$ARCH_SHSTK_ENABLE(0x1e, r1, 0x0, 0x5001) socket$kcm(0x10, 0x2, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = syz_open_procfs(r1, &(0x7f0000000240)='net/ip6_mr_cache\x00') lseek(r4, 0x10000000005, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000006c0)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) fcntl$lock(r5, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4}) fcntl$lock(r5, 0x25, 0x0) fcntl$lock(r5, 0x5, &(0x7f0000000000)={0x1, 0x2, 0x1, 0x1}) r6 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r6, &(0x7f00000001c0), 0x0, 0x80, 0x0, 0x0) ioctl$BTRFS_IOC_SPACE_INFO(r0, 0xc0109414, &(0x7f0000008140)={0x0, 0x91}) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 1.124285578s ago: executing program 5 (id=1868): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x8c) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f0000000080)=""/43, 0x2b) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) getdents(r1, 0xfffffffffffffffd, 0xbb) 1.119037898s ago: executing program 0 (id=1869): io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x20008004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="b80000001300e99900000000fedbdf25fc000000000000000000000000000000ac1414bb0000000000000000000000000000e9d8000100c40a0060"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) 1.100880929s ago: executing program 0 (id=1870): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) msgctl$MSG_STAT(0x0, 0xb, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) r5 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x1f0, 0x0) mq_timedsend(r5, 0x0, 0x2000, 0x6, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xcc, 0x21, 0x1, 0x0, 0x4, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@mcast2, @in=@private=0xa010100, @in=@private=0xa010100, @in=@rand_addr=0x6, 0x3c, 0x0, 0x0, 0x0, 0xa, 0xa}]}, @user_kmaddress={0x2c, 0x13, {@in=@loopback, @in=@multicast1, 0x0, 0xa}}]}, 0xcc}}, 0x0) 813.996833ms ago: executing program 5 (id=1871): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f00000001c0)=0x1, 0x4) sendmmsg(r0, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) 812.640453ms ago: executing program 4 (id=1872): setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f00000001c0)=0x20000, 0x4) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x204000, 0x1000}, 0x20) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x6) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f0000000380)={0x0, 0x3, 0x6f, 0x0, 0xd}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02}) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000280)=""/160, 0xa0}], 0x1) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 477.071291ms ago: executing program 5 (id=1873): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x6, &(0x7f00000001c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x41}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xb, 0x0, &(0x7f0000000680)="548852ac5b4eba7aeaccd2", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x8}, 0x50) 423.412005ms ago: executing program 5 (id=1874): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x228000, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) set_mempolicy(0x4003, &(0x7f0000000200)=0x7, 0x3) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='freezer.self_freezing\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 423.070145ms ago: executing program 1 (id=1876): bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd608a"], 0x0) 408.449956ms ago: executing program 1 (id=1877): r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x11, r0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0xfffffeffffff7ffe, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000002080)=[{{&(0x7f0000000180)={0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, '\x00', 0x3, 0x0}, 0xfffff501}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000840)}], 0x1}}], 0x1, 0x4000800) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000400)={&(0x7f0000f59000/0x2000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff81, 0x1, 0x0, 0xfffffffffffffe27}, &(0x7f0000000800)=0x40) 349.248301ms ago: executing program 1 (id=1878): r0 = socket$inet(0x2, 0x2, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e21, @multicast2}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb", 0x5}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @remote, @remote}}}], 0x20}, 0x40010) 302.076145ms ago: executing program 1 (id=1879): syz_emit_ethernet(0x3e, &(0x7f0000000480)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x64, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x38}}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x11, 0x7, 0x65, 0x0, 0x9, 0x33, 0x6b6, @broadcast, @private=0xa010100}}}}}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000540)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x4d, 0x6, 0x1, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}, {"8a72294aaf59a2420882fafe60c614c0ef01907ee72dc0a5403b5cc6090b1cee633596201a5f05ed8640e1ddecde2a6957e26987c7e2cff077"}}}}}}}, 0x0) 209.789063ms ago: executing program 1 (id=1880): io_uring_enter(0xffffffffffffffff, 0x47ba, 0x0, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x20008004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="b80000001300e99900000000fedbdf25fc000000000000000000000000000000ac1414bb0000000000000000000000000000e9d8000100c40a0060"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) 208.748043ms ago: executing program 2 (id=1881): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x8c) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f0000000080)=""/43, 0x2b) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) getdents(r1, 0xfffffffffffffffd, 0xbb) 208.458413ms ago: executing program 0 (id=1882): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = socket$inet_tcp(0x2, 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) close_range(r1, 0xffffffffffffffff, 0x0) 145.232488ms ago: executing program 1 (id=1883): socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) 280.86µs ago: executing program 2 (id=1884): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000080)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) unshare(0x28040680) getsockopt(0xffffffffffffffff, 0x200000000114, 0x2716, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002) 0s ago: executing program 2 (id=1885): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) sendmmsg(r0, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x2287, 0x4) kernel console output (not intermixed with test programs): copy_folio_from_iter_atomic+0x278/0x1170 [ 80.728136][ T5810] ? shmem_write_begin+0xa8/0x190 [ 80.728223][ T5810] ? shmem_write_begin+0xe1/0x190 [ 80.728251][ T5810] generic_perform_write+0x2c2/0x490 [ 80.728286][ T5810] shmem_file_write_iter+0xc5/0xf0 [ 80.728317][ T5810] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 80.728424][ T5810] vfs_write+0x4a0/0x8e0 [ 80.728538][ T5810] ksys_write+0xda/0x1a0 [ 80.728567][ T5810] __x64_sys_write+0x40/0x50 [ 80.728596][ T5810] x64_sys_call+0x27fe/0x2ff0 [ 80.728685][ T5810] do_syscall_64+0xd2/0x200 [ 80.728708][ T5810] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 80.728775][ T5810] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 80.728801][ T5810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.728829][ T5810] RIP: 0033:0x7f1cf9d3eb69 [ 80.728847][ T5810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.728869][ T5810] RSP: 002b:00007f1cf83a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 80.728976][ T5810] RAX: ffffffffffffffda RBX: 00007f1cf9f65fa0 RCX: 00007f1cf9d3eb69 [ 80.728992][ T5810] RDX: 0000000000040010 RSI: 0000200000000180 RDI: 0000000000000006 [ 80.729009][ T5810] RBP: 00007f1cf83a7090 R08: 0000000000000000 R09: 0000000000000000 [ 80.729024][ T5810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 80.729119][ T5810] R13: 0000000000000000 R14: 00007f1cf9f65fa0 R15: 00007ffe6102f5f8 [ 80.729144][ T5810] [ 80.941369][ T5812] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 81.207298][ T5839] syzkaller1: entered promiscuous mode [ 81.213493][ T5839] syzkaller1: entered allmulticast mode [ 81.251338][ T5841] SELinux: failed to load policy [ 81.293529][ T5849] FAULT_INJECTION: forcing a failure. [ 81.293529][ T5849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 81.306888][ T5849] CPU: 0 UID: 0 PID: 5849 Comm: syz.5.811 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 81.306924][ T5849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 81.306996][ T5849] Call Trace: [ 81.307002][ T5849] [ 81.307008][ T5849] __dump_stack+0x1d/0x30 [ 81.307029][ T5849] dump_stack_lvl+0xe8/0x140 [ 81.307048][ T5849] dump_stack+0x15/0x1b [ 81.307121][ T5849] should_fail_ex+0x265/0x280 [ 81.307155][ T5849] should_fail+0xb/0x20 [ 81.307192][ T5849] should_fail_usercopy+0x1a/0x20 [ 81.307216][ T5849] _copy_from_iter+0xcf/0xe40 [ 81.307243][ T5849] ? __build_skb_around+0x1a0/0x200 [ 81.307278][ T5849] ? __alloc_skb+0x223/0x320 [ 81.307310][ T5849] netlink_sendmsg+0x471/0x6b0 [ 81.307351][ T5849] ? __pfx_netlink_sendmsg+0x10/0x10 [ 81.307389][ T5849] __sock_sendmsg+0x142/0x180 [ 81.307414][ T5849] ____sys_sendmsg+0x31e/0x4e0 [ 81.307546][ T5849] ___sys_sendmsg+0x17b/0x1d0 [ 81.307602][ T5849] __x64_sys_sendmsg+0xd4/0x160 [ 81.307684][ T5849] x64_sys_call+0x191e/0x2ff0 [ 81.307706][ T5849] do_syscall_64+0xd2/0x200 [ 81.307730][ T5849] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 81.307754][ T5849] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 81.307776][ T5849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.307872][ T5849] RIP: 0033:0x7f8616c0eb69 [ 81.307887][ T5849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.307906][ T5849] RSP: 002b:00007f8615277038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 81.307925][ T5849] RAX: ffffffffffffffda RBX: 00007f8616e35fa0 RCX: 00007f8616c0eb69 [ 81.307937][ T5849] RDX: 0000000000004800 RSI: 0000200000000300 RDI: 0000000000000003 [ 81.308022][ T5849] RBP: 00007f8615277090 R08: 0000000000000000 R09: 0000000000000000 [ 81.308034][ T5849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 81.308046][ T5849] R13: 0000000000000000 R14: 00007f8616e35fa0 R15: 00007fffc8b76368 [ 81.308066][ T5849] [ 81.309167][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.589338][ T5862] FAULT_INJECTION: forcing a failure. [ 81.589338][ T5862] name failslab, interval 1, probability 0, space 0, times 0 [ 81.602125][ T5862] CPU: 0 UID: 0 PID: 5862 Comm: syz.4.817 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 81.602163][ T5862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 81.602180][ T5862] Call Trace: [ 81.602216][ T5862] [ 81.602227][ T5862] __dump_stack+0x1d/0x30 [ 81.602247][ T5862] dump_stack_lvl+0xe8/0x140 [ 81.602266][ T5862] dump_stack+0x15/0x1b [ 81.602332][ T5862] should_fail_ex+0x265/0x280 [ 81.602382][ T5862] ? serport_ldisc_read+0x8c/0x300 [ 81.602405][ T5862] should_failslab+0x8c/0xb0 [ 81.602477][ T5862] __kmalloc_cache_noprof+0x4c/0x320 [ 81.602517][ T5862] serport_ldisc_read+0x8c/0x300 [ 81.602623][ T5862] ? terminate_walk+0x27f/0x2a0 [ 81.602664][ T5862] tty_read+0x151/0x4a0 [ 81.602756][ T5862] ? __import_iovec+0x428/0x540 [ 81.602791][ T5862] do_iter_readv_writev+0x421/0x4c0 [ 81.602828][ T5862] vfs_readv+0x1ea/0x690 [ 81.602934][ T5862] do_readv+0xe7/0x210 [ 81.602964][ T5862] __x64_sys_readv+0x45/0x50 [ 81.602995][ T5862] x64_sys_call+0x29f8/0x2ff0 [ 81.603057][ T5862] do_syscall_64+0xd2/0x200 [ 81.603084][ T5862] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 81.603127][ T5862] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 81.603203][ T5862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.603224][ T5862] RIP: 0033:0x7f291c0feb69 [ 81.603239][ T5862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.603262][ T5862] RSP: 002b:00007f291a767038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 81.603286][ T5862] RAX: ffffffffffffffda RBX: 00007f291c325fa0 RCX: 00007f291c0feb69 [ 81.603303][ T5862] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000005 [ 81.603374][ T5862] RBP: 00007f291a767090 R08: 0000000000000000 R09: 0000000000000000 [ 81.603385][ T5862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 81.603397][ T5862] R13: 0000000000000000 R14: 00007f291c325fa0 R15: 00007fff70c8efa8 [ 81.603421][ T5862] [ 81.855761][ T5867] siw: device registration error -23 [ 81.938199][ T5881] smc: adding net device syzkaller1 with user defined pnetid SYZ2 [ 81.947561][ T5881] syzkaller1: entered promiscuous mode [ 81.953202][ T5881] syzkaller1: entered allmulticast mode [ 81.989203][ T5880] smc: removing net device syzkaller1 with user defined pnetid SYZ2 [ 82.016746][ T5887] loop5: detected capacity change from 0 to 1024 [ 82.023740][ T5893] FAULT_INJECTION: forcing a failure. [ 82.023740][ T5893] name failslab, interval 1, probability 0, space 0, times 0 [ 82.024678][ T5887] EXT4-fs: inline encryption not supported [ 82.036554][ T5893] CPU: 0 UID: 0 PID: 5893 Comm: syz.0.830 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 82.036596][ T5893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 82.036616][ T5893] Call Trace: [ 82.036625][ T5893] [ 82.036636][ T5893] __dump_stack+0x1d/0x30 [ 82.036662][ T5893] dump_stack_lvl+0xe8/0x140 [ 82.036733][ T5893] dump_stack+0x15/0x1b [ 82.036754][ T5893] should_fail_ex+0x265/0x280 [ 82.036802][ T5893] should_failslab+0x8c/0xb0 [ 82.036836][ T5893] kmem_cache_alloc_node_noprof+0x57/0x320 [ 82.036876][ T5893] ? __alloc_skb+0x101/0x320 [ 82.036959][ T5893] __alloc_skb+0x101/0x320 [ 82.037066][ T5893] ? audit_log_start+0x365/0x6c0 [ 82.037109][ T5893] audit_log_start+0x380/0x6c0 [ 82.037161][ T5893] audit_seccomp+0x48/0x100 [ 82.037196][ T5893] ? __seccomp_filter+0x68c/0x10d0 [ 82.037276][ T5893] __seccomp_filter+0x69d/0x10d0 [ 82.037309][ T5893] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 82.037346][ T5893] ? vfs_write+0x75e/0x8e0 [ 82.037394][ T5893] ? __rcu_read_unlock+0x4f/0x70 [ 82.037433][ T5893] ? __fget_files+0x184/0x1c0 [ 82.037472][ T5893] __secure_computing+0x82/0x150 [ 82.037501][ T5893] syscall_trace_enter+0xcf/0x1e0 [ 82.037533][ T5893] do_syscall_64+0xac/0x200 [ 82.037693][ T5893] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 82.037724][ T5893] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 82.037755][ T5893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.037784][ T5893] RIP: 0033:0x7f7b4ffeeb69 [ 82.037806][ T5893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.037886][ T5893] RSP: 002b:00007f7b4e657038 EFLAGS: 00000246 ORIG_RAX: 000000000000011f [ 82.037912][ T5893] RAX: ffffffffffffffda RBX: 00007f7b50215fa0 RCX: 00007f7b4ffeeb69 [ 82.037930][ T5893] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff [ 82.037947][ T5893] RBP: 00007f7b4e657090 R08: 0000000000000000 R09: 0000000000000000 [ 82.037964][ T5893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 82.037981][ T5893] R13: 0000000000000000 R14: 00007f7b50215fa0 R15: 00007ffc472500e8 [ 82.038049][ T5893] [ 82.371310][ T5904] siw: device registration error -23 [ 82.424340][ T5912] loop4: detected capacity change from 0 to 1024 [ 82.449558][ T5912] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 82.459500][ T5912] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 82.487785][ T5912] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 82.499441][ T5912] EXT4-fs error (device loop4): ext4_get_journal_inode:5796: inode #5: comm syz.4.840: unexpected bad inode w/o EXT4_IGET_BAD [ 82.513654][ T5912] EXT4-fs (loop4): no journal found [ 82.556517][ T5927] siw: device registration error -23 [ 82.566676][ T5932] __nla_validate_parse: 7 callbacks suppressed [ 82.566691][ T5932] netlink: 8 bytes leftover after parsing attributes in process `syz.4.849'. [ 82.607960][ T5940] netlink: 'syz.5.852': attribute type 4 has an invalid length. [ 82.662425][ T5940] netlink: 'syz.5.852': attribute type 4 has an invalid length. [ 82.685025][ T5937] random: crng reseeded on system resumption [ 82.696203][ T5937] Restarting kernel threads ... [ 82.701580][ T5937] Done restarting kernel threads. [ 82.703496][ T5945] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 82.726087][ T5937] lo speed is unknown, defaulting to 1000 [ 82.784295][ T5956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 82.798967][ T5956] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 82.821133][ T5952] syzkaller1: entered promiscuous mode [ 82.826755][ T5952] syzkaller1: entered allmulticast mode [ 82.972226][ T5965] netlink: 8 bytes leftover after parsing attributes in process `syz.4.862'. [ 82.992239][ T5965] loop4: detected capacity change from 0 to 128 [ 83.002147][ T5965] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 83.014571][ T5965] ext4 filesystem being mounted at /201/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 83.847508][ T3314] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 83.906969][ T6015] FAULT_INJECTION: forcing a failure. [ 83.906969][ T6015] name failslab, interval 1, probability 0, space 0, times 0 [ 83.919728][ T6015] CPU: 0 UID: 0 PID: 6015 Comm: syz.2.883 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 