last executing test programs: 1.701668636s ago: executing program 1 (id=578): ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) perf_event_open(&(0x7f0000000a00)={0x1, 0x80, 0x2, 0x0, 0x0, 0x7f, 0x0, 0x2000, 0xa2721, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffff2fa7, 0x8000}, 0x0, 0x0, 0x2af5, 0x7, 0x0, 0xfffffffe}, r0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0xfffffffffffffffc) socket$nl_netfilter(0x10, 0x3, 0xc) 1.447334412s ago: executing program 1 (id=581): bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x4d, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={0x0, &(0x7f0000000480)=""/157, 0x0, 0x9d, 0x0, 0xa, 0x1000000}, 0x28) 1.388804422s ago: executing program 1 (id=583): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18) openat(0xffffffffffffff9c, &(0x7f0000003140)='./file0\x00', 0x101000, 0x1) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=@newtfilter={0x5c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xe, 0x7}, {0x0, 0xfff1}, {0x1001d, 0xfff1}}, [@filter_kind_options=@f_flower={{0xb}, {0x2c, 0x2, [@TCA_FLOWER_KEY_IPV6_SRC_MASK={0x14, 0xf, [0xffffffff, 0xffffffff, 0xff000000]}, @TCA_FLOWER_KEY_IPV6_SRC={0x14, 0xe, @mcast2}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x0) 1.386918043s ago: executing program 1 (id=585): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b'], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x18) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000940)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000002000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000064010102000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x310) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r3, 0xffffffffffffffff, 0x100000000000000) 1.333279064s ago: executing program 1 (id=588): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18) socket$nl_rdma(0x10, 0x3, 0x14) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r2 = socket(0x10, 0x803, 0x0) socket$kcm(0x1e, 0x4, 0x0) socket$kcm(0x1e, 0x4, 0x0) close(0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0xa8}, 0x18) r3 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) 1.313558434s ago: executing program 1 (id=590): socket$nl_generic(0x10, 0x3, 0x10) io_setup(0x23, &(0x7f0000000280)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0) pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff}, 0x80) r3 = add_key$user(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x1}, &(0x7f0000000340)="eee8d8791d702dd9d30672e3cb2d1630e7c2937d377dd0b4083f41f08494cdb4ac47ca08a341b98de19d1c8bf89a2e7a0abb5a5af41f3322ba019a1af1cef76739ec6ea379e6c43795c997f7f001341531cbb81ef2ad3ea89bb7c8446855af6fdea8ea5ba6e63e7aa4f473abdd8e3e", 0x6f, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r3, r2, 0xdc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000093d11fc1ce5000000000a0000040900010073797a3100000000080005400000002b0900020073797a310000000008000a40fffffffc140000001100010000000000000000000100000a"], 0x64}}, 0x24000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, 0x0, 0x8) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f00000000c0)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'wlc\x00', 0x1, 0x0, 0x4}, 0x2c) r4 = socket$kcm(0xa, 0x2, 0x0) r5 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44) setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d5c}}, 0x44) sendmsg$sock(r4, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 1.262193835s ago: executing program 2 (id=594): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) memfd_create(&(0x7f0000000000)='.\x00', 0x7) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x64, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xe, 0xc, &(0x7f0000000900)=ANY=[@ANYRES64=r1, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703020008000000b704000000000000850002000f000000d7b1b6857f0903933c592a0320e39e8895", @ANYRES32=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @sk_skb=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffd69, 0x0, 0x0, 0x22, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r2}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000400)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd600a000800fe"], 0x0) r3 = geteuid() r4 = perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fstat(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r5) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000880)={{0x1, 0x1, 0x18, r1, {0xee00, 0xee01}}, './file0\x00'}) setresuid(r3, r5, r6) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0x20, &(0x7f0000000580)={&(0x7f0000000400)=""/244, 0xf4, 0x0, &(0x7f0000000500)=""/95, 0x5f}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x2, 0x1e, &(0x7f0000000240)=ANY=[@ANYBLOB="180000003a3bffff000000004400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000153a1800f0ffffff186300000d000000000000000900000085100000030000000813f8ff04000000183700000500000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ff0000008500000006000000bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x32, &(0x7f0000000140)=""/50, 0x41000, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x0, 0x4, 0x1, 0x3}, 0x10, r7, r1, 0x8, &(0x7f0000000700)=[r0, r0, r0], &(0x7f0000000740)=[{0x0, 0x5, 0x7, 0x8}, {0x3, 0x1, 0x9, 0x4}, {0x4, 0x4, 0xa, 0x4}, {0x2, 0x3, 0x6, 0x2}, {0x0, 0x4, 0x6, 0x6}, {0x3, 0x2, 0x1, 0x5}, {0x1, 0x2, 0x7, 0x7}, {0x4, 0x5, 0xd, 0x5}]}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r9}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x29) r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) r11 