83.919764][ T6015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 83.919807][ T6015] Call Trace: [ 83.919814][ T6015] [ 83.919883][ T6015] __dump_stack+0x1d/0x30 [ 83.919910][ T6015] dump_stack_lvl+0xe8/0x140 [ 83.919935][ T6015] dump_stack+0x15/0x1b [ 83.919950][ T6015] should_fail_ex+0x265/0x280 [ 83.920047][ T6015] should_failslab+0x8c/0xb0 [ 83.920079][ T6015] __kmalloc_noprof+0xa5/0x3e0 [ 83.920114][ T6015] ? process_preds+0x2ce/0x2bb0 [ 83.920157][ T6015] process_preds+0x2ce/0x2bb0 [ 83.920203][ T6015] ? terminate_walk+0x27f/0x2a0 [ 83.920234][ T6015] ? path_openat+0x1bf8/0x2170 [ 83.920252][ T6015] ? avc_has_perm_noaudit+0x1b1/0x200 [ 83.920355][ T6015] ? should_fail_ex+0xdb/0x280 [ 83.920405][ T6015] ? ftrace_profile_set_filter+0xc2/0x1b0 [ 83.920446][ T6015] ? should_failslab+0x8c/0xb0 [ 83.920539][ T6015] ? __kmalloc_cache_noprof+0x189/0x320 [ 83.920615][ T6015] ftrace_profile_set_filter+0xff/0x1b0 [ 83.920665][ T6015] perf_ioctl+0x7b3/0x12e0 [ 83.920693][ T6015] ? ioctl_has_perm+0x289/0x2a0 [ 83.920714][ T6015] ? do_vfs_ioctl+0x866/0xe10 [ 83.920735][ T6015] ? selinux_file_ioctl+0x308/0x3a0 [ 83.920808][ T6015] ? __fget_files+0x184/0x1c0 [ 83.920833][ T6015] ? __pfx_perf_ioctl+0x10/0x10 [ 83.920865][ T6015] __se_sys_ioctl+0xcb/0x140 [ 83.921039][ T6015] __x64_sys_ioctl+0x43/0x50 [ 83.921075][ T6015] x64_sys_call+0x1816/0x2ff0 [ 83.921102][ T6015] do_syscall_64+0xd2/0x200 [ 83.921148][ T6015] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 83.921177][ T6015] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 83.921205][ T6015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.921233][ T6015] RIP: 0033:0x7f1cf9d3eb69 [ 83.921251][ T6015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.921274][ T6015] RSP: 002b:00007f1cf83a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.921304][ T6015] RAX: ffffffffffffffda RBX: 00007f1cf9f65fa0 RCX: 00007f1cf9d3eb69 [ 83.921316][ T6015] RDX: 0000200000000100 RSI: 0000000040082406 RDI: 0000000000000006 [ 83.921327][ T6015] RBP: 00007f1cf83a7090 R08: 0000000000000000 R09: 0000000000000000 [ 83.921359][ T6015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 83.921374][ T6015] R13: 0000000000000000 R14: 00007f1cf9f65fa0 R15: 00007ffe6102f5f8 [ 83.921412][ T6015] [ 84.249788][ T6021] lo speed is unknown, defaulting to 1000 [ 84.280184][ T6024] smc: adding net device syzkaller1 with user defined pnetid SYZ2 [ 84.329072][ T6027] team0 (unregistering): Port device team_slave_0 removed [ 84.339664][ T6027] team0 (unregistering): Port device team_slave_1 removed [ 84.350980][ T6027] team0 (unregistering): Port device vlan0 removed [ 84.405282][ T6020] smc: removing net device syzkaller1 with user defined pnetid SYZ2 [ 84.546243][ T6035] siw: device registration error -23 [ 84.755418][ T6053] syzkaller1: entered promiscuous mode [ 84.761097][ T6053] syzkaller1: entered allmulticast mode [ 84.779910][ T36] usb 3-1: enqueue for inactive port 0 [ 84.791310][ T36] usb 3-1: enqueue for inactive port 0 [ 84.870592][ T36] vhci_hcd: vhci_device speed not set [ 85.085954][ T30] kauditd_printk_skb: 461 callbacks suppressed [ 85.085970][ T30] audit: type=1326 audit(1754127168.054:3926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6071 comm="syz.1.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9b7deb69 code=0x7ffc0000 [ 85.137542][ T30] audit: type=1326 audit(1754127168.094:3927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6071 comm="syz.1.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6b9b7deb69 code=0x7ffc0000 [ 85.161261][ T30] audit: type=1326 audit(1754127168.094:3928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6071 comm="syz.1.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9b7deb69 code=0x7ffc0000 [ 85.186212][ T30] audit: type=1326 audit(1754127168.094:3929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6071 comm="syz.1.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9b7deb69 code=0x7ffc0000 [ 85.209833][ T30] audit: type=1326 audit(1754127168.094:3930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6071 comm="syz.1.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b9b7deb69 code=0x7ffc0000 [ 85.233395][ T30] audit: type=1326 audit(1754127168.094:3931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6071 comm="syz.1.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9b7deb69 code=0x7ffc0000 [ 85.256834][ T30] audit: type=1326 audit(1754127168.094:3932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6071 comm="syz.1.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9b7deb69 code=0x7ffc0000 [ 85.258165][ T6075] loop2: detected capacity change from 0 to 512 [ 85.280253][ T30] audit: type=1326 audit(1754127168.094:3933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6071 comm="syz.1.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b9b7deb69 code=0x7ffc0000 [ 85.280340][ T30] audit: type=1326 audit(1754127168.094:3934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6071 comm="syz.1.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b9b7deb69 code=0x7ffc0000 [ 85.293873][ T6075] ext2: Unknown parameter 'permit_directio' [ 85.309977][ T30] audit: type=1326 audit(1754127168.094:3935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6071 comm="syz.1.907" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b9b7deb69 code=0x7ffc0000 [ 85.436274][ T6084] smc: adding net device syzkaller1 with user defined pnetid SYZ2 [ 85.455818][ T6086] siw: device registration error -23 [ 85.508422][ T6097] netlink: 72 bytes leftover after parsing attributes in process `syz.1.919'. [ 85.532541][ T6082] smc: removing net device syzkaller1 with user defined pnetid SYZ2 [ 85.598692][ T6109] tipc: Resetting bearer [ 85.618276][ T6109] tipc: Disabling bearer [ 85.628623][ T6109] team0 (unregistering): Port device vlan0 removed [ 85.719787][ T6121] siw: device registration error -23 [ 85.750542][ T6124] siw: device registration error -23 [ 85.756508][ T6126] netlink: 72 bytes leftover after parsing attributes in process `syz.5.932'. [ 85.861513][ T6138] netlink: 8 bytes leftover after parsing attributes in process `syz.2.937'. [ 85.883737][ T6140] loop5: detected capacity change from 0 to 1024 [ 85.891248][ T6140] EXT4-fs: Ignoring removed orlov option [ 85.921933][ T6140] netlink: 'syz.5.935': attribute type 13 has an invalid length. [ 85.958363][ T6140] gretap0: refused to change device tx_queue_len [ 85.967875][ T6140] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 85.988797][ T6142] netlink: 14593 bytes leftover after parsing attributes in process `syz.2.937'. [ 86.033051][ T6138] loop2: detected capacity change from 0 to 512 [ 86.063531][ T6138] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.080580][ T6138] ext4 filesystem being mounted at /199/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 86.099185][ T6138] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #4: comm syz.2.937: corrupted inode contents [ 86.113806][ T6138] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #4: comm syz.2.937: mark_inode_dirty error [ 86.126679][ T6138] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #4: comm syz.2.937: corrupted inode contents [ 86.140646][ T6138] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #4: comm syz.2.937: mark_inode_dirty error [ 86.152560][ T6138] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.937: Failed to acquire dquot type 1 [ 86.165531][ T6141] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #4: comm syz.2.937: corrupted inode contents [ 86.177724][ T6141] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #4: comm syz.2.937: mark_inode_dirty error [ 86.190458][ T6141] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #4: comm syz.2.937: corrupted inode contents [ 86.217394][ T6141] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #4: comm syz.2.937: mark_inode_dirty error [ 86.234983][ T6141] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.937: Failed to acquire dquot type 1 [ 86.289414][ T6161] siw: device registration error -23 [ 86.358177][ T6165] siw: device registration error -23 [ 86.384667][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.417317][ T6168] netlink: 72 bytes leftover after parsing attributes in process `syz.2.945'. [ 86.447511][ T6170] smc: adding net device syzkaller1 with user defined pnetid SYZ2 [ 86.457796][ T6170] syzkaller1: entered promiscuous mode [ 86.463449][ T6170] syzkaller1: entered allmulticast mode [ 86.479218][ T6169] smc: removing net device syzkaller1 with user defined pnetid SYZ2 [ 86.507948][ T6174] lo: left promiscuous mode [ 86.515090][ T6174] netlink: 'syz.0.949': attribute type 13 has an invalid length. [ 86.533156][ T6174] gretap0: refused to change device tx_queue_len [ 86.541048][ T6174] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 86.581308][ T6179] netlink: 4 bytes leftover after parsing attributes in process `syz.5.951'. [ 86.655407][ T6195] netlink: 8 bytes leftover after parsing attributes in process `syz.0.957'. [ 86.668666][ T6192] siw: device registration error -23 [ 86.730316][ T6201] netlink: 76 bytes leftover after parsing attributes in process `syz.2.961'. [ 86.897337][ T6214] syzkaller1: entered promiscuous mode [ 86.903067][ T6214] syzkaller1: entered allmulticast mode [ 87.146248][ T6228] loop2: detected capacity change from 0 to 1024 [ 87.153122][ T6228] EXT4-fs: Ignoring removed orlov option [ 87.261881][ T6228] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.304774][ T6228] netlink: 'syz.2.970': attribute type 13 has an invalid length. [ 87.320162][ T6228] gretap0: refused to change device tx_queue_len [ 87.327409][ T6228] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 87.386200][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.734301][ T6267] __nla_validate_parse: 1 callbacks suppressed [ 87.734322][ T6267] netlink: 8 bytes leftover after parsing attributes in process `syz.4.985'. [ 87.753405][ T6267] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6267 comm=syz.4.985 [ 87.770980][ T6267] netlink: 4 bytes leftover after parsing attributes in process `syz.4.985'. [ 87.848903][ T6292] siw: device registration error -23 [ 87.985562][ T6306] siw: device registration error -23 [ 88.039073][ T6309] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 88.087842][ T6316] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1005'. [ 88.096756][ T6316] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1005'. [ 88.187186][ T6326] loop1: detected capacity change from 0 to 512 [ 88.222015][ T6326] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.999: casefold flag without casefold feature [ 88.239975][ T6326] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.999: couldn't read orphan inode 15 (err -117) [ 88.253370][ T6326] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.287369][ T6331] smc: adding net device syzkaller1 with user defined pnetid SYZ2 [ 88.318863][ T6326] lo speed is unknown, defaulting to 1000 [ 88.411179][ T6330] smc: removing net device syzkaller1 with user defined pnetid SYZ2 [ 88.565536][ T6346] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 88.572105][ T6346] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 88.579683][ T6346] vhci_hcd vhci_hcd.0: Device attached [ 88.645705][ T6350] syzkaller1: entered promiscuous mode [ 88.651277][ T6350] syzkaller1: entered allmulticast mode [ 88.768276][ T6356] netlink: 376 bytes leftover after parsing attributes in process `syz.0.1019'. [ 88.799440][ T3382] vhci_hcd: vhci_device speed not set [ 88.869546][ T3382] usb 9-1: new full-speed USB device number 2 using vhci_hcd [ 88.967013][ T6346] loop4: detected capacity change from 0 to 512 [ 88.985369][ T6346] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.004467][ T6346] ext4 filesystem being mounted at /232/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 89.017607][ T6346] bridge0: port 1(syz_tun) entered blocking state [ 89.024315][ T6346] bridge0: port 1(syz_tun) entered disabled state [ 89.031207][ T6346] syz_tun: entered allmulticast mode [ 89.037200][ T6346] syz_tun: entered promiscuous mode [ 89.042841][ T6346] bridge0: port 1(syz_tun) entered blocking state [ 89.049318][ T6346] bridge0: port 1(syz_tun) entered forwarding state [ 89.058402][ T6347] vhci_hcd: connection reset by peer [ 89.065079][ T2901] vhci_hcd: stop threads [ 89.069424][ T2901] vhci_hcd: release socket [ 89.073860][ T2901] vhci_hcd: disconnect device [ 89.396366][ T6403] siw: device registration error -23 [ 89.468655][ T6406] loop5: detected capacity change from 0 to 512 [ 89.531828][ T6406] program syz.5.1035 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 89.683741][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.722124][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.732893][ T6415] siw: device registration error -23 [ 89.787674][ T6420] siw: device registration error -23 [ 89.882742][ T6430] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1049'. [ 89.891778][ T6430] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1049'. [ 89.904546][ T6426] smc: adding net device syzkaller1 with user defined pnetid SYZ2 [ 90.003109][ T6425] smc: removing net device syzkaller1 with user defined pnetid SYZ2 [ 90.016961][ T6439] loop1: detected capacity change from 0 to 1024 [ 90.026280][ T6439] EXT4-fs: inline encryption not supported [ 90.034838][ T6439] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 90.048033][ T6439] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #3: block 1: comm syz.1.1053: lblock 1 mapped to illegal pblock 1 (length 1) [ 90.062457][ T6439] EXT4-fs (loop1): Remounting filesystem read-only [ 90.070527][ T6439] EXT4-fs (loop1): 1 orphan inode deleted [ 90.076940][ T6439] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.231615][ T6451] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1056'. [ 90.286036][ T30] kauditd_printk_skb: 651 callbacks suppressed [ 90.286056][ T30] audit: type=1326 audit(1754127173.254:4580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6452 comm="syz.0.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 90.323607][ T30] audit: type=1326 audit(1754127173.294:4581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6452 comm="syz.0.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 90.347062][ T30] audit: type=1326 audit(1754127173.294:4582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6452 comm="syz.0.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 90.370576][ T30] audit: type=1326 audit(1754127173.294:4583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6452 comm="syz.0.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 90.394046][ T30] audit: type=1326 audit(1754127173.294:4584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6452 comm="syz.0.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 90.417669][ T30] audit: type=1326 audit(1754127173.294:4585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6452 comm="syz.0.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 90.453310][ T30] audit: type=1326 audit(1754127173.414:4586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6452 comm="syz.0.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 90.476845][ T30] audit: type=1326 audit(1754127173.414:4587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6452 comm="syz.0.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 90.501137][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.514086][ T6455] loop4: detected capacity change from 0 to 512 [ 90.585793][ T6455] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.1055: casefold flag without casefold feature [ 90.654157][ T6467] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1063'. [ 90.687628][ T6455] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1055: couldn't read orphan inode 15 (err -117) [ 90.717032][ T30] audit: type=1326 audit(1754127173.684:4588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6462 comm="syz.0.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 90.717128][ T30] audit: type=1326 audit(1754127173.684:4589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6462 comm="syz.0.1062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 90.763239][ T6455] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.081936][ T6455] lo speed is unknown, defaulting to 1000 [ 91.231793][ T6485] loop5: detected capacity change from 0 to 1024 [ 91.233853][ T6485] EXT4-fs: inline encryption not supported [ 91.554222][ T6502] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 91.591861][ T6505] siw: device registration error -23 [ 91.865690][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.866708][ T6524] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1085'. [ 91.919807][ T6528] team0 (unregistering): Port device team_slave_0 removed [ 91.931868][ T6528] team0 (unregistering): Port device team_slave_1 removed [ 91.943624][ T10] syz!: Port: 1 Link DOWN [ 92.035781][ T6543] smc: adding net device syzkaller1 with user defined pnetid SYZ2 [ 92.132596][ T6540] smc: removing net device syzkaller1 with user defined pnetid SYZ2 [ 92.487210][ T6589] loop4: detected capacity change from 0 to 512 [ 92.507086][ T6589] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.1104: casefold flag without casefold feature [ 92.521271][ T6589] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1104: couldn't read orphan inode 15 (err -117) [ 92.534467][ T6589] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.549318][ T6589] program syz.4.1104 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 92.825460][ T6617] __nla_validate_parse: 4 callbacks suppressed [ 92.825480][ T6617] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1120'. [ 92.906672][ T6627] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 92.913278][ T6627] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 92.920751][ T6627] vhci_hcd vhci_hcd.0: Device attached [ 92.930167][ T6621] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1122'. [ 93.109419][ T36] vhci_hcd: vhci_device speed not set [ 93.129198][ T6642] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1130'. [ 93.179419][ T36] usb 1-1: new full-speed USB device number 2 using vhci_hcd [ 93.372905][ T6662] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 93.392652][ T6627] bridge0: port 3(syz_tun) entered blocking state [ 93.399233][ T6627] bridge0: port 3(syz_tun) entered disabled state [ 93.405895][ T6627] syz_tun: entered allmulticast mode [ 93.411978][ T6627] syz_tun: entered promiscuous mode [ 93.417586][ T6627] bridge0: port 3(syz_tun) entered blocking state [ 93.418394][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.424107][ T6627] bridge0: port 3(syz_tun) entered forwarding state [ 93.426787][ T6628] vhci_hcd: connection reset by peer [ 93.448582][ T371] vhci_hcd: stop threads [ 93.453004][ T371] vhci_hcd: release socket [ 93.457468][ T371] vhci_hcd: disconnect device [ 93.466484][ T6664] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1137'. [ 93.496822][ T6666] siw: device registration error -23 [ 93.506080][ T6670] siw: device registration error -23 [ 93.538185][ T6672] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 93.550501][ T6674] loop4: detected capacity change from 0 to 1024 [ 93.701112][ T6696] siw: device registration error -23 [ 93.783704][ T6704] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1151'. [ 93.813406][ T6710] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1153'. [ 93.851044][ T6716] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 93.899665][ T3382] usb 9-1: enqueue for inactive port 0 [ 93.905196][ T3382] usb 9-1: enqueue for inactive port 0 [ 93.911613][ T6726] smc: adding net device syzkaller1 with user defined pnetid SYZ2 [ 93.929269][ T6722] siw: device registration error -23 [ 94.000673][ T6735] netlink: 'syz.1.1165': attribute type 10 has an invalid length. [ 94.009724][ T6725] smc: removing net device syzkaller1 with user defined pnetid SYZ2 [ 94.031382][ T3382] vhci_hcd: vhci_device speed not set [ 94.046378][ T6737] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1166'. [ 94.082334][ T6746] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 94.116662][ T6755] FAULT_INJECTION: forcing a failure. [ 94.116662][ T6755] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 94.116807][ T6754] netlink: 'syz.1.1165': attribute type 10 has an invalid length. [ 94.129926][ T6755] CPU: 1 UID: 0 PID: 6755 Comm: syz.2.1173 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 94.129962][ T6755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 94.129978][ T6755] Call Trace: [ 94.129985][ T6755] [ 94.129994][ T6755] __dump_stack+0x1d/0x30 [ 94.130019][ T6755] dump_stack_lvl+0xe8/0x140 [ 94.130046][ T6755] dump_stack+0x15/0x1b [ 94.130139][ T6755] should_fail_ex+0x265/0x280 [ 94.130206][ T6755] should_fail+0xb/0x20 [ 94.130248][ T6755] should_fail_usercopy+0x1a/0x20 [ 94.130273][ T6755] _copy_from_user+0x1c/0xb0 [ 94.130308][ T6755] ___sys_sendmsg+0xc1/0x1d0 [ 94.130440][ T6755] __x64_sys_sendmsg+0xd4/0x160 [ 94.130554][ T6755] x64_sys_call+0x191e/0x2ff0 [ 94.130584][ T6755] do_syscall_64+0xd2/0x200 [ 94.130694][ T6755] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 94.130728][ T6755] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 94.130759][ T6755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.130788][ T6755] RIP: 0033:0x7f1cf9d3eb69 [ 94.130809][ T6755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.130835][ T6755] RSP: 002b:00007f1cf83a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.130920][ T6755] RAX: ffffffffffffffda RBX: 00007f1cf9f65fa0 RCX: 00007f1cf9d3eb69 [ 94.130938][ T6755] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000004 [ 94.130955][ T6755] RBP: 00007f1cf83a7090 R08: 0000000000000000 R09: 0000000000000000 [ 94.130972][ T6755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.130989][ T6755] R13: 0000000000000000 R14: 00007f1cf9f65fa0 R15: 00007ffe6102f5f8 [ 94.131016][ T6755] [ 94.182413][ T6760] netlink: 'syz.1.1165': attribute type 10 has an invalid length. [ 94.339179][ T6766] siw: device registration error -23 [ 94.391646][ T6773] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1181'. [ 94.412497][ T6773] team0: entered promiscuous mode [ 94.417618][ T6773] team0: entered allmulticast mode [ 94.445701][ T6780] FAULT_INJECTION: forcing a failure. [ 94.445701][ T6780] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 94.458952][ T6780] CPU: 1 UID: 0 PID: 6780 Comm: syz.4.1184 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 94.459011][ T6780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 94.459027][ T6780] Call Trace: [ 94.459034][ T6780] [ 94.459041][ T6780] __dump_stack+0x1d/0x30 [ 94.459059][ T6780] dump_stack_lvl+0xe8/0x140 [ 94.459076][ T6780] dump_stack+0x15/0x1b [ 94.459136][ T6780] should_fail_ex+0x265/0x280 [ 94.459184][ T6780] should_fail+0xb/0x20 [ 94.459209][ T6780] should_fail_usercopy+0x1a/0x20 [ 94.459225][ T6780] _copy_from_user+0x1c/0xb0 [ 94.459321][ T6780] ___sys_sendmsg+0xc1/0x1d0 [ 94.459372][ T6780] __sys_sendmmsg+0x178/0x300 [ 94.459489][ T6780] __x64_sys_sendmmsg+0x57/0x70 [ 94.459596][ T6780] x64_sys_call+0x1c4a/0x2ff0 [ 94.459698][ T6780] do_syscall_64+0xd2/0x200 [ 94.459764][ T6780] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 94.459787][ T6780] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 94.459809][ T6780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.459914][ T6780] RIP: 0033:0x7f291c0feb69 [ 94.459933][ T6780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.459954][ T6780] RSP: 002b:00007f291a767038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 94.459975][ T6780] RAX: ffffffffffffffda RBX: 00007f291c325fa0 RCX: 00007f291c0feb69 [ 94.459990][ T6780] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 94.460002][ T6780] RBP: 00007f291a767090 R08: 0000000000000000 R09: 0000000000000000 [ 94.460014][ T6780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.460025][ T6780] R13: 0000000000000000 R14: 00007f291c325fa0 R15: 00007fff70c8efa8 [ 94.460043][ T6780] [ 94.760672][ T6796] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 94.767219][ T6796] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 94.774671][ T6796] vhci_hcd vhci_hcd.0: Device attached [ 94.938077][ T6796] loop2: detected capacity change from 0 to 512 [ 94.951711][ T6796] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.964432][ T6796] ext4 filesystem being mounted at /268/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 94.970128][ T3409] vhci_hcd: vhci_device speed not set [ 94.980515][ T6797] vhci_hcd: connection closed [ 94.981492][ T1568] vhci_hcd: stop threads [ 94.990521][ T1568] vhci_hcd: release socket [ 94.994983][ T1568] vhci_hcd: disconnect device [ 95.060252][ T3409] usb 5-1: new full-speed USB device number 2 using vhci_hcd [ 95.067846][ T3409] usb 5-1: enqueue for inactive port 0 [ 95.073447][ T3409] usb 5-1: enqueue for inactive port 0 [ 95.080623][ T3409] usb 5-1: enqueue for inactive port 0 [ 95.161267][ T3409] vhci_hcd: vhci_device speed not set [ 95.181870][ T6807] siw: device registration error -23 [ 95.292907][ T6815] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1196'. [ 95.351454][ T30] kauditd_printk_skb: 222 callbacks suppressed [ 95.351533][ T30] audit: type=1400 audit(1754127178.324:4812): avc: denied { write } for pid=6820 comm="syz.0.1198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 95.378198][ T30] audit: type=1400 audit(1754127178.334:4813): avc: denied { nlmsg_write } for pid=6820 comm="syz.0.1198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 95.398941][ T30] audit: type=1400 audit(1754127178.334:4814): avc: denied { getopt } for pid=6820 comm="syz.0.1198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 95.418883][ T30] audit: type=1400 audit(1754127178.334:4815): avc: denied { connect } for pid=6820 comm="syz.0.1198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 95.478839][ T6828] siw: device registration error -23 [ 95.529183][ T6830] siw: device registration error -23 [ 95.560906][ T6833] netlink: 'syz.0.1204': attribute type 10 has an invalid length. [ 95.587090][ T6833] netlink: '': attribute type 10 has an invalid length. [ 95.620956][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.633609][ T6833] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 95.646179][ T6845] FAULT_INJECTION: forcing a failure. [ 95.646179][ T6845] name failslab, interval 1, probability 0, space 0, times 0 [ 95.658903][ T6845] CPU: 0 UID: 0 PID: 6845 Comm: syz.5.1209 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 95.658936][ T6845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 95.658952][ T6845] Call Trace: [ 95.658960][ T6845] [ 95.658968][ T6845] __dump_stack+0x1d/0x30 [ 95.659046][ T6845] dump_stack_lvl+0xe8/0x140 [ 95.659067][ T6845] dump_stack+0x15/0x1b [ 95.659086][ T6845] should_fail_ex+0x265/0x280 [ 95.659122][ T6845] should_failslab+0x8c/0xb0 [ 95.659169][ T6845] kmem_cache_alloc_noprof+0x50/0x310 [ 95.659204][ T6845] ? skb_clone+0x151/0x1f0 [ 95.659237][ T6845] skb_clone+0x151/0x1f0 [ 95.659259][ T6845] __netlink_deliver_tap+0x2c9/0x500 [ 95.659367][ T6845] netlink_unicast+0x66b/0x690 [ 95.659403][ T6845] netlink_sendmsg+0x58b/0x6b0 [ 95.659505][ T6845] ? __pfx_netlink_sendmsg+0x10/0x10 [ 95.659586][ T6845] __sock_sendmsg+0x142/0x180 [ 95.659671][ T6845] ____sys_sendmsg+0x31e/0x4e0 [ 95.659787][ T6845] ___sys_sendmsg+0x17b/0x1d0 [ 95.659845][ T6845] __x64_sys_sendmsg+0xd4/0x160 [ 95.659892][ T6845] x64_sys_call+0x191e/0x2ff0 [ 95.659955][ T6845] do_syscall_64+0xd2/0x200 [ 95.659985][ T6845] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 95.660016][ T6845] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 95.660093][ T6845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.660120][ T6845] RIP: 0033:0x7f8616c0eb69 [ 95.660171][ T6845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.660194][ T6845] RSP: 002b:00007f8615277038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 95.660281][ T6845] RAX: ffffffffffffffda RBX: 00007f8616e35fa0 RCX: 00007f8616c0eb69 [ 95.660298][ T6845] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 95.660313][ T6845] RBP: 00007f8615277090 R08: 0000000000000000 R09: 0000000000000000 [ 95.660329][ T6845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.660344][ T6845] R13: 0000000000000000 R14: 00007f8616e35fa0 R15: 00007fffc8b76368 [ 95.660446][ T6845] [ 95.870562][ T6845] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1209'. [ 95.890544][ T30] audit: type=1400 audit(1754127178.854:4816): avc: denied { read write } for pid=6846 comm="syz.4.1210" name="uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 95.914366][ T30] audit: type=1400 audit(1754127178.854:4817): avc: denied { open } for pid=6846 comm="syz.4.1210" path="/dev/uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 95.944456][ T6850] siw: device registration error -23 [ 95.951910][ T6852] random: crng reseeded on system resumption [ 95.958061][ T6852] FAULT_INJECTION: forcing a failure. [ 95.958061][ T6852] name failslab, interval 1, probability 0, space 0, times 0 [ 95.970761][ T6852] CPU: 0 UID: 0 PID: 6852 Comm: syz.5.1211 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 95.970807][ T6852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 95.970820][ T6852] Call Trace: [ 95.970827][ T6852] [ 95.970835][ T6852] __dump_stack+0x1d/0x30 [ 95.970857][ T6852] dump_stack_lvl+0xe8/0x140 [ 95.970876][ T6852] dump_stack+0x15/0x1b [ 95.970893][ T6852] should_fail_ex+0x265/0x280 [ 95.970941][ T6852] ? dev_create_fw_entry+0x43/0xf0 [ 95.970971][ T6852] should_failslab+0x8c/0xb0 [ 95.970995][ T6852] __kmalloc_cache_noprof+0x4c/0x320 [ 95.971027][ T6852] ? __pfx_fw_name_devm_release+0x10/0x10 [ 95.971132][ T6852] dev_create_fw_entry+0x43/0xf0 [ 95.971159][ T6852] ? __pfx_devm_name_match+0x10/0x10 [ 95.971236][ T6852] devres_for_each_res+0xff/0x160 [ 95.971299][ T6852] ? __pfx_devm_name_match+0x10/0x10 [ 95.971328][ T6852] ? __pfx_dev_create_fw_entry+0x10/0x10 [ 95.971430][ T6852] dev_cache_fw_image+0x62/0x270 [ 95.971495][ T6852] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 95.971525][ T6852] dpm_for_each_dev+0x60/0xa0 [ 95.971589][ T6852] ? __pfx_fw_pm_notify+0x10/0x10 [ 95.971649][ T6852] fw_pm_notify+0x164/0x1a0 [ 95.971800][ T6852] ? __pfx_autoremove_wake_function+0x10/0x10 [ 95.971835][ T6852] notifier_call_chain_robust+0x74/0x350 [ 95.971857][ T6852] blocking_notifier_call_chain_robust+0x50/0x80 [ 95.971880][ T6852] pm_notifier_call_chain_robust+0x2c/0x60 [ 95.971917][ T6852] snapshot_open+0x120/0x270 [ 95.971998][ T6852] ? __pfx_snapshot_open+0x10/0x10 [ 95.972026][ T6852] misc_open+0x1d3/0x200 [ 95.972047][ T6852] chrdev_open+0x2e8/0x3a0 [ 95.972093][ T6852] do_dentry_open+0x649/0xa20 [ 95.972123][ T6852] ? __pfx_chrdev_open+0x10/0x10 [ 95.972150][ T6852] vfs_open+0x37/0x1e0 [ 95.972227][ T6852] path_openat+0x1c5e/0x2170 [ 95.972256][ T6852] do_filp_open+0x109/0x230 [ 95.972285][ T6852] do_sys_openat2+0xa6/0x110 [ 95.972362][ T6852] __x64_sys_openat+0xf2/0x120 [ 95.972478][ T6852] x64_sys_call+0x2e9c/0x2ff0 [ 95.972570][ T6852] do_syscall_64+0xd2/0x200 [ 95.972594][ T6852] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 95.972670][ T6852] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 95.972691][ T6852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.972712][ T6852] RIP: 0033:0x7f8616c0eb69 [ 95.972746][ T6852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.972764][ T6852] RSP: 002b:00007f8615277038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 95.972783][ T6852] RAX: ffffffffffffffda RBX: 00007f8616e35fa0 RCX: 00007f8616c0eb69 [ 95.972796][ T6852] RDX: 0000000000002501 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 95.972808][ T6852] RBP: 00007f8615277090 R08: 0000000000000000 R09: 0000000000000000 [ 95.972820][ T6852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.972832][ T6852] R13: 0000000000000001 R14: 00007f8616e35fa0 R15: 00007fffc8b76368 [ 95.972916][ T6852] [ 96.344329][ T6858] veth3: entered promiscuous mode [ 96.357543][ T6860] siw: device registration error -23 [ 96.408398][ T6858] lo speed is unknown, defaulting to 1000 [ 96.415945][ T30] audit: type=1326 audit(1754127179.384:4818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6864 comm="syz.2.1218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cf9d3eb69 code=0x7ffc0000 [ 96.439584][ T30] audit: type=1326 audit(1754127179.384:4819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6864 comm="syz.2.1218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1cf9d3eb69 code=0x7ffc0000 [ 96.529303][ T30] audit: type=1326 audit(1754127179.444:4820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6865 comm="syz.0.1217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 96.553033][ T30] audit: type=1326 audit(1754127179.444:4821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6865 comm="syz.0.1217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 96.621012][ T6874] FAULT_INJECTION: forcing a failure. [ 96.621012][ T6874] name failslab, interval 1, probability 0, space 0, times 0 [ 96.633719][ T6874] CPU: 1 UID: 0 PID: 6874 Comm: syz.4.1221 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 96.633756][ T6874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 96.633773][ T6874] Call Trace: [ 96.633781][ T6874] [ 96.633789][ T6874] __dump_stack+0x1d/0x30 [ 96.633876][ T6874] dump_stack_lvl+0xe8/0x140 [ 96.633901][ T6874] dump_stack+0x15/0x1b [ 96.633920][ T6874] should_fail_ex+0x265/0x280 [ 96.633952][ T6874] should_failslab+0x8c/0xb0 [ 96.633975][ T6874] __kvmalloc_node_noprof+0x123/0x4e0 [ 96.634035][ T6874] ? bpf_test_run_xdp_live+0x114/0xfe0 [ 96.634073][ T6874] bpf_test_run_xdp_live+0x114/0xfe0 [ 96.634104][ T6874] ? __pfx_autoremove_wake_function+0x10/0x10 [ 96.634180][ T6874] ? 0xffffffffa0205340 [ 96.634194][ T6874] ? synchronize_rcu+0x45/0x320 [ 96.634229][ T6874] ? 0xffffffffa0205340 [ 96.634246][ T6874] ? 0xffffffffa0205340 [ 96.634261][ T6874] ? bpf_dispatcher_change_prog+0x6ec/0x7f0 [ 96.634361][ T6874] ? 0xffffffffa0201a48 [ 96.634384][ T6874] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 96.634425][ T6874] bpf_prog_test_run_xdp+0x4f5/0x910 [ 96.634522][ T6874] ? __rcu_read_unlock+0x4f/0x70 [ 96.634554][ T6874] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 96.634591][ T6874] bpf_prog_test_run+0x227/0x390 [ 96.634642][ T6874] __sys_bpf+0x4b9/0x7b0 [ 96.634681][ T6874] __x64_sys_bpf+0x41/0x50 [ 96.634739][ T6874] x64_sys_call+0x2aea/0x2ff0 [ 96.634767][ T6874] do_syscall_64+0xd2/0x200 [ 96.634797][ T6874] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 96.634821][ T6874] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 96.634882][ T6874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.634902][ T6874] RIP: 0033:0x7f291c0feb69 [ 96.634916][ T6874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.634934][ T6874] RSP: 002b:00007f291a767038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 96.635034][ T6874] RAX: ffffffffffffffda RBX: 00007f291c325fa0 RCX: 00007f291c0feb69 [ 96.635048][ T6874] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 96.635065][ T6874] RBP: 00007f291a767090 R08: 0000000000000000 R09: 0000000000000000 [ 96.635081][ T6874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 96.635096][ T6874] R13: 0000000000000000 R14: 00007f291c325fa0 R15: 00007fff70c8efa8 [ 96.635118][ T6874] [ 96.883571][ T6878] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 96.890227][ T6878] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 96.897691][ T6878] vhci_hcd vhci_hcd.0: Device attached [ 96.934660][ T6882] siw: device registration error -23 [ 96.976695][ T6888] FAULT_INJECTION: forcing a failure. [ 96.976695][ T6888] name failslab, interval 1, probability 0, space 0, times 0 [ 96.989435][ T6888] CPU: 0 UID: 0 PID: 6888 Comm: syz.4.1226 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 96.989468][ T6888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 96.989525][ T6888] Call Trace: [ 96.989533][ T6888] [ 96.989541][ T6888] __dump_stack+0x1d/0x30 [ 96.989562][ T6888] dump_stack_lvl+0xe8/0x140 [ 96.989651][ T6888] dump_stack+0x15/0x1b [ 96.989673][ T6888] should_fail_ex+0x265/0x280 [ 96.989716][ T6888] should_failslab+0x8c/0xb0 [ 96.989747][ T6888] kmem_cache_alloc_noprof+0x50/0x310 [ 96.989820][ T6888] ? configfs_new_dirent+0x37/0x240 [ 96.989853][ T6888] configfs_new_dirent+0x37/0x240 [ 96.989883][ T6888] configfs_dir_open+0x99/0x100 [ 96.989996][ T6888] do_dentry_open+0x649/0xa20 [ 96.990034][ T6888] ? __pfx_configfs_dir_open+0x10/0x10 [ 96.990074][ T6888] vfs_open+0x37/0x1e0 [ 96.990112][ T6888] path_openat+0x1c5e/0x2170 [ 96.990151][ T6888] ? _parse_integer_limit+0x170/0x190 [ 96.990191][ T6888] do_filp_open+0x109/0x230 [ 96.990221][ T6888] do_sys_openat2+0xa6/0x110 [ 96.990263][ T6888] __x64_sys_openat+0xf2/0x120 [ 96.990322][ T6888] x64_sys_call+0x2e9c/0x2ff0 [ 96.990379][ T6888] do_syscall_64+0xd2/0x200 [ 96.990487][ T6888] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 96.990607][ T6888] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 96.990636][ T6888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.990659][ T6888] RIP: 0033:0x7f291c0feb69 [ 96.990713][ T6888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.990797][ T6888] RSP: 002b:00007f291a767038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 96.990821][ T6888] RAX: ffffffffffffffda RBX: 00007f291c325fa0 RCX: 00007f291c0feb69 [ 96.990841][ T6888] RDX: 0000000000101000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 96.990858][ T6888] RBP: 00007f291a767090 R08: 0000000000000000 R09: 0000000000000000 [ 96.990874][ T6888] R10: 0000000000000108 R11: 0000000000000246 R12: 0000000000000001 [ 96.990890][ T6888] R13: 0000000000000000 R14: 00007f291c325fa0 R15: 00007fff70c8efa8 [ 96.990914][ T6888] [ 97.240893][ T6891] siw: device registration error -23 [ 97.281486][ T9] vhci_hcd: vhci_device speed not set [ 97.324555][ T6896] loop1: detected capacity change from 0 to 512 [ 97.342569][ T9] usb 3-1: new full-speed USB device number 3 using vhci_hcd [ 97.362736][ T6896] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.371095][ T6895] lo speed is unknown, defaulting to 1000 [ 97.391425][ T6896] ext4 filesystem being mounted at /215/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 97.441232][ T6879] vhci_hcd: connection reset by peer [ 97.447069][ T371] vhci_hcd: stop threads [ 97.451578][ T371] vhci_hcd: release socket [ 97.456075][ T371] vhci_hcd: disconnect device [ 97.484860][ T6915] FAULT_INJECTION: forcing a failure. [ 97.484860][ T6915] name failslab, interval 1, probability 0, space 0, times 0 [ 97.497634][ T6915] CPU: 0 UID: 0 PID: 6915 Comm: syz.4.1235 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 97.497669][ T6915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 97.497682][ T6915] Call Trace: [ 97.497688][ T6915] [ 97.497695][ T6915] __dump_stack+0x1d/0x30 [ 97.497715][ T6915] dump_stack_lvl+0xe8/0x140 [ 97.497735][ T6915] dump_stack+0x15/0x1b [ 97.497755][ T6915] should_fail_ex+0x265/0x280 [ 97.497793][ T6915] should_failslab+0x8c/0xb0 [ 97.497822][ T6915] kmem_cache_alloc_noprof+0x50/0x310 [ 97.497855][ T6915] ? mas_alloc_nodes+0x265/0x520 [ 97.497887][ T6915] mas_alloc_nodes+0x265/0x520 [ 97.497918][ T6915] mas_preallocate+0x33e/0x520 [ 97.497949][ T6915] __split_vma+0x240/0x650 [ 97.497975][ T6915] ? mas_find+0x5d5/0x700 [ 97.497999][ T6915] vms_gather_munmap_vmas+0x2a5/0x7a0 [ 97.498034][ T6915] do_vmi_align_munmap+0x1a4/0x3d0 [ 97.498074][ T6915] do_vmi_munmap+0x1db/0x220 [ 97.498101][ T6915] do_munmap+0x8a/0xc0 [ 97.498129][ T6915] mremap_to+0x1a4/0x440 [ 97.498161][ T6915] ? check_prep_vma+0x5b4/0x640 [ 97.498199][ T6915] __se_sys_mremap+0x652/0xc60 [ 97.498243][ T6915] ? __bpf_trace_sys_enter+0x10/0x30 [ 97.498271][ T6915] ? trace_sys_enter+0xd0/0xf0 [ 97.498300][ T6915] __x64_sys_mremap+0x67/0x80 [ 97.498342][ T6915] x64_sys_call+0x2a24/0x2ff0 [ 97.498368][ T6915] do_syscall_64+0xd2/0x200 [ 97.498395][ T6915] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 97.498419][ T6915] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 97.498441][ T6915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.498467][ T6915] RIP: 0033:0x7f291c0feb69 [ 97.498485][ T6915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.498508][ T6915] RSP: 002b:00007f291a767038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 97.498533][ T6915] RAX: ffffffffffffffda RBX: 00007f291c325fa0 RCX: 00007f291c0feb69 [ 97.498549][ T6915] RDX: 0000000000400000 RSI: 0000000000003000 RDI: 00002000003ef000 [ 97.498561][ T6915] RBP: 00007f291a767090 R08: 000020000082a000 R09: 0000000000000000 [ 97.498573][ T6915] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 97.498584][ T6915] R13: 0000000000000000 R14: 00007f291c325fa0 R15: 00007fff70c8efa8 [ 97.498602][ T6915] [ 97.802815][ T6921] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 97.816777][ T6923] FAULT_INJECTION: forcing a failure. [ 97.816777][ T6923] name failslab, interval 1, probability 0, space 0, times 0 [ 97.829951][ T6923] CPU: 0 UID: 0 PID: 6923 Comm: syz.5.1239 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 97.829981][ T6923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 97.829997][ T6923] Call Trace: [ 97.830003][ T6923] [ 97.830012][ T6923] __dump_stack+0x1d/0x30 [ 97.830038][ T6923] dump_stack_lvl+0xe8/0x140 [ 97.830063][ T6923] dump_stack+0x15/0x1b [ 97.830084][ T6923] should_fail_ex+0x265/0x280 [ 97.830123][ T6923] ? hugetlb_reserve_pages+0x393/0xc00 [ 97.830148][ T6923] should_failslab+0x8c/0xb0 [ 97.830179][ T6923] __kmalloc_cache_noprof+0x4c/0x320 [ 97.830212][ T6923] hugetlb_reserve_pages+0x393/0xc00 [ 97.830240][ T6923] hugetlbfs_file_mmap+0x27e/0x340 [ 97.830272][ T6923] mmap_region+0xfb0/0x1630 [ 97.830338][ T6923] do_mmap+0x9b3/0xbe0 [ 97.830383][ T6923] __se_sys_remap_file_pages+0x55e/0x600 [ 97.830415][ T6923] ? fput+0x8f/0xc0 [ 97.830455][ T6923] __x64_sys_remap_file_pages+0x67/0x80 [ 97.830483][ T6923] x64_sys_call+0x23af/0x2ff0 [ 97.830506][ T6923] do_syscall_64+0xd2/0x200 [ 97.830537][ T6923] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 97.830568][ T6923] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 97.830594][ T6923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.830622][ T6923] RIP: 0033:0x7f8616c0eb69 [ 97.830642][ T6923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.830666][ T6923] RSP: 002b:00007f8615277038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8 [ 97.830690][ T6923] RAX: ffffffffffffffda RBX: 00007f8616e35fa0 RCX: 00007f8616c0eb69 [ 97.830707][ T6923] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000800000 [ 97.830723][ T6923] RBP: 00007f8615277090 R08: 0000000000000000 R09: 0000000000000000 [ 97.830738][ T6923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.830754][ T6923] R13: 0000000000000000 R14: 00007f8616e35fa0 R15: 00007fffc8b76368 [ 97.830778][ T6923] [ 97.830787][ T6923] HugeTLB: unable to allocate vma specific lock [ 97.837826][ T6927] siw: device registration error -23 [ 98.156555][ T6932] tmpfs: Bad value for 'mpol' [ 98.219559][ T6943] siw: device registration error -23 [ 98.220268][ T36] usb 1-1: enqueue for inactive port 0 [ 98.259649][ T36] usb 1-1: enqueue for inactive port 0 [ 98.301782][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.321928][ T6953] FAULT_INJECTION: forcing a failure. [ 98.321928][ T6953] name failslab, interval 1, probability 0, space 0, times 0 [ 98.334683][ T6953] CPU: 0 UID: 0 PID: 6953 Comm: syz.1.1249 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 98.334777][ T6953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 98.334789][ T6953] Call Trace: [ 98.334796][ T6953] [ 98.334803][ T6953] __dump_stack+0x1d/0x30 [ 98.334824][ T6953] dump_stack_lvl+0xe8/0x140 [ 98.334895][ T6953] dump_stack+0x15/0x1b [ 98.334912][ T6953] should_fail_ex+0x265/0x280 [ 98.334954][ T6953] should_failslab+0x8c/0xb0 [ 98.334983][ T6953] __kmalloc_noprof+0xa5/0x3e0 [ 98.335051][ T6953] ? io_cache_alloc_new+0x2a/0xb0 [ 98.335087][ T6953] io_cache_alloc_new+0x2a/0xb0 [ 98.335116][ T6953] io_send_zc_prep+0x309/0x7c0 [ 98.335143][ T6953] io_submit_sqes+0x5db/0x1050 [ 98.335262][ T6953] __se_sys_io_uring_enter+0x1c1/0x1b70 [ 98.335371][ T6953] ? 0xffffffff81000000 [ 98.335387][ T6953] ? __rcu_read_unlock+0x4f/0x70 [ 98.335487][ T6953] ? get_pid_task+0x96/0xd0 [ 98.335641][ T6953] ? proc_fail_nth_write+0x13b/0x160 [ 98.335667][ T6953] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 98.335691][ T6953] ? vfs_write+0x75e/0x8e0 [ 98.335773][ T6953] ? __rcu_read_unlock+0x4f/0x70 [ 98.335800][ T6953] ? __fget_files+0x184/0x1c0 [ 98.335831][ T6953] ? fput+0x8f/0xc0 [ 98.335859][ T6953] __x64_sys_io_uring_enter+0x78/0x90 [ 98.335924][ T6953] x64_sys_call+0x2de1/0x2ff0 [ 98.335950][ T6953] do_syscall_64+0xd2/0x200 [ 98.336021][ T6953] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 98.336043][ T6953] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 98.336063][ T6953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.336089][ T6953] RIP: 0033:0x7f6b9b7deb69 [ 98.336108][ T6953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.336150][ T6953] RSP: 002b:00007f6b99e3f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 98.336172][ T6953] RAX: ffffffffffffffda RBX: 00007f6b9ba05fa0 RCX: 00007f6b9b7deb69 [ 98.336183][ T6953] RDX: 0000000000000004 RSI: 000000000000749f RDI: 0000000000000003 [ 98.336195][ T6953] RBP: 00007f6b99e3f090 R08: 0000000000000000 R09: fffffffffffffef5 [ 98.336209][ T6953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 98.336225][ T6953] R13: 0000000000000000 R14: 00007f6b9ba05fa0 R15: 00007fffe9a91a18 [ 98.336266][ T6953] [ 98.349444][ T36] vhci_hcd: vhci_device speed not set [ 98.622802][ T6958] loop1: detected capacity change from 0 to 128 [ 98.653891][ T6933] loop5: detected capacity change from 0 to 512 [ 98.677796][ T6958] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 98.697722][ T6958] ext4 filesystem being mounted at /217/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 98.719166][ T6932] netlink: 156 bytes leftover after parsing attributes in process `syz.5.1241'. [ 98.738878][ T6932] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1241'. [ 98.775809][ T3301] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 98.788497][ T6966] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 98.797995][ T6967] siw: device registration error -23 [ 98.831408][ T6973] FAULT_INJECTION: forcing a failure. [ 98.831408][ T6973] name failslab, interval 1, probability 0, space 0, times 0 [ 98.844161][ T6973] CPU: 1 UID: 0 PID: 6973 Comm: syz.0.1256 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 98.844190][ T6973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 98.844203][ T6973] Call Trace: [ 98.844212][ T6973] [ 98.844221][ T6973] __dump_stack+0x1d/0x30 [ 98.844309][ T6973] dump_stack_lvl+0xe8/0x140 [ 98.844328][ T6973] dump_stack+0x15/0x1b [ 98.844346][ T6973] should_fail_ex+0x265/0x280 [ 98.844386][ T6973] ? do_eventfd+0x5c/0x1b0 [ 98.844414][ T6973] should_failslab+0x8c/0xb0 [ 98.844492][ T6973] __kmalloc_cache_noprof+0x4c/0x320 [ 98.844532][ T6973] do_eventfd+0x5c/0x1b0 [ 98.844583][ T6973] __x64_sys_eventfd+0x20/0x30 [ 98.844603][ T6973] x64_sys_call+0x2e91/0x2ff0 [ 98.844772][ T6973] do_syscall_64+0xd2/0x200 [ 98.844801][ T6973] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 98.844858][ T6973] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 98.844878][ T6973] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.844969][ T6973] RIP: 0033:0x7f7b4ffeeb69 [ 98.844988][ T6973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.845007][ T6973] RSP: 002b:00007f7b4e657038 EFLAGS: 00000246 ORIG_RAX: 000000000000011c [ 98.845025][ T6973] RAX: ffffffffffffffda RBX: 00007f7b50215fa0 RCX: 00007f7b4ffeeb69 [ 98.845037][ T6973] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 98.845117][ T6973] RBP: 00007f7b4e657090 R08: 0000000000000000 R09: 0000000000000000 [ 98.845132][ T6973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 98.845147][ T6973] R13: 0000000000000000 R14: 00007f7b50215fa0 R15: 00007ffc472500e8 [ 98.845167][ T6973] [ 99.067367][ T6977] siw: device registration error -23 [ 99.248547][ T6997] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1267'. [ 99.323204][ T7005] siw: device registration error -23 [ 99.334128][ T7006] loop4: detected capacity change from 0 to 512 [ 99.396160][ T7006] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.1260: casefold flag without casefold feature [ 99.409213][ T7006] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1260: couldn't read orphan inode 15 (err -117) [ 99.422505][ T7006] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.436745][ T7006] program syz.4.1260 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 99.654748][ T7018] loop5: detected capacity change from 0 to 512 [ 99.678578][ T7020] FAULT_INJECTION: forcing a failure. [ 99.678578][ T7020] name failslab, interval 1, probability 0, space 0, times 0 [ 99.691345][ T7020] CPU: 1 UID: 0 PID: 7020 Comm: syz.0.1275 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 99.691357][ T7018] RDS: rds_bind could not find a transport for ::ffff:172.30.0.6, load rds_tcp or rds_rdma? [ 99.691383][ T7020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 99.691396][ T7020] Call Trace: [ 99.691402][ T7020] [ 99.691468][ T7020] __dump_stack+0x1d/0x30 [ 99.691496][ T7020] dump_stack_lvl+0xe8/0x140 [ 99.691572][ T7020] dump_stack+0x15/0x1b [ 99.691595][ T7020] should_fail_ex+0x265/0x280 [ 99.691641][ T7020] should_failslab+0x8c/0xb0 [ 99.691676][ T7020] kmem_cache_alloc_noprof+0x50/0x310 [ 99.691769][ T7020] ? skb_clone+0x151/0x1f0 [ 99.691794][ T7020] skb_clone+0x151/0x1f0 [ 99.691819][ T7020] __netlink_deliver_tap+0x2c9/0x500 [ 99.691871][ T7020] netlink_unicast+0x66b/0x690 [ 99.691912][ T7020] netlink_sendmsg+0x58b/0x6b0 [ 99.692046][ T7020] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.692109][ T7020] __sock_sendmsg+0x142/0x180 [ 99.692143][ T7020] ____sys_sendmsg+0x31e/0x4e0 [ 99.692192][ T7020] ___sys_sendmsg+0x17b/0x1d0 [ 99.692312][ T7020] __x64_sys_sendmsg+0xd4/0x160 [ 99.692362][ T7020] x64_sys_call+0x191e/0x2ff0 [ 99.692422][ T7020] do_syscall_64+0xd2/0x200 [ 99.692454][ T7020] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 99.692489][ T7020] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 99.692518][ T7020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.692549][ T7020] RIP: 0033:0x7f7b4ffeeb69 [ 99.692603][ T7020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.692629][ T7020] RSP: 002b:00007f7b4e657038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.692655][ T7020] RAX: ffffffffffffffda RBX: 00007f7b50215fa0 RCX: 00007f7b4ffeeb69 [ 99.692673][ T7020] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 99.692691][ T7020] RBP: 00007f7b4e657090 R08: 0000000000000000 R09: 0000000000000000 [ 99.692765][ T7020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.692780][ T7020] R13: 0000000000000000 R14: 00007f7b50215fa0 R15: 00007ffc472500e8 [ 99.692806][ T7020] [ 99.709334][ T7020] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1275'. [ 99.950403][ T7022] FAULT_INJECTION: forcing a failure. [ 99.950403][ T7022] name failslab, interval 1, probability 0, space 0, times 0 [ 99.963154][ T7022] CPU: 1 UID: 0 PID: 7022 Comm: syz.2.1276 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 99.963313][ T7022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 99.963330][ T7022] Call Trace: [ 99.963339][ T7022] [ 99.963349][ T7022] __dump_stack+0x1d/0x30 [ 99.963376][ T7022] dump_stack_lvl+0xe8/0x140 [ 99.963401][ T7022] dump_stack+0x15/0x1b [ 99.963422][ T7022] should_fail_ex+0x265/0x280 [ 99.963516][ T7022] ? audit_log_d_path+0x8d/0x150 [ 99.963554][ T7022] should_failslab+0x8c/0xb0 [ 99.963584][ T7022] __kmalloc_cache_noprof+0x4c/0x320 [ 99.963614][ T7022] audit_log_d_path+0x8d/0x150 [ 99.963766][ T7022] audit_log_d_path_exe+0x42/0x70 [ 99.963798][ T7022] audit_log_task+0x1e9/0x250 [ 99.963914][ T7022] audit_seccomp+0x61/0x100 [ 99.963938][ T7022] ? __seccomp_filter+0x68c/0x10d0 [ 99.963959][ T7022] __seccomp_filter+0x69d/0x10d0 [ 99.963980][ T7022] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 99.964043][ T7022] ? vfs_write+0x75e/0x8e0 [ 99.964071][ T7022] ? __rcu_read_unlock+0x4f/0x70 [ 99.964092][ T7022] ? __fget_files+0x184/0x1c0 [ 99.964177][ T7022] __secure_computing+0x82/0x150 [ 99.964200][ T7022] syscall_trace_enter+0xcf/0x1e0 [ 99.964282][ T7022] do_syscall_64+0xac/0x200 [ 99.964304][ T7022] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 99.964326][ T7022] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 99.964389][ T7022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.964417][ T7022] RIP: 0033:0x7f1cf9d3eb69 [ 99.964434][ T7022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.964457][ T7022] RSP: 002b:00007f1cf83a7028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 99.964546][ T7022] RAX: ffffffffffffffda RBX: 00007f1cf9f65fa0 RCX: 00007f1cf9d3eb69 [ 99.964563][ T7022] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 99.964576][ T7022] RBP: 00007f1cf83a7090 R08: 0000000000000000 R09: 0000000000000000 [ 99.964606][ T7022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.964622][ T7022] R13: 0000000000000000 R14: 00007f1cf9f65fa0 R15: 00007ffe6102f5f8 [ 99.964646][ T7022] [ 100.256350][ T7030] netlink: 'syz.1.1280': attribute type 21 has an invalid length. [ 100.269511][ T7030] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1280'. [ 100.357491][ T7037] tmpfs: Bad value for 'mpol' [ 100.377931][ T7045] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5) [ 100.378530][ T30] kauditd_printk_skb: 84 callbacks suppressed [ 100.378544][ T30] audit: type=1326 audit(1754127183.344:4906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7050 comm="syz.0.1287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 100.384557][ T7045] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 100.384793][ T7045] vhci_hcd vhci_hcd.0: Device attached [ 100.391291][ T30] audit: type=1326 audit(1754127183.364:4907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7050 comm="syz.0.1287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 100.451070][ T7047] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 100.599489][ T36] vhci_hcd: vhci_device speed not set [ 100.609430][ T30] audit: type=1326 audit(1754127183.434:4908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7050 comm="syz.0.1287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 100.633050][ T30] audit: type=1326 audit(1754127183.434:4909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7050 comm="syz.0.1287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 100.656793][ T30] audit: type=1326 audit(1754127183.434:4910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7050 comm="syz.0.1287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 100.680414][ T30] audit: type=1326 audit(1754127183.434:4911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7050 comm="syz.0.1287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 100.689569][ T36] usb 11-1: new full-speed USB device number 2 using vhci_hcd [ 100.703868][ T30] audit: type=1326 audit(1754127183.434:4912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7050 comm="syz.0.1287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 100.734792][ T30] audit: type=1326 audit(1754127183.434:4913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7050 comm="syz.0.1287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 100.756362][ T7045] loop5: detected capacity change from 0 to 512 [ 100.758325][ T30] audit: type=1326 audit(1754127183.434:4914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7050 comm="syz.0.1287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 100.783910][ T7045] bridge0: port 3(syz_tun) entered blocking state [ 100.787946][ T30] audit: type=1326 audit(1754127183.434:4915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7050 comm="syz.0.1287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4ffeeb69 code=0x7ffc0000 [ 100.794450][ T7045] bridge0: port 3(syz_tun) entered disabled state [ 100.825734][ T7045] syz_tun: entered allmulticast mode [ 100.832171][ T7045] syz_tun: entered promiscuous mode [ 100.837915][ T7045] bridge0: port 3(syz_tun) entered blocking state [ 100.844410][ T7045] bridge0: port 3(syz_tun) entered forwarding state [ 100.860483][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.878165][ T7048] vhci_hcd: connection reset by peer [ 100.884003][ T4360] vhci_hcd: stop threads [ 100.888275][ T4360] vhci_hcd: release socket [ 100.892857][ T4360] vhci_hcd: disconnect device [ 100.906987][ T7037] loop2: detected capacity change from 0 to 512 [ 100.918388][ T7037] netlink: 156 bytes leftover after parsing attributes in process `+}[@'. [ 100.930148][ T7037] netlink: 24 bytes leftover after parsing attributes in process `+}[@'. [ 100.941038][ T7067] FAULT_INJECTION: forcing a failure. [ 100.941038][ T7067] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 100.954314][ T7067] CPU: 1 UID: 0 PID: 7067 Comm: syz.1.1292 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 100.954349][ T7067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 100.954362][ T7067] Call Trace: [ 100.954367][ T7067] [ 100.954373][ T7067] __dump_stack+0x1d/0x30 [ 100.954416][ T7067] dump_stack_lvl+0xe8/0x140 [ 100.954440][ T7067] dump_stack+0x15/0x1b [ 100.954460][ T7067] should_fail_ex+0x265/0x280 [ 100.954570][ T7067] should_fail+0xb/0x20 [ 100.954599][ T7067] should_fail_usercopy+0x1a/0x20 [ 100.954699][ T7067] _copy_from_user+0x1c/0xb0 [ 100.954743][ T7067] ___sys_sendmsg+0xc1/0x1d0 [ 100.954795][ T7067] __x64_sys_sendmsg+0xd4/0x160 [ 100.954854][ T7067] x64_sys_call+0x191e/0x2ff0 [ 100.954880][ T7067] do_syscall_64+0xd2/0x200 [ 100.954909][ T7067] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 100.954995][ T7067] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 100.955023][ T7067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.955124][ T7067] RIP: 0033:0x7f6b9b7deb69 [ 100.955143][ T7067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.955220][ T7067] RSP: 002b:00007f6b99e3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 100.955245][ T7067] RAX: ffffffffffffffda RBX: 00007f6b9ba05fa0 RCX: 00007f6b9b7deb69 [ 100.955261][ T7067] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 100.955284][ T7067] RBP: 00007f6b99e3f090 R08: 0000000000000000 R09: 0000000000000000 [ 100.955299][ T7067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.955315][ T7067] R13: 0000000000000000 R14: 00007f6b9ba05fa0 R15: 00007fffe9a91a18 [ 100.955339][ T7067] [ 101.248252][ T7082] loop2: detected capacity change from 0 to 1024 [ 101.394194][ T7093] veth1_macvtap: left promiscuous mode [ 101.400066][ T7093] macsec0: entered allmulticast mode [ 101.467520][ T7094] program syz.0.1300 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 101.527188][ T7097] loop2: detected capacity change from 0 to 1024 [ 101.699923][ T7097] EXT4-fs: inline encryption not supported [ 101.721324][ T7097] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 101.771903][ T7097] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #3: block 1: comm syz.2.1304: lblock 1 mapped to illegal pblock 1 (length 1) [ 101.789438][ T7097] EXT4-fs (loop2): Remounting filesystem read-only [ 101.823912][ T7097] EXT4-fs (loop2): 1 orphan inode deleted [ 101.909891][ T7097] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.164724][ T7121] netlink: 'syz.1.1314': attribute type 1 has an invalid length. [ 102.210921][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.379494][ T9] usb 3-1: enqueue for inactive port 0 [ 102.394637][ T7127] loop1: detected capacity change from 0 to 512 [ 102.401630][ T9] usb 3-1: enqueue for inactive port 0 [ 102.442763][ T7127] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 102.472829][ T7132] FAULT_INJECTION: forcing a failure. [ 102.472829][ T7132] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 102.486178][ T7132] CPU: 1 UID: 0 PID: 7132 Comm: syz.0.1318 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 102.486261][ T7132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 102.486276][ T7132] Call Trace: [ 102.486282][ T7132] [ 102.486290][ T7132] __dump_stack+0x1d/0x30 [ 102.486311][ T7132] dump_stack_lvl+0xe8/0x140 [ 102.486342][ T7132] dump_stack+0x15/0x1b [ 102.486364][ T7132] should_fail_ex+0x265/0x280 [ 102.486471][ T7132] should_fail_alloc_page+0xf2/0x100 [ 102.486497][ T7132] __alloc_frozen_pages_noprof+0xff/0x360 [ 102.486586][ T7132] alloc_pages_mpol+0xb3/0x250 [ 102.486652][ T7132] folio_alloc_mpol_noprof+0x39/0x80 [ 102.486692][ T7132] shmem_get_folio_gfp+0x3cf/0xd60 [ 102.486791][ T7132] shmem_write_begin+0xa8/0x190 [ 102.486823][ T7132] generic_perform_write+0x184/0x490 [ 102.486854][ T7132] shmem_file_write_iter+0xc5/0xf0 [ 102.486912][ T7132] do_iter_readv_writev+0x421/0x4c0 [ 102.486950][ T7132] vfs_writev+0x2df/0x8b0 [ 102.487000][ T7132] __se_sys_pwritev2+0xfc/0x1c0 [ 102.487046][ T7132] __x64_sys_pwritev2+0x67/0x80 [ 102.487114][ T7132] x64_sys_call+0x2c55/0x2ff0 [ 102.487134][ T7132] do_syscall_64+0xd2/0x200 [ 102.487156][ T7132] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 102.487197][ T7132] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 102.487224][ T7132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.487265][ T7132] RIP: 0033:0x7f7b4ffeeb69 [ 102.487284][ T7132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.487307][ T7132] RSP: 002b:00007f7b4e657038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 102.487331][ T7132] RAX: ffffffffffffffda RBX: 00007f7b50215fa0 RCX: 00007f7b4ffeeb69 [ 102.487346][ T7132] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000008 [ 102.487357][ T7132] RBP: 00007f7b4e657090 R08: 0000000000000000 R09: 0000000000000003 [ 102.487369][ T7132] R10: 0000000000007c00 R11: 0000000000000246 R12: 0000000000000001 [ 102.487385][ T7132] R13: 0000000000000000 R14: 00007f7b50215fa0 R15: 00007ffc472500e8 [ 102.487437][ T7132] [ 102.489512][ T9] vhci_hcd: vhci_device speed not set [ 102.748695][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.876276][ T7146] syzkaller1: entered promiscuous mode [ 102.881984][ T7146] syzkaller1: entered allmulticast mode [ 102.924796][ T7152] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1328'. [ 102.942918][ T7152] bridge0: port 1(macvlan2) entered blocking state [ 102.949646][ T7152] bridge0: port 1(macvlan2) entered disabled state [ 102.956588][ T7152] macvlan2: entered allmulticast mode [ 102.962193][ T7152] bridge0: entered allmulticast mode [ 102.968547][ T7152] macvlan2: left allmulticast mode [ 102.973838][ T7152] bridge0: left allmulticast mode [ 102.992988][ T7155] loop1: detected capacity change from 0 to 512 [ 103.014864][ T7157] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1330'. [ 103.018774][ T7159] loop4: detected capacity change from 0 to 512 [ 103.028645][ T7157] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1330'. [ 103.031094][ T53] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 103.051958][ T53] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 103.062336][ T7159] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.066601][ T53] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 103.080854][ T7155] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.084414][ T53] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 103.096663][ T7155] ext4 filesystem being mounted at /238/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.106414][ T7164] smc: net device bond0 applied user defined pnetid SYZ0 [ 103.121107][ T7152] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #4: comm syz.1.1328: corrupted inode contents [ 103.124714][ T7159] ext4 filesystem being mounted at /280/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.135488][ T7152] EXT4-fs error (device loop1): ext4_dirty_inode:6538: inode #4: comm syz.1.1328: mark_inode_dirty error [ 103.157413][ T7166] FAULT_INJECTION: forcing a failure. [ 103.157413][ T7166] name failslab, interval 1, probability 0, space 0, times 0 [ 103.170536][ T7166] CPU: 1 UID: 0 PID: 7166 Comm: syz.5.1332 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 103.170570][ T7166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 103.170594][ T7166] Call Trace: [ 103.170602][ T7166] [ 103.170612][ T7166] __dump_stack+0x1d/0x30 [ 103.170650][ T7166] dump_stack_lvl+0xe8/0x140 [ 103.170668][ T7166] dump_stack+0x15/0x1b [ 103.170683][ T7166] should_fail_ex+0x265/0x280 [ 103.170734][ T7166] should_failslab+0x8c/0xb0 [ 103.170759][ T7166] __kmalloc_noprof+0xa5/0x3e0 [ 103.170786][ T7166] ? genl_family_rcv_msg_attrs_parse+0x75/0x190 [ 103.170816][ T7166] genl_family_rcv_msg_attrs_parse+0x75/0x190 [ 103.170906][ T7166] genl_family_rcv_msg_doit+0x48/0x1b0 [ 103.170928][ T7166] ? selinux_capable+0x31/0x40 [ 103.170955][ T7166] ? security_capable+0x83/0x90 [ 103.171048][ T7166] ? ns_capable+0x7d/0xb0 [ 103.171125][ T7166] genl_rcv_msg+0x422/0x460 [ 103.171234][ T7166] ? __pfx_smc_pnet_flush+0x10/0x10 [ 103.171325][ T7166] netlink_rcv_skb+0x123/0x220 [ 103.171361][ T7166] ? __pfx_genl_rcv_msg+0x10/0x10 [ 103.171398][ T7166] genl_rcv+0x28/0x40 [ 103.171437][ T7166] netlink_unicast+0x5bd/0x690 [ 103.171466][ T7166] netlink_sendmsg+0x58b/0x6b0 [ 103.171533][ T7166] ? __pfx_netlink_sendmsg+0x10/0x10 [ 103.171581][ T7166] __sock_sendmsg+0x142/0x180 [ 103.171605][ T7166] ____sys_sendmsg+0x31e/0x4e0 [ 103.171685][ T7166] ___sys_sendmsg+0x17b/0x1d0 [ 103.171794][ T7166] __x64_sys_sendmsg+0xd4/0x160 [ 103.171846][ T7166] x64_sys_call+0x191e/0x2ff0 [ 103.171868][ T7166] do_syscall_64+0xd2/0x200 [ 103.171890][ T7166] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 103.171920][ T7166] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 103.172063][ T7166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.172084][ T7166] RIP: 0033:0x7f8616c0eb69 [ 103.172102][ T7166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.172124][ T7166] RSP: 002b:00007f8615256038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 103.172146][ T7166] RAX: ffffffffffffffda RBX: 00007f8616e36080 RCX: 00007f8616c0eb69 [ 103.172226][ T7166] RDX: 0000000000004000 RSI: 0000200000000080 RDI: 0000000000000004 [ 103.172238][ T7166] RBP: 00007f8615256090 R08: 0000000000000000 R09: 0000000000000000 [ 103.172282][ T7166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.172297][ T7166] R13: 0000000000000001 R14: 00007f8616e36080 R15: 00007fffc8b76368 [ 103.172321][ T7166] [ 103.172449][ T7155] EXT4-fs error (device loop1): __ext4_iget:5464: inode #12: block 127754: comm syz.1.1328: invalid block [ 103.202124][ T7152] EXT4-fs error (device loop1): ext4_do_update_inode:5653: inode #4: comm syz.1.1328: corrupted inode contents [ 103.209849][ T7155] EXT4-fs error (device loop1): __ext4_iget:5464: inode #12: block 127754: comm syz.1.1328: invalid block [ 103.229330][ T7152] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #4: comm syz.1.1328: mark_inode_dirty error [ 103.293740][ T7175] loop5: detected capacity change from 0 to 256 [ 103.296108][ T7159] FAULT_INJECTION: forcing a failure. [ 103.296108][ T7159] name failslab, interval 1, probability 0, space 0, times 0 [ 103.326299][ T7178] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 103.328715][ T7159] CPU: 0 UID: 0 PID: 7159 Comm: syz.4.1331 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 103.328899][ T7159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 103.328938][ T7159] Call Trace: [ 103.328946][ T7159] [ 103.328956][ T7159] __dump_stack+0x1d/0x30 [ 103.328988][ T7159] dump_stack_lvl+0xe8/0x140 [ 103.329014][ T7159] dump_stack+0x15/0x1b [ 103.329119][ T7159] should_fail_ex+0x265/0x280 [ 103.329164][ T7159] should_failslab+0x8c/0xb0 [ 103.329213][ T7159] __kmalloc_noprof+0xa5/0x3e0 [ 103.329326][ T7159] ? ext4_find_extent+0x16b/0x7a0 [ 103.329432][ T7159] ext4_find_extent+0x16b/0x7a0 [ 103.329466][ T7159] ext4_ext_map_blocks+0x11f/0x38a0 [ 103.329522][ T7159] ? css_rstat_updated+0xb7/0x240 [ 103.329565][ T7159] ? page_counter_cancel+0xe1/0x1e0 [ 103.329607][ T7159] ? __account_obj_stock+0x211/0x350 [ 103.329638][ T7159] ? x86_call_depth_emit_accounting+0x128/0x2e0 [ 103.329736][ T7159] ? xas_load+0x413/0x430 [ 103.329771][ T7159] ? try_charge_memcg+0x200/0x9e0 [ 103.329802][ T7159] ? css_rstat_updated+0xb7/0x240 [ 103.329961][ T7159] ? __account_obj_stock+0x211/0x350 [ 103.329995][ T7159] ext4_map_query_blocks+0xa8/0x480 [ 103.330103][ T7159] ext4_map_blocks+0x330/0xd00 [ 103.330146][ T7159] ? xa_load+0xb1/0xe0 [ 103.330193][ T7159] ext4_getblk+0x114/0x510 [ 103.330236][ T7159] ext4_bread_batch+0x5c/0x320 [ 103.330292][ T7159] __ext4_find_entry+0x840/0xf40 [ 103.330339][ T7159] ? d_alloc_parallel+0xba9/0xc60 [ 103.330385][ T7159] ext4_lookup+0xbb/0x390 [ 103.330420][ T7159] __lookup_slow+0x190/0x250 [ 103.330492][ T7159] lookup_slow+0x3c/0x60 [ 103.330533][ T7159] walk_component+0x1ec/0x220 [ 103.330571][ T7159] path_lookupat+0xfe/0x2a0 [ 103.330623][ T7159] filename_lookup+0x147/0x340 [ 103.330748][ T7159] user_path_at+0x3e/0x130 [ 103.330797][ T7159] do_sys_truncate+0x5c/0x130 [ 103.330950][ T7159] __x64_sys_truncate+0x31/0x40 [ 103.330983][ T7159] x64_sys_call+0x1a2f/0x2ff0 [ 103.331044][ T7159] do_syscall_64+0xd2/0x200 [ 103.331075][ T7159] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 103.331171][ T7159] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 103.331245][ T7159] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.331299][ T7159] RIP: 0033:0x7f291c0feb69 [ 103.331321][ T7159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.331375][ T7159] RSP: 002b:00007f291a767038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 103.331401][ T7159] RAX: ffffffffffffffda RBX: 00007f291c325fa0 RCX: 00007f291c0feb69 [ 103.331419][ T7159] RDX: 0000000000000000 RSI: 0000000003000000 RDI: 0000200000000900 [ 103.331436][ T7159] RBP: 00007f291a767090 R08: 0000000000000000 R09: 0000000000000000 [ 103.331453][ T7159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.331468][ T7159] R13: 0000000000000000 R14: 00007f291c325fa0 R15: 00007fff70c8efa8 [ 103.331584][ T7159] [ 103.332099][ T7152] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1328: Failed to acquire dquot type 1 [ 103.386097][ T3314] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, [ 103.409153][ T7152] syz.1.1328 (7152) used greatest stack depth: 9536 bytes left [ 103.411823][ T3314] block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 103.835048][ T3314] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz-executor: corrupted xattr block 19: overlapping e_value [ 103.850198][ T3314] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 103.859263][ T3314] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz-executor: corrupted xattr block 19: overlapping e_value [ 103.874167][ T3314] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 103.883227][ T3314] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz-executor: corrupted xattr block 19: overlapping e_value [ 103.901149][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.910546][ T3314] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 103.927344][ T7182] loop2: detected capacity change from 0 to 512 [ 103.936405][ T3314] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2962: inode #15: comm syz-executor: corrupted xattr block 19: overlapping e_value [ 103.956183][ T3314] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -117) [ 103.956261][ T7182] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.978069][ T7182] ext4 filesystem being mounted at /296/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.989089][ T7180] FAULT_INJECTION: forcing a failure. [ 103.989089][ T7180] name failslab, interval 1, probability 0, space 0, times 0 [ 104.001928][ T7180] CPU: 1 UID: 0 PID: 7180 Comm: syz.2.1338 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 104.001961][ T7180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 104.001976][ T7180] Call Trace: [ 104.002057][ T7180] [ 104.002065][ T7180] __dump_stack+0x1d/0x30 [ 104.002086][ T7180] dump_stack_lvl+0xe8/0x140 [ 104.002108][ T7180] dump_stack+0x15/0x1b [ 104.002129][ T7180] should_fail_ex+0x265/0x280 [ 104.002168][ T7180] should_failslab+0x8c/0xb0 [ 104.002270][ T7180] __kmalloc_cache_node_noprof+0x54/0x320 [ 104.002306][ T7180] ? __get_vm_area_node+0x106/0x1d0 [ 104.002344][ T7180] __get_vm_area_node+0x106/0x1d0 [ 104.002471][ T7180] __vmalloc_node_range_noprof+0x273/0xe00 [ 104.002515][ T7180] ? bpf_prog_alloc_no_stats+0x47/0x3a0 [ 104.002610][ T7180] ? avc_has_perm_noaudit+0x1b1/0x200 [ 104.002639][ T7180] ? cred_has_capability+0x210/0x280 [ 104.002683][ T7180] ? bpf_prog_alloc_no_stats+0x47/0x3a0 [ 104.002717][ T7180] __vmalloc_noprof+0x83/0xc0 [ 104.002779][ T7180] ? bpf_prog_alloc_no_stats+0x47/0x3a0 [ 104.002892][ T7180] bpf_prog_alloc_no_stats+0x47/0x3a0 [ 104.002926][ T7180] ? bpf_prog_alloc+0x2a/0x150 [ 104.002959][ T7180] bpf_prog_alloc+0x3c/0x150 [ 104.002993][ T7180] bpf_prog_load+0x514/0x1070 [ 104.003035][ T7180] ? security_bpf+0x2b/0x90 [ 104.003065][ T7180] __sys_bpf+0x462/0x7b0 [ 104.003097][ T7180] __x64_sys_bpf+0x41/0x50 [ 104.003123][ T7180] x64_sys_call+0x2aea/0x2ff0 [ 104.003171][ T7180] do_syscall_64+0xd2/0x200 [ 104.003201][ T7180] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 104.003232][ T7180] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 104.003260][ T7180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.003338][ T7180] RIP: 0033:0x7f1cf9d3eb69 [ 104.003353][ T7180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.003376][ T7180] RSP: 002b:00007f1cf83a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 104.003401][ T7180] RAX: ffffffffffffffda RBX: 00007f1cf9f65fa0 RCX: 00007f1cf9d3eb69 [ 104.003417][ T7180] RDX: 0000000000000094 RSI: 00002000000003c0 RDI: 0000000000000005 [ 104.003466][ T7180] RBP: 00007f1cf83a7090 R08: 0000000000000000 R09: 0000000000000000 [ 104.003482][ T7180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.003505][ T7180] R13: 0000000000000000 R14: 00007f1cf9f65fa0 R15: 00007ffe6102f5f8 [ 104.003608][ T7180] [ 104.003627][ T7180] syz.2.1338: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null) [ 104.069659][ T7193] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 104.070981][ T7180] ,cpuset= [ 104.076769][ T7193] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 104.082345][ T7180] / [ 104.087770][ T7193] vhci_hcd vhci_hcd.0: Device attached [ 104.092982][ T7180] ,mems_allowed=0 [ 104.093007][ T7180] CPU: 1 UID: 0 PID: 7180 Comm: syz.2.1338 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 104.093051][ T7180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 104.093071][ T7180] Call Trace: [ 104.093081][ T7180] [ 104.093092][ T7180] __dump_stack+0x1d/0x30 [ 104.093122][ T7180] dump_stack_lvl+0xe8/0x140 [ 104.093149][ T7180] dump_stack+0x15/0x1b [ 104.093198][ T7180] warn_alloc+0x12b/0x1a0 [ 104.093249][ T7180] __vmalloc_node_range_noprof+0x297/0xe00 [ 104.093303][ T7180] ? avc_has_perm_noaudit+0x1b1/0x200 [ 104.093338][ T7180] ? cred_has_capability+0x210/0x280 [ 104.093387][ T7180] ? bpf_prog_alloc_no_stats+0x47/0x3a0 [ 104.093488][ T7180] __vmalloc_noprof+0x83/0xc0 [ 104.093530][ T7180] ? bpf_prog_alloc_no_stats+0x47/0x3a0 [ 104.093567][ T7180] bpf_prog_alloc_no_stats+0x47/0x3a0 [ 104.093617][ T7180] ? bpf_prog_alloc+0x2a/0x150 [ 104.093664][ T7180] bpf_prog_alloc+0x3c/0x150 [ 104.093700][ T7180] bpf_prog_load+0x514/0x1070 [ 104.093759][ T7180] ? security_bpf+0x2b/0x90 [ 104.093800][ T7180] __sys_bpf+0x462/0x7b0 [ 104.093857][ T7180] __x64_sys_bpf+0x41/0x50 [ 104.093890][ T7180] x64_sys_call+0x2aea/0x2ff0 [ 104.093919][ T7180] do_syscall_64+0xd2/0x200 [ 104.094010][ T7180] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 104.094083][ T7180] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 104.094113][ T7180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.094192][ T7180] RIP: 0033:0x7f1cf9d3eb69 [ 104.094213][ T7180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.094239][ T7180] RSP: 002b:00007f1cf83a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 104.094264][ T7180] RAX: ffffffffffffffda RBX: 00007f1cf9f65fa0 RCX: 00007f1cf9d3eb69 [ 104.094281][ T7180] RDX: 0000000000000094 RSI: 00002000000003c0 RDI: 0000000000000005 [ 104.094299][ T7180] RBP: 00007f1cf83a7090 R08: 0000000000000000 R09: 0000000000000000 [ 104.094316][ T7180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.094333][ T7180] R13: 0000000000000000 R14: 00007f1cf9f65fa0 R15: 00007ffe6102f5f8 [ 104.094408][ T7180] [ 104.094431][ T7180] Mem-Info: [ 104.104247][ T7189] syzkaller1: entered promiscuous mode [ 104.108799][ T7180] active_anon:6254 inactive_anon:2 isolated_anon:0 [ 104.108799][ T7180] active_file:6469 inactive_file:11565 isolated_file:0 [ 104.108799][ T7180] unevictable:0 dirty:101 writeback:0 [ 104.108799][ T7180] slab_reclaimable:3432 slab_unreclaimable:16397 [ 104.108799][ T7180] mapped:32407 shmem:3247 pagetables:965 [ 104.108799][ T7180] sec_pagetables:0 bounce:0 [ 104.108799][ T7180] kernel_misc_reclaimable:0 [ 104.108799][ T7180] free:1887713 free_pcp:9311 free_cma:0 [ 104.114266][ T7189] syzkaller1: entered allmulticast mode [ 104.118982][ T7180] Node 0 active_anon:25016kB inactive_anon:8kB active_file:25876kB inactive_file:46260kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:129628kB dirty:404kB writeback:0kB shmem:12988kB kernel_stack:3184kB pagetables:3860kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 104.244604][ T7198] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5) [ 104.246173][ T7180] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 104.259989][ T7198] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 104.260141][ T7198] vhci_hcd vhci_hcd.0: Device attached [ 104.266530][ T7180] lowmem_reserve[]: 0 [ 104.279431][ T9] vhci_hcd: vhci_device speed not set [ 104.284870][ T7180] 2883 [ 104.380758][ T9] usb 1-1: new full-speed USB device number 3 using vhci_hcd [ 104.381966][ T7180] 7862 [ 104.514562][ T7194] vhci_hcd: connection reset by peer [ 104.556893][ T7180] 7862 [ 104.556914][ T7180] Node 0 DMA32 free:2949328kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2952860kB mlocked:0kB bounce:0kB free_pcp:3532kB local_pcp:0kB free_cma:0kB [ 104.614531][ T371] vhci_hcd: stop threads [ 104.624808][ T7180] lowmem_reserve[]: 0 0 4978 4978 [ 104.624849][ T7180] Node 0 Normal free:4570388kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:49028kB inactive_anon:8kB active_file:25876kB inactive_file:46260kB unevictable:0kB writepending:404kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:25320kB local_pcp:14100kB free_cma:0kB [ 104.632371][ T371] vhci_hcd: release socket [ 104.637824][ T7180] lowmem_reserve[]: 0 [ 104.641871][ T371] vhci_hcd: disconnect device [ 104.647209][ T7180] 0 0 [ 104.661765][ T7203] loop5: detected capacity change from 0 to 512 [ 104.665651][ T7180] 0 [ 104.716986][ T7199] vhci_hcd: connection closed [ 104.740117][ T7180] Node 0 DMA: 0*4kB 0*8kB 0*16kB [ 104.754201][ T371] vhci_hcd: stop threads [ 104.756004][ T7180] 0*32kB [ 104.762323][ T371] vhci_hcd: release socket [ 104.764984][ T7180] 0*64kB [ 104.769697][ T371] vhci_hcd: disconnect device [ 104.774734][ T7180] 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 104.803217][ T7180] Node 0 DMA32: 4*4kB (M) 2*8kB (M) 5*16kB (M) 5*32kB (M) 3*64kB (M) 4*128kB (M) 3*256kB (M) 3*512kB (M) 3*1024kB (M) 3*2048kB (M) 717*4096kB (M) = 2949328kB [ 104.819551][ T7180] Node 0 Normal: 311*4kB (U) 74*8kB (U) 27*16kB (UE) 17*32kB (UME) 113*64kB (UME) 91*128kB (UME) 67*256kB (UM) 45*512kB (UM) 18*1024kB (UME) 4*2048kB (UM) 1094*4096kB (UM) = 4569532kB [ 104.838127][ T7180] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 104.847438][ T7180] 27432 total pagecache pages [ 104.852200][ T7180] 2 pages in swap cache [ 104.856356][ T7180] Free swap = 124988kB [ 104.860741][ T7180] Total swap = 124996kB [ 104.864895][ T7180] 2097051 pages RAM [ 104.868697][ T7180] 0 pages HighMem/MovableOnly [ 104.873631][ T7180] 80436 pages reserved [ 104.879262][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.920745][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.947381][ T7205] loop4: detected capacity change from 0 to 1024 [ 104.954963][ T7205] EXT4-fs: inline encryption not supported [ 104.962306][ T7205] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 104.974579][ T7205] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #3: block 1: comm syz.4.1339: lblock 1 mapped to illegal pblock 1 (length 1) [ 104.989137][ T7205] EXT4-fs (loop4): Remounting filesystem read-only [ 104.996073][ T7205] EXT4-fs (loop4): 1 orphan inode deleted [ 105.002333][ T7205] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.015197][ T7214] __nla_validate_parse: 1 callbacks suppressed [ 105.015214][ T7214] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1348'. [ 105.046062][ T7216] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 105.073371][ T7220] loop2: detected capacity change from 0 to 256 [ 105.109901][ T7222] loop2: detected capacity change from 0 to 1024 [ 105.116835][ T7222] EXT4-fs: inline encryption not supported [ 105.133405][ T7222] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 105.144280][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.157838][ T7225] loop1: detected capacity change from 0 to 512 [ 105.171839][ T7222] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #3: block 1: comm syz.2.1352: lblock 1 mapped to illegal pblock 1 (length 1) [ 105.194552][ T7222] EXT4-fs (loop2): Remounting filesystem read-only [ 105.205857][ T7222] EXT4-fs (loop2): 1 orphan inode deleted [ 105.212074][ T7222] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.961781][ T7248] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1355'. [ 105.970823][ T7248] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1355'. [ 105.984640][ T7248] bridge14: entered promiscuous mode [ 105.990036][ T7248] bridge14: entered allmulticast mode [ 106.001873][ T36] usb 11-1: enqueue for inactive port 0 [ 106.035758][ T36] usb 11-1: enqueue for inactive port 0 [ 106.205995][ T36] vhci_hcd: vhci_device speed not set [ 106.221738][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.244694][ T30] kauditd_printk_skb: 200 callbacks suppressed [ 106.244708][ T30] audit: type=1400 audit(1754127189.214:5107): avc: denied { read } for pid=7251 comm="syz.1.1362" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 106.274025][ T30] audit: type=1400 audit(1754127189.214:5108): avc: denied { open } for pid=7251 comm="syz.1.1362" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 106.434710][ T30] audit: type=1400 audit(1754127189.404:5109): avc: denied { listen } for pid=7258 comm="syz.5.1364" lport=20002 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 106.490580][ T7257] syzkaller1: entered promiscuous mode [ 106.496131][ T7257] syzkaller1: entered allmulticast mode [ 106.620214][ T30] audit: type=1400 audit(1754127189.584:5110): avc: denied { read } for pid=7253 comm="syz.0.1363" path="socket:[19800]" dev="sockfs" ino=19800 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 106.733495][ T7279] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1368'. [ 106.772945][ T7283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1363'. [ 106.782861][ T7283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1363'. [ 106.793711][ T30] audit: type=1400 audit(1754127189.744:5111): avc: denied { bind } for pid=7253 comm="syz.0.1363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 107.555443][ T30] audit: type=1400 audit(1754127190.524:5112): avc: denied { read } for pid=7281 comm="syz.2.1370" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 107.578729][ T30] audit: type=1400 audit(1754127190.524:5113): avc: denied { open } for pid=7281 comm="syz.2.1370" path="/dev/input/event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 107.663199][ T30] audit: type=1400 audit(1754127190.634:5114): avc: denied { read } for pid=7307 comm="syz.4.1378" path="socket:[19206]" dev="sockfs" ino=19206 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 108.432271][ T7330] netlink: 'syz.5.1383': attribute type 25 has an invalid length. [ 108.440265][ T7330] netlink: 'syz.5.1383': attribute type 7 has an invalid length. [ 109.946015][ T9] usb 1-1: enqueue for inactive port 0 [ 109.956050][ T9] usb 1-1: enqueue for inactive port 0 [ 110.132617][ T9] vhci_hcd: vhci_device speed not set [ 110.293809][ T7373] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1397'. [ 111.139003][ T30] audit: type=1400 audit(1754127194.104:5115): avc: denied { setcurrent } for pid=7378 comm="syz.0.1399" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 113.747555][ T7396] loop4: detected capacity change from 0 to 7 [ 113.775577][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 113.784902][ C1] buffer_io_error: 2 callbacks suppressed [ 113.784953][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 113.800749][ C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 113.809938][ C1] Buffer I/O error on dev loop4, logical block 0, async page read [ 113.820379][ T7396] loop4: unable to read partition table [ 113.947105][ T7396] loop_reread_partitions: partition scan of loop4 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 114.178612][ T7420] sctp: [Deprecated]: syz.4.1415 (pid 7420) Use of int in max_burst socket option. [ 114.178612][ T7420] Use struct sctp_assoc_value instead [ 114.210977][ T7422] sch_tbf: burst 19869 is lower than device lo mtu (11337746) ! [ 114.471999][ T7433] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1418'. [ 115.265409][ T7462] sch_tbf: burst 19869 is lower than device lo mtu (11337746) ! [ 115.633102][ T7480] nfs: Deprecated parameter 'nointr' [ 115.638683][ T7480] nfs: Unknown parameter 'smackfstransmute' [ 115.800922][ T30] audit: type=1400 audit(1754127198.764:5116): avc: denied { read append } for pid=7472 comm="syz.1.1433" name="ptp0" dev="devtmpfs" ino=247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 115.824649][ T30] audit: type=1400 audit(1754127198.764:5117): avc: denied { open } for pid=7472 comm="syz.1.1433" path="/dev/ptp0" dev="devtmpfs" ino=247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 116.448802][ T30] audit: type=1400 audit(1754127199.414:5118): avc: denied { map } for pid=7494 comm="syz.4.1442" path="socket:[20179]" dev="sockfs" ino=20179 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 116.676479][ T7505] netlink: 'syz.0.1444': attribute type 39 has an invalid length. [ 117.102118][ T7518] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 117.546432][ T30] audit: type=1400 audit(1754127200.514:5119): avc: denied { ioctl } for pid=7520 comm="syz.5.1449" path="socket:[20540]" dev="sockfs" ino=20540 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 117.601146][ T30] audit: type=1400 audit(1754127200.554:5120): avc: denied { bind } for pid=7520 comm="syz.5.1449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 117.690535][ T30] audit: type=1400 audit(1754127200.664:5121): avc: denied { connect } for pid=7532 comm="syz.1.1455" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 117.713154][ T7534] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1454'. [ 117.735679][ T30] audit: type=1400 audit(1754127200.664:5122): avc: denied { ioctl } for pid=7532 comm="syz.1.1455" path="socket:[20565]" dev="sockfs" ino=20565 ioctlcmd=0x48c8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 118.137434][ T7543] random: crng reseeded on system resumption [ 118.699176][ T7566] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1468'. [ 121.787972][ T30] audit: type=1400 audit(1754127204.064:5123): avc: denied { create } for pid=7582 comm="syz.2.1474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 122.660113][ T7594] lo speed is unknown, defaulting to 1000 [ 123.167553][ T30] audit: type=1400 audit(1754127206.134:5124): avc: denied { name_connect } for pid=7606 comm="syz.2.1482" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 123.254953][ T7617] netlink: 'syz.2.1486': attribute type 1 has an invalid length. [ 123.315178][ T7611] netlink: 'syz.1.1484': attribute type 11 has an invalid length. [ 123.331070][ T7617] 8021q: adding VLAN 0 to HW filter on device bond2 [ 123.459898][ T30] audit: type=1400 audit(1754127206.384:5125): avc: denied { bind } for pid=7612 comm="syz.0.1485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 123.479534][ T30] audit: type=1400 audit(1754127206.384:5126): avc: denied { listen } for pid=7612 comm="syz.0.1485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 123.499144][ T30] audit: type=1400 audit(1754127206.384:5127): avc: denied { setopt } for pid=7612 comm="syz.0.1485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 123.744221][ T7617] bond2: (slave veth0_to_bond): making interface the new active one [ 123.814710][ T7617] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 123.876937][ T7626] vlan2: entered allmulticast mode [ 123.882250][ T7626] veth1: entered allmulticast mode [ 123.887830][ T7626] veth1: entered promiscuous mode [ 123.893318][ T7626] veth1: left promiscuous mode [ 123.899675][ T7626] bond2: (slave vlan2): Enslaving as an active interface with an up link [ 124.138204][ T7633] hub 8-0:1.0: USB hub found [ 124.143216][ T7633] hub 8-0:1.0: 8 ports detected [ 124.287685][ T7636] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1491'. [ 124.296774][ T7636] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1491'. [ 125.198505][ T7660] netlink: 'syz.0.1500': attribute type 10 has an invalid length. [ 125.367071][ T7673] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 125.468985][ T7673] netlink: 'syz.4.1505': attribute type 1 has an invalid length. [ 125.605698][ T7682] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1509'. [ 126.328690][ T30] audit: type=1400 audit(1754127209.284:5128): avc: denied { create } for pid=7692 comm="syz.2.1516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 126.348220][ T30] audit: type=1400 audit(1754127209.294:5129): avc: denied { bind } for pid=7692 comm="syz.2.1516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 126.367652][ T30] audit: type=1400 audit(1754127209.294:5130): avc: denied { listen } for pid=7692 comm="syz.2.1516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 126.387796][ T30] audit: type=1400 audit(1754127209.294:5131): avc: denied { accept } for pid=7692 comm="syz.2.1516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 126.414655][ T7699] ip6gre1: entered promiscuous mode [ 126.885593][ T7726] netlink: 'syz.5.1528': attribute type 1 has an invalid length. [ 126.924923][ T7726] 8021q: adding VLAN 0 to HW filter on device bond1 [ 127.031298][ T7741] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1535'. [ 127.327536][ T7745] bond1: (slave veth0_to_bond): making interface the new active one [ 127.452863][ T7745] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 127.486227][ T7726] vlan2: entered allmulticast mode [ 127.492322][ T7726] veth1: entered allmulticast mode [ 127.504842][ T7726] veth1: entered promiscuous mode [ 127.505312][ T7726] veth1: left promiscuous mode [ 127.506773][ T7726] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 127.573743][ T7760] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 0, id = 0 [ 128.055892][ T7784] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1550'. [ 128.989544][ T7826] netdevsim netdevsim1: Direct firmware load for . [ 128.989544][ T7826] failed with error -2 [ 129.398941][ T7831] lo speed is unknown, defaulting to 1000 [ 131.305145][ T7915] netlink: 'syz.0.1601': attribute type 1 has an invalid length. [ 131.409611][ T7915] 8021q: adding VLAN 0 to HW filter on device bond1 [ 131.427369][ T7921] bond1: (slave veth0_to_bond): making interface the new active one [ 131.437656][ T7921] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 132.899606][ T30] audit: type=1400 audit(1754127215.364:5132): avc: denied { write } for pid=7924 comm="syz.4.1604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 133.686364][ T7960] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1617'. [ 133.936110][ C1] vcan0: j1939_tp_rxtimer: 0xffff888119da5800: rx timeout, send abort [ 133.953422][ T30] audit: type=1400 audit(1754127216.894:5133): avc: denied { ioctl } for pid=7951 comm="syz.4.1614" path="socket:[21362]" dev="sockfs" ino=21362 ioctlcmd=0x89a2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 136.198766][ T7992] random: crng reseeded on system resumption [ 136.514434][ T8015] syzkaller1: entered promiscuous mode [ 136.520218][ T8015] syzkaller1: entered allmulticast mode [ 136.566529][ T8019] netdevsim netdevsim5: Direct firmware load for . [ 136.566529][ T8019] failed with error -2 [ 136.898152][ T8032] lo speed is unknown, defaulting to 1000 [ 139.101529][ T8092] /dev/nullb0: Can't lookup blockdev [ 139.644975][ T30] audit: type=1400 audit(1754127222.614:5134): avc: denied { connect } for pid=8110 comm="syz.4.1675" laddr=172.20.20.170 lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 139.751480][ T30] audit: type=1400 audit(1754127222.714:5135): avc: denied { accept } for pid=8124 comm="syz.5.1681" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 139.777113][ T8130] tc_dump_action: action bad kind [ 140.005714][ T8162] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 140.872729][ T30] audit: type=1400 audit(1754127223.834:5136): avc: denied { write } for pid=8177 comm="syz.4.1702" path="socket:[22737]" dev="sockfs" ino=22737 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 141.257475][ T8199] netlink: 9472 bytes leftover after parsing attributes in process `syz.5.1712'. [ 141.407576][ T8213] netlink: 'syz.5.1718': attribute type 1 has an invalid length. [ 141.457594][ T8213] 8021q: adding VLAN 0 to HW filter on device bond2 [ 141.494137][ T8213] bond1: (slave veth0_to_bond): Releasing active interface [ 141.501465][ T8213] bond1: (slave veth0_to_bond): the permanent HWaddr of slave - aa:aa:aa:aa:aa:1d - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 141.536323][ T8213] bond1: (slave vlan2): making interface the new active one [ 141.544324][ T8213] veth1: entered promiscuous mode [ 141.560492][ T8213] bond2: (slave veth0_to_bond): making interface the new active one [ 141.576160][ T8213] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 141.684131][ T8237] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1726'. [ 142.495089][ T30] audit: type=1400 audit(1754127225.404:5137): avc: denied { accept } for pid=8242 comm="syz.4.1728" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 142.823956][ T8270] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1738'. [ 144.733105][ T8288] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1742'. [ 147.103028][ T8328] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1758'. [ 147.544414][ T30] audit: type=1400 audit(1754127230.514:5138): avc: denied { write } for pid=8323 comm="syz.4.1758" name="event1" dev="devtmpfs" ino=243 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 147.866117][ T8324] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 147.902436][ T30] audit: type=1400 audit(1754127230.874:5139): avc: denied { getopt } for pid=8357 comm="syz.4.1769" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 147.979158][ T30] audit: type=1400 audit(1754127230.944:5140): avc: denied { read } for pid=8357 comm="syz.4.1769" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 148.106384][ T8376] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1774'. [ 148.128293][ T8376] bond0: option resend_igmp: invalid value (18446744072065384451) [ 148.136664][ T8376] bond0: option resend_igmp: allowed values 0 - 255 [ 148.169561][ T30] audit: type=1400 audit(1754127231.134:5141): avc: denied { write } for pid=8380 comm="syz.5.1776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 149.489141][ T8415] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1787'. [ 149.941027][ T8443] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1799'. [ 149.971287][ T8448] netlink: 'syz.1.1801': attribute type 1 has an invalid length. [ 149.988267][ T30] audit: type=1400 audit(1754127232.954:5142): avc: denied { ioctl } for pid=8450 comm="syz.5.1802" path="/dev/input/event3" dev="devtmpfs" ino=246 ioctlcmd=0x4591 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 150.014140][ T30] audit: type=1400 audit(1754127232.954:5143): avc: denied { block_suspend } for pid=8450 comm="syz.5.1802" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 150.045131][ T8448] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.089533][ T8448] bond0: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 150.104230][ T8448] vlan2: entered allmulticast mode [ 150.109581][ T8448] veth1: entered allmulticast mode [ 150.209734][ T30] audit: type=1400 audit(1754127233.164:5144): avc: denied { bind } for pid=8455 comm="syz.0.1803" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 150.229822][ T30] audit: type=1400 audit(1754127233.164:5145): avc: denied { create } for pid=8455 comm="syz.0.1803" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1 [ 150.613851][ T8478] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1811'. [ 151.930457][ T8515] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 152.246647][ T8525] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1828'. [ 152.565363][ T8531] netlink: 'syz.1.1831': attribute type 1 has an invalid length. [ 152.643604][ T8531] 8021q: adding VLAN 0 to HW filter on device bond1 [ 152.669745][ T8535] bond0: (slave veth0_to_bond): Releasing active interface [ 152.683458][ T8535] bond1: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 153.193794][ T8549] random: crng reseeded on system resumption [ 153.249430][ T30] audit: type=1400 audit(1754127236.164:5146): avc: denied { read write } for pid=8548 comm="syz.5.1839" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 154.650505][ T8599] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1861'. [ 155.169393][ T30] audit: type=1326 audit(1754127238.134:5147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8622 comm="syz.4.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291c0feb69 code=0x7ffc0000 [ 155.202225][ T8623] smc: adding net device syzkaller1 with user defined pnetid SYZ2 [ 155.295317][ T30] audit: type=1326 audit(1754127238.164:5148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8622 comm="syz.4.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291c0feb69 code=0x7ffc0000 [ 155.318909][ T30] audit: type=1326 audit(1754127238.164:5149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8622 comm="syz.4.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f291c0feb69 code=0x7ffc0000 [ 155.342423][ T30] audit: type=1326 audit(1754127238.164:5150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8622 comm="syz.4.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291c0feb69 code=0x7ffc0000 [ 155.366034][ T30] audit: type=1326 audit(1754127238.164:5151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8622 comm="syz.4.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f291c0feb69 code=0x7ffc0000 [ 155.389490][ T30] audit: type=1326 audit(1754127238.164:5152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8622 comm="syz.4.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291c0feb69 code=0x7ffc0000 [ 155.413870][ T30] audit: type=1326 audit(1754127238.164:5153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8622 comm="syz.4.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291c0feb69 code=0x7ffc0000 [ 155.441721][ T30] audit: type=1326 audit(1754127238.164:5154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8622 comm="syz.4.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f291c0feb69 code=0x7ffc0000 [ 155.467674][ T30] audit: type=1326 audit(1754127238.164:5155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8622 comm="syz.4.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f291c0feb69 code=0x7ffc0000 [ 155.959729][ C1] ================================================================== [ 155.968065][ C1] BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv [ 155.976077][ C1] [ 155.978438][ C1] read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 0: [ 155.986545][ C1] can_can_gw_rcv+0x807/0x820 [ 155.991261][ C1] can_rcv_filter+0xc7/0x4f0 [ 155.995928][ C1] can_receive+0x163/0x1c0 [ 156.000390][ C1] can_rcv+0xed/0x190 [ 156.004419][ C1] __netif_receive_skb+0x120/0x270 [ 156.009556][ C1] process_backlog+0x229/0x420 [ 156.014345][ C1] __napi_poll+0x63/0x310 [ 156.018706][ C1] net_rx_action+0x391/0x830 [ 156.023345][ C1] handle_softirqs+0xb7/0x290 [ 156.028106][ C1] __irq_exit_rcu+0x3a/0xc0 [ 156.032644][ C1] common_interrupt+0x83/0x90 [ 156.037444][ C1] asm_common_interrupt+0x26/0x40 [ 156.042670][ C1] finish_task_switch+0xb6/0x2b0 [ 156.047741][ C1] __schedule+0x6b9/0xb30 [ 156.052160][ C1] schedule+0x5f/0xd0 [ 156.056173][ C1] do_nanosleep+0x96/0x330 [ 156.060622][ C1] hrtimer_nanosleep+0xdd/0x280 [ 156.065510][ C1] common_nsleep+0x62/0x80 [ 156.070090][ C1] __se_sys_clock_nanosleep+0x217/0x250 [ 156.075691][ C1] __x64_sys_clock_nanosleep+0x55/0x70 [ 156.081198][ C1] x64_sys_call+0x272d/0x2ff0 [ 156.086614][ C1] do_syscall_64+0xd2/0x200 [ 156.091225][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.097251][ C1] [ 156.099598][ C1] read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 1: [ 156.107774][ C1] can_can_gw_rcv+0x807/0x820 [ 156.112487][ C1] can_rcv_filter+0xc7/0x4f0 [ 156.117112][ C1] can_receive+0x163/0x1c0 [ 156.122180][ C1] can_rcv+0xed/0x190 [ 156.126210][ C1] __netif_receive_skb+0x120/0x270 [ 156.131532][ C1] process_backlog+0x229/0x420 [ 156.136329][ C1] __napi_poll+0x63/0x310 [ 156.141220][ C1] net_rx_action+0x391/0x830 [ 156.146105][ C1] handle_softirqs+0xb7/0x290 [ 156.151260][ C1] do_softirq+0x5d/0x90 [ 156.155446][ C1] __local_bh_enable_ip+0x70/0x80 [ 156.160499][ C1] _raw_spin_unlock_bh+0x36/0x40 [ 156.165482][ C1] batadv_nc_purge_paths+0x22b/0x270 [ 156.170814][ C1] batadv_nc_worker+0x3d8/0xae0 [ 156.176166][ C1] process_scheduled_works+0x4ce/0x9d0 [ 156.181683][ C1] worker_thread+0x582/0x770 [ 156.186924][ C1] kthread+0x489/0x510 [ 156.191117][ C1] ret_from_fork+0xdd/0x150 [ 156.195649][ C1] ret_from_fork_asm+0x1a/0x30 [ 156.200540][ C1] [ 156.202886][ C1] value changed: 0x00000a27 -> 0x00000a28 [ 156.208655][ C1] [ 156.210997][ C1] Reported by Kernel Concurrency Sanitizer on: [ 156.217262][ C1] CPU: 1 UID: 0 PID: 371 Comm: kworker/u8:5 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 156.229438][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 156.239520][ C1] Workqueue: bat_events batadv_nc_worker [ 156.245256][ C1] ================================================================== [ 156.299519][ C1] ================================================================== [ 156.307668][ C1] BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter [ 156.314922][ C1] [ 156.317261][ C1] read-write to 0xffff8881015761f8 of 8 bytes by interrupt on cpu 0: [ 156.325343][ C1] can_rcv_filter+0xd9/0x4f0 [ 156.329981][ C1] can_receive+0x163/0x1c0 [ 156.334440][ C1] can_rcv+0xed/0x190 [ 156.338466][ C1] __netif_receive_skb+0x120/0x270 [ 156.343618][ C1] process_backlog+0x229/0x420 [ 156.348409][ C1] __napi_poll+0x63/0x310 [ 156.352768][ C1] net_rx_action+0x391/0x830 [ 156.357394][ C1] handle_softirqs+0xb7/0x290 [ 156.362135][ C1] do_softirq+0x5d/0x90 [ 156.366315][ C1] __local_bh_enable_ip+0x70/0x80 [ 156.371376][ C1] _raw_spin_unlock_bh+0x36/0x40 [ 156.376438][ C1] release_sock+0x116/0x150 [ 156.380974][ C1] tcp_recvmsg+0x138/0x490 [ 156.385422][ C1] inet_recvmsg+0xb7/0x290 [ 156.390009][ C1] sock_recvmsg+0xf6/0x170 [ 156.394594][ C1] sock_read_iter+0x152/0x1a0 [ 156.399321][ C1] vfs_read+0x5cd/0x6f0 [ 156.403506][ C1] ksys_read+0xda/0x1a0 [ 156.407689][ C1] __x64_sys_read+0x40/0x50 [ 156.412221][ C1] x64_sys_call+0x27bc/0x2ff0 [ 156.416955][ C1] do_syscall_64+0xd2/0x200 [ 156.421493][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.427433][ C1] [ 156.429777][ C1] read-write to 0xffff8881015761f8 of 8 bytes by interrupt on cpu 1: [ 156.438778][ C1] can_rcv_filter+0xd9/0x4f0 [ 156.443500][ C1] can_receive+0x163/0x1c0 [ 156.449170][ C1] can_rcv+0xed/0x190 [ 156.453405][ C1] __netif_receive_skb+0x120/0x270 [ 156.459107][ C1] process_backlog+0x229/0x420 [ 156.463995][ C1] __napi_poll+0x63/0x310 [ 156.468521][ C1] net_rx_action+0x391/0x830 [ 156.473144][ C1] handle_softirqs+0xb7/0x290 [ 156.478209][ C1] do_softirq+0x5d/0x90 [ 156.482390][ C1] __local_bh_enable_ip+0x70/0x80 [ 156.488137][ C1] _raw_spin_unlock_bh+0x36/0x40 [ 156.493344][ C1] batadv_nc_purge_paths+0x22b/0x270 [ 156.498711][ C1] batadv_nc_worker+0x3d8/0xae0 [ 156.503642][ C1] process_scheduled_works+0x4ce/0x9d0 [ 156.509755][ C1] worker_thread+0x582/0x770 [ 156.514386][ C1] kthread+0x489/0x510 [ 156.518742][ C1] ret_from_fork+0xdd/0x150 [ 156.523371][ C1] ret_from_fork_asm+0x1a/0x30 [ 156.529533][ C1] [ 156.532048][ C1] value changed: 0x0000000000006b80 -> 0x0000000000006b81 [ 156.539348][ C1] [ 156.541693][ C1] Reported by Kernel Concurrency Sanitizer on: [ 156.547860][ C1] CPU: 1 UID: 0 PID: 371 Comm: kworker/u8:5 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 156.560227][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 156.570394][ C1] Workqueue: bat_events batadv_nc_worker [ 156.576074][ C1] ================================================================== [ 158.300154][ T8623] smc: removing net device syzkaller1 with user defined pnetid SYZ2 [ 158.993317][ C1] ================================================================== [ 159.001734][ C1] BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv [ 159.010695][ C1] [ 159.014162][ C1] read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 0: [ 159.022254][ C1] can_can_gw_rcv+0x807/0x820 [ 159.027921][ C1] can_rcv_filter+0xc7/0x4f0 [ 159.032643][ C1] can_receive+0x163/0x1c0 [ 159.037095][ C1] can_rcv+0xed/0x190 [ 159.041388][ C1] __netif_receive_skb+0x120/0x270 [ 159.046524][ C1] process_backlog+0x229/0x420 [ 159.051344][ C1] __napi_poll+0x63/0x310 [ 159.055694][ C1] net_rx_action+0x391/0x830 [ 159.060311][ C1] handle_softirqs+0xb7/0x290 [ 159.065011][ C1] do_softirq+0x5d/0x90 [ 159.069208][ C1] __local_bh_enable_ip+0x70/0x80 [ 159.074431][ C1] _raw_spin_unlock_bh+0x36/0x40 [ 159.079488][ C1] nsim_dev_trap_report_work+0x52b/0x630 [ 159.085775][ C1] process_scheduled_works+0x4ce/0x9d0 [ 159.092080][ C1] worker_thread+0x582/0x770 [ 159.096765][ C1] kthread+0x489/0x510 [ 159.100855][ C1] ret_from_fork+0xdd/0x150 [ 159.105474][ C1] ret_from_fork_asm+0x1a/0x30 [ 159.110618][ C1] [ 159.112952][ C1] read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 1: [ 159.121251][ C1] can_can_gw_rcv+0x807/0x820 [ 159.125956][ C1] can_rcv_filter+0xc7/0x4f0 [ 159.130588][ C1] can_receive+0x163/0x1c0 [ 159.135079][ C1] can_rcv+0xed/0x190 [ 159.139094][ C1] __netif_receive_skb+0x120/0x270 [ 159.144502][ C1] process_backlog+0x229/0x420 [ 159.149512][ C1] __napi_poll+0x63/0x310 [ 159.153871][ C1] net_rx_action+0x391/0x830 [ 159.158582][ C1] handle_softirqs+0xb7/0x290 [ 159.163317][ C1] do_softirq+0x5d/0x90 [ 159.167529][ C1] __local_bh_enable_ip+0x70/0x80 [ 159.172578][ C1] _raw_spin_unlock_bh+0x36/0x40 [ 159.177554][ C1] batadv_nc_purge_paths+0x22b/0x270 [ 159.182982][ C1] batadv_nc_worker+0x3d8/0xae0 [ 159.187984][ C1] process_scheduled_works+0x4ce/0x9d0 [ 159.193485][ C1] worker_thread+0x582/0x770 [ 159.198203][ C1] kthread+0x489/0x510 [ 159.202302][ C1] ret_from_fork+0xdd/0x150 [ 159.206923][ C1] ret_from_fork_asm+0x1a/0x30 [ 159.211836][ C1] [ 159.214190][ C1] value changed: 0x00053632 -> 0x00053633 [ 159.219940][ C1] [ 159.222279][ C1] Reported by Kernel Concurrency Sanitizer on: [ 159.228458][ C1] CPU: 1 UID: 0 PID: 371 Comm: kworker/u8:5 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 159.240637][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 159.251509][ C1] Workqueue: bat_events batadv_nc_worker [ 159.257387][ C1] ================================================================== [ 159.313804][ C1] ================================================================== [ 159.322233][ C1] BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter [ 159.330492][ C1] [ 159.333303][ C1] read-write to 0xffff8881015761f8 of 8 bytes by interrupt on cpu 0: [ 159.342492][ C1] can_rcv_filter+0xd9/0x4f0 [ 159.347232][ C1] can_receive+0x163/0x1c0 [ 159.351730][ C1] can_rcv+0xed/0x190 [ 159.356883][ C1] __netif_receive_skb+0x120/0x270 [ 159.362477][ C1] process_backlog+0x229/0x420 [ 159.367367][ C1] __napi_poll+0x63/0x310 [ 159.371984][ C1] net_rx_action+0x391/0x830 [ 159.376773][ C1] handle_softirqs+0xb7/0x290 [ 159.381477][ C1] do_softirq+0x5d/0x90 [ 159.385669][ C1] __local_bh_enable_ip+0x70/0x80 [ 159.390766][ C1] __dev_queue_xmit+0x1200/0x2000 [ 159.395942][ C1] alb_send_lp_vid+0x201/0x240 [ 159.401170][ C1] bond_alb_monitor+0x24c/0xa40 [ 159.407433][ C1] process_scheduled_works+0x4ce/0x9d0 [ 159.412942][ C1] worker_thread+0x582/0x770 [ 159.417570][ C1] kthread+0x489/0x510 [ 159.421661][ C1] ret_from_fork+0xdd/0x150 [ 159.426184][ C1] ret_from_fork_asm+0x1a/0x30 [ 159.430978][ C1] [ 159.433317][ C1] read-write to 0xffff8881015761f8 of 8 bytes by interrupt on cpu 1: [ 159.441395][ C1] can_rcv_filter+0xd9/0x4f0 [ 159.446028][ C1] can_receive+0x163/0x1c0 [ 159.450493][ C1] can_rcv+0xed/0x190 [ 159.454509][ C1] __netif_receive_skb+0x120/0x270 [ 159.459650][ C1] process_backlog+0x229/0x420 [ 159.464453][ C1] __napi_poll+0x63/0x310 [ 159.468810][ C1] net_rx_action+0x391/0x830 [ 159.473428][ C1] handle_softirqs+0xb7/0x290 [ 159.478131][ C1] do_softirq+0x5d/0x90 [ 159.482316][ C1] __local_bh_enable_ip+0x70/0x80 [ 159.487372][ C1] _raw_spin_unlock_bh+0x36/0x40 [ 159.492347][ C1] batadv_nc_purge_paths+0x22b/0x270 [ 159.497681][ C1] batadv_nc_worker+0x3d8/0xae0 [ 159.502587][ C1] process_scheduled_works+0x4ce/0x9d0 [ 159.508100][ C1] worker_thread+0x582/0x770 [ 159.512733][ C1] kthread+0x489/0x510 [ 159.516840][ C1] ret_from_fork+0xdd/0x150 [ 159.521377][ C1] ret_from_fork_asm+0x1a/0x30 [ 159.526172][ C1] [ 159.528509][ C1] value changed: 0x00000000000597ce -> 0x00000000000597cf [ 159.535804][ C1] [ 159.538140][ C1] Reported by Kernel Concurrency Sanitizer on: [ 159.544348][ C1] CPU: 1 UID: 0 PID: 371 Comm: kworker/u8:5 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 159.556534][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 159.568488][ C1] Workqueue: bat_events batadv_nc_worker [ 159.574625][ C1] ================================================================== [ 162.092570][ C1] ================================================================== [ 162.100880][ C1] BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv [ 162.108106][ C1] [ 162.110444][ C1] read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 0: [ 162.118528][ C1] can_can_gw_rcv+0x807/0x820 [ 162.123234][ C1] can_rcv_filter+0xc7/0x4f0 [ 162.127856][ C1] can_receive+0x163/0x1c0 [ 162.132341][ C1] can_rcv+0xed/0x190 [ 162.136358][ C1] __netif_receive_skb+0x120/0x270 [ 162.141497][ C1] process_backlog+0x229/0x420 [ 162.146288][ C1] __napi_poll+0x63/0x310 [ 162.150638][ C1] net_rx_action+0x391/0x830 [ 162.155268][ C1] handle_softirqs+0xb7/0x290 [ 162.159976][ C1] do_softirq+0x5d/0x90 [ 162.164158][ C1] __local_bh_enable_ip+0x70/0x80 [ 162.169209][ C1] _raw_spin_unlock_bh+0x36/0x40 [ 162.174189][ C1] batadv_tt_local_purge+0x1a8/0x1f0 [ 162.179506][ C1] batadv_tt_purge+0x2b/0x610 [ 162.184224][ C1] process_scheduled_works+0x4ce/0x9d0 [ 162.189756][ C1] worker_thread+0x582/0x770 [ 162.194391][ C1] kthread+0x489/0x510 [ 162.198493][ C1] ret_from_fork+0xdd/0x150 [ 162.203026][ C1] ret_from_fork_asm+0x1a/0x30 [ 162.207825][ C1] [ 162.210166][ C1] read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 1: [ 162.218394][ C1] can_can_gw_rcv+0x807/0x820 [ 162.223108][ C1] can_rcv_filter+0xc7/0x4f0 [ 162.227729][ C1] can_receive+0x163/0x1c0 [ 162.232194][ C1] can_rcv+0xed/0x190 [ 162.236216][ C1] __netif_receive_skb+0x120/0x270 [ 162.241355][ C1] process_backlog+0x229/0x420 [ 162.246148][ C1] __napi_poll+0x63/0x310 [ 162.250497][ C1] net_rx_action+0x391/0x830 [ 162.255129][ C1] handle_softirqs+0xb7/0x290 [ 162.259842][ C1] do_softirq+0x5d/0x90 [ 162.264046][ C1] __local_bh_enable_ip+0x70/0x80 [ 162.269095][ C1] _raw_spin_unlock_bh+0x36/0x40 [ 162.274079][ C1] j1939_sk_sendmsg+0x906/0xc00 [ 162.278961][ C1] __sock_sendmsg+0x142/0x180 [ 162.283686][ C1] ____sys_sendmsg+0x345/0x4e0 [ 162.288507][ C1] ___sys_sendmsg+0x17b/0x1d0 [ 162.293223][ C1] __sys_sendmmsg+0x178/0x300 [ 162.297945][ C1] __x64_sys_sendmmsg+0x57/0x70 [ 162.302853][ C1] x64_sys_call+0x1c4a/0x2ff0 [ 162.307995][ C1] do_syscall_64+0xd2/0x200 [ 162.312706][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.319235][ C1] [ 162.321567][ C1] value changed: 0x000aa76c -> 0x000aa76d [ 162.327300][ C1] [ 162.329808][ C1] Reported by Kernel Concurrency Sanitizer on: [ 162.336230][ C1] CPU: 1 UID: 0 PID: 8660 Comm: syz.2.1885 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 162.349015][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 162.359186][ C1] ================================================================== [ 162.416420][ C0] ================================================================== [ 162.424739][ C0] BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter [ 162.431990][ C0] [ 162.434324][ C0] read-write to 0xffff8881015761f8 of 8 bytes by interrupt on cpu 1: [ 162.442493][ C0] can_rcv_filter+0xd9/0x4f0 [ 162.447123][ C0] can_receive+0x163/0x1c0 [ 162.451664][ C0] can_rcv+0xed/0x190 [ 162.455727][ C0] __netif_receive_skb+0x120/0x270 [ 162.460940][ C0] process_backlog+0x229/0x420 [ 162.465736][ C0] __napi_poll+0x63/0x310 [ 162.470103][ C0] net_rx_action+0x391/0x830 [ 162.474725][ C0] handle_softirqs+0xb7/0x290 [ 162.479437][ C0] do_softirq+0x5d/0x90 [ 162.483617][ C0] __local_bh_enable_ip+0x70/0x80 [ 162.488678][ C0] update_defense_level+0x589/0x5c0 [ 162.494034][ C0] defense_work_handler+0x1f/0x80 [ 162.499085][ C0] process_scheduled_works+0x4ce/0x9d0 [ 162.505194][ C0] worker_thread+0x582/0x770 [ 162.510448][ C0] kthread+0x489/0x510 [ 162.514635][ C0] ret_from_fork+0xdd/0x150 [ 162.519167][ C0] ret_from_fork_asm+0x1a/0x30 [ 162.523968][ C0] [ 162.526307][ C0] read-write to 0xffff8881015761f8 of 8 bytes by interrupt on cpu 0: [ 162.534500][ C0] can_rcv_filter+0xd9/0x4f0 [ 162.539134][ C0] can_receive+0x163/0x1c0 [ 162.543727][ C0] can_rcv+0xed/0x190 [ 162.547827][ C0] __netif_receive_skb+0x120/0x270 [ 162.553138][ C0] process_backlog+0x229/0x420 [ 162.557931][ C0] __napi_poll+0x63/0x310 [ 162.562285][ C0] net_rx_action+0x391/0x830 [ 162.566899][ C0] handle_softirqs+0xb7/0x290 [ 162.571598][ C0] do_softirq+0x5d/0x90 [ 162.575882][ C0] __local_bh_enable_ip+0x70/0x80 [ 162.580930][ C0] _raw_spin_unlock_bh+0x36/0x40 [ 162.585904][ C0] batadv_tt_purge+0x2cd/0x610 [ 162.590788][ C0] process_scheduled_works+0x4ce/0x9d0 [ 162.596370][ C0] worker_thread+0x582/0x770 [ 162.601616][ C0] kthread+0x489/0x510 [ 162.605737][ C0] ret_from_fork+0xdd/0x150 [ 162.610277][ C0] ret_from_fork_asm+0x1a/0x30 [ 162.615201][ C0] [ 162.617534][ C0] value changed: 0x00000000000b0d8c -> 0x00000000000b0d8e [ 162.624661][ C0] [ 162.627006][ C0] Reported by Kernel Concurrency Sanitizer on: [ 162.633347][ C0] CPU: 0 UID: 0 PID: 371 Comm: kworker/u8:5 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 162.645532][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 162.655619][ C0] Workqueue: bat_events batadv_tt_purge [ 162.661209][ C0] ================================================================== [ 165.119942][ C1] ================================================================== [ 165.128082][ C1] BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv [ 165.135313][ C1] [ 165.137704][ C1] read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 0: [ 165.146262][ C1] can_can_gw_rcv+0x807/0x820 [ 165.151082][ C1] can_rcv_filter+0xc7/0x4f0 [ 165.155788][ C1] can_receive+0x163/0x1c0 [ 165.160236][ C1] can_rcv+0xed/0x190 [ 165.164274][ C1] __netif_receive_skb+0x120/0x270 [ 165.169443][ C1] process_backlog+0x229/0x420 [ 165.174247][ C1] __napi_poll+0x63/0x310 [ 165.178613][ C1] net_rx_action+0x391/0x830 [ 165.183302][ C1] handle_softirqs+0xb7/0x290 [ 165.188109][ C1] run_ksoftirqd+0x1c/0x30 [ 165.192587][ C1] smpboot_thread_fn+0x32b/0x530 [ 165.197576][ C1] kthread+0x489/0x510 [ 165.202100][ C1] ret_from_fork+0xdd/0x150 [ 165.206804][ C1] ret_from_fork_asm+0x1a/0x30 [ 165.212812][ C1] [ 165.215842][ C1] read-write to 0xffff8881001523e0 of 4 bytes by interrupt on cpu 1: [ 165.224214][ C1] can_can_gw_rcv+0x807/0x820 [ 165.229363][ C1] can_rcv_filter+0xc7/0x4f0 [ 165.234604][ C1] can_receive+0x163/0x1c0 [ 165.239666][ C1] can_rcv+0xed/0x190 [ 165.243689][ C1] __netif_receive_skb+0x120/0x270 [ 165.248840][ C1] process_backlog+0x229/0x420 [ 165.254346][ C1] __napi_poll+0x63/0x310 [ 165.258708][ C1] net_rx_action+0x391/0x830 [ 165.263324][ C1] handle_softirqs+0xb7/0x290 [ 165.268030][ C1] do_softirq+0x5d/0x90 [ 165.272213][ C1] __local_bh_enable_ip+0x70/0x80 [ 165.277262][ C1] _raw_write_unlock_bh+0x1f/0x30 [ 165.282351][ C1] neigh_periodic_work+0x5e9/0x690 [ 165.287487][ C1] process_scheduled_works+0x4ce/0x9d0 [ 165.292984][ C1] worker_thread+0x582/0x770 [ 165.297634][ C1] kthread+0x489/0x510 [ 165.302943][ C1] ret_from_fork+0xdd/0x150 [ 165.307475][ C1] ret_from_fork_asm+0x1a/0x30 [ 165.312291][ C1] [ 165.314648][ C1] value changed: 0x0010038f -> 0x00100391 [ 165.320646][ C1] [ 165.322993][ C1] Reported by Kernel Concurrency Sanitizer on: [ 165.329352][ C1] CPU: 1 UID: 0 PID: 36 Comm: kworker/1:1 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 165.341838][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 165.351929][ C1] Workqueue: events_power_efficient neigh_periodic_work [ 165.358899][ C1] ================================================================== [ 165.437867][ C0] ================================================================== [ 165.446706][ C0] BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter [ 165.454154][ C0] [ 165.456503][ C0] read-write to 0xffff8881015761f8 of 8 bytes by interrupt on cpu 1: [ 165.465042][ C0] can_rcv_filter+0xd9/0x4f0 [ 165.470300][ C0] can_receive+0x163/0x1c0 [ 165.475120][ C0] can_rcv+0xed/0x190 [ 165.480145][ C0] __netif_receive_skb+0x120/0x270 [ 165.486359][ C0] process_backlog+0x229/0x420 [ 165.491316][ C0] __napi_poll+0x63/0x310 [ 165.495739][ C0] net_rx_action+0x391/0x830 [ 165.500460][ C0] handle_softirqs+0xb7/0x290 [ 165.505791][ C0] do_softirq+0x5d/0x90 [ 165.510104][ C0] __local_bh_enable_ip+0x70/0x80 [ 165.516053][ C0] _raw_spin_unlock_bh+0x36/0x40 [ 165.521228][ C0] wg_packet_encrypt_worker+0xb44/0xb80 [ 165.527941][ C0] process_scheduled_works+0x4ce/0x9d0 [ 165.534155][ C0] worker_thread+0x582/0x770 [ 165.538974][ C0] kthread+0x489/0x510 [ 165.543687][ C0] ret_from_fork+0xdd/0x150 [ 165.550519][ C0] ret_from_fork_asm+0x1a/0x30 [ 165.556430][ C0] [ 165.559068][ C0] read-write to 0xffff8881015761f8 of 8 bytes by interrupt on cpu 0: [ 165.568899][ C0] can_rcv_filter+0xd9/0x4f0 [ 165.574509][ C0] can_receive+0x163/0x1c0 [ 165.580151][ C0] can_rcv+0xed/0x190 [ 165.584714][ C0] __netif_receive_skb+0x120/0x270 [ 165.590732][ C0] process_backlog+0x229/0x420 [ 165.596184][ C0] __napi_poll+0x63/0x310 [ 165.600559][ C0] net_rx_action+0x391/0x830 [ 165.605213][ C0] handle_softirqs+0xb7/0x290 [ 165.610363][ C0] run_ksoftirqd+0x1c/0x30 [ 165.614829][ C0] smpboot_thread_fn+0x32b/0x530 [ 165.620362][ C0] kthread+0x489/0x510 [ 165.625086][ C0] ret_from_fork+0xdd/0x150 [ 165.629638][ C0] ret_from_fork_asm+0x1a/0x30 [ 165.634545][ C0] [ 165.637052][ C0] value changed: 0x0000000000107207 -> 0x0000000000107208 [ 165.644263][ C0] [ 165.646776][ C0] Reported by Kernel Concurrency Sanitizer on: [ 165.653024][ C0] CPU: 0 UID: 0 PID: 14 Comm: ksoftirqd/0 Not tainted 6.16.0-syzkaller-10910-g0905809b38bd #0 PREEMPT(voluntary) [ 165.665145][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 165.675827][ C0] ==================================================================