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, r10, &(0x7f0000000a40)={0x10000010}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r10, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r10, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {0x0, 0x2}, {}, @raw32}], 0x1c) statx(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x800, 0x7ff, &(0x7f00000001c0)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x3000010, &(0x7f0000000100)={[{@resuid}, {@nobh}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T") 1.184485846s ago: executing program 2 (id=596): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, 0x0, 0x0) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) syz_emit_ethernet(0x126, &(0x7f0000000840)={@local, @empty, @val={@void}, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "001708", 0xec, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x22eb}, {0x0, 0x0, 0x0, 0x0, 0x100}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "d94eed7f495818aad3cee9788af5a30ddcfbc771e570ddd2de0f9cb9a14b9a9ae56512d7c62178ad57245101e91062a0cd7825e213c68440816dd5d68786cb1265db30d448306236782d5fa74693ffbf4dff76fdc62886e4ed6394929070b65cda40d2910e7a2a29cea298d0e9bc19feaddc9aab156f7e9ac79ce90a7615979c483153687d59237d9a1c46ffc2660bd895de2f3842955e1495629d3401bc7e94d4be06c0bc1aee02"}, {0x8, 0x88be, 0x1, {{0x0, 0x1, 0x7}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0x4}}}}}}}}}, 0x0) 1.184111046s ago: executing program 3 (id=597): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021181500001e0a05010000000000000000070000000900020073797a31000000000900010073797a3000000000ec14038030"], 0x159c}}, 0x40000) 1.154120117s ago: executing program 2 (id=598): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000025940000000c0a01030000000000000000070000080900020073797a31000000000900010073797a30000000006800038064000080080003400000000258000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c0002400000000000000010140001800c0001"], 0x118}}, 0x0) r1 = openat2$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f0000000580)) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$inet6_buf(r2, 0x29, 0xcc, &(0x7f0000000700)="1a8ef58959516305f7aa1f567016fcb0d76076cd8f2fb0936ae288e6f6f9a3bb3f411c21797d2ef7757fd3e880ef1aa6ccc38825b37d0417a2819ec7ee785776015064434a046b0dfeec2f6d5464e86d9dfa331d90cf62eb9c02e4eb5b1197223d016d94944a0025cff69486e1e66236f0430f91f04f432125013ee66c792436bac461c318d09bd4bf7d0d2181a9ef1a92ddcee33181c061339f1aa6c860271c47b92fc64c6b49b57459d0d69a7a9a62446cf612bf528b1ad5f2ca6568e04bde840ce5d6bef1e0e6ee3a47d10fc4f9cfa5b9770bcb2852906377ec880f0bbfa48d95f8", 0xe3) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000785ceb2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='sched_switch\x00', r3}, 0x18) r4 = socket(0xf, 0x3, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x5}, 0x2004c000) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000180)=0x7) 1.117654758s ago: executing program 3 (id=599): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000440)=0x3) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$poke(0x420e, r2, 0x0, 0xfffffffffffffffe) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETKEYCODE(r1, 0x4b4d, &(0x7f0000000000)={0x0, 0x17}) ioctl$VT_DISALLOCATE(r3, 0x5608) dup(r3) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0) write(r5, &(0x7f0000004200)='t', 0x1) sendfile(r5, r4, 0x0, 0x3ffff) sendfile(r5, r4, 0x0, 0x7ffff000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0xfffffd28, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) 800.243954ms ago: executing program 2 (id=600): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x20040844) 711.374826ms ago: executing program 2 (id=601): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b'], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x18) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000940)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000002000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000064010102000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x310) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r3, 0xffffffffffffffff, 0x100000000000000) 623.075797ms ago: executing program 2 (id=605): socket$inet_mptcp(0x2, 0x1, 0x106) bpf$MAP_CREATE(0x0, 0x0, 0x48) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100001f00702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0x0, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs={0x1, 0x0, 0x404e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) kcmp(r0, r0, 0x3, 0xffffffffffffffff, r1) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2}) syz_clone(0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0) poll(0x0, 0x0, 0x1d) socket(0x10, 0x2, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x4) r5 = dup(r4) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d09f91b5b090987f70906d038e7ff7fc6e5539b0d3d0e8b089b32356d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d17c708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08cdc339081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9d6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f74a2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bcff00000000000000fec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420ae305fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42f48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fadf9ffffff238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3b99caf6b00d84a604047497022d9c30e23ef4df5c89644f48bb536f7946b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6020048cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffee738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c65a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c3329c8a6b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2d06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d2a89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d009000000c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb7847c7148b6ce431bb90e29389f22fc5b59a70efaea2bd40195af4486220d70bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24622a4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744d9b6c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de99258842cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b9906009af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000080)={0x100008, 0x2, 0x80000000, 0x10001}, 0x10) 558.095519ms ago: executing program 4 (id=606): bpf$PROG_BIND_MAP(0x23, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18) lchown(0x0, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="050000000436490034d599000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000efffffff850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='sys_enter\x00', r3}, 0x10) rt_sigtimedwait(&(0x7f00000000c0)={[0x1]}, &(0x7f00000001c0), &(0x7f0000000100)={0x0, 0x3938700}, 0x8) 556.868719ms ago: executing program 3 (id=608): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, 0x0, 0x0) syz_emit_ethernet(0x126, &(0x7f0000000840)={@local, @empty, @val={@void}, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "001708", 0xec, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x22eb}, {0x0, 0x0, 0x0, 0x0, 0x100}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "d94eed7f495818aad3cee9788af5a30ddcfbc771e570ddd2de0f9cb9a14b9a9ae56512d7c62178ad57245101e91062a0cd7825e213c68440816dd5d68786cb1265db30d448306236782d5fa74693ffbf4dff76fdc62886e4ed6394929070b65cda40d2910e7a2a29cea298d0e9bc19feaddc9aab156f7e9ac79ce90a7615979c483153687d59237d9a1c46ffc2660bd895de2f3842955e1495629d3401bc7e94d4be06c0bc1aee02"}, {0x8, 0x88be, 0x1, {{0x0, 0x1, 0x7}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0x4}}}}}}}}}, 0x0) 530.495879ms ago: executing program 3 (id=610): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18) openat(0xffffffffffffff9c, &(0x7f0000003140)='./file0\x00', 0x101000, 0x1) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=@newtfilter={0x5c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xe, 0x7}, {0x0, 0xfff1}, {0x1001d, 0xfff1}}, [@filter_kind_options=@f_flower={{0xb}, {0x2c, 0x2, [@TCA_FLOWER_KEY_IPV6_SRC_MASK={0x14, 0xf, [0xffffffff, 0xffffffff, 0xff000000]}, @TCA_FLOWER_KEY_IPV6_SRC={0x14, 0xe, @mcast2}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x0) 481.628571ms ago: executing program 4 (id=612): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x18) syz_emit_ethernet(0x32, &(0x7f0000000040)={@random="e90c610faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x1, 0x2, 0xc, 0x100}}}}}}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000001a80)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0) 467.826191ms ago: executing program 0 (id=613): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'veth0_to_team\x00', 0x0}) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r0, r2, 0x25, 0x0, @void}, 0x10) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000700)='sched_switch\x00', r4}, 0x18) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'team_slave_0\x00', 0x0}) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000005c0)='xprtrdma_frwr_alloc\x00', r8}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="20000000110001002cbd70000000000000000000", @ANYRES32=r6, @ANYBLOB="570da800a65a0200"], 0x20}}, 0x2000e844) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r3, r0, 0x4, r0}, 0x10) 467.238771ms ago: executing program 3 (id=614): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000500), 0x8, 0x0) r2 = syz_io_uring_setup(0x2, &(0x7f0000000580)={0x0, 0x8b2, 0x13500, 0x0, 0x304}, &(0x7f0000000240), &(0x7f0000001880)) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8401}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', r4, 0x0, 0x7}, 0x18) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) getresuid(0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x21, &(0x7f0000000440)=r1, 0x1) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f0000000000)='-\x00', &(0x7f0000000040)="9e770b8c80a3186a1f2f4ff9eaff7c5e27309ade5deaf4", 0x17) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400000000fdffffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000400002400128009000100626f6e64000000001400028004001f00040000000800070005"], 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x4004090) 432.029091ms ago: executing program 4 (id=615): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f00000000c0)={@multicast1=0x1c, @empty=0xe0000300, 0x0, "8a79348df081496d0420922f45a71c1daa8b610468cd140526c41efcd3a4a422", 0x3, 0x1, 0x85}, 0x3c) (fail_nth: 5) 375.653953ms ago: executing program 4 (id=616): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00"/13], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x88002, 0x0) pwritev(r2, &(0x7f0000000100)=[{0x0, 0x72}, {&(0x7f0000000140)="de", 0x1}], 0x2, 0x0, 0x0) 363.724333ms ago: executing program 4 (id=617): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setresuid(0xee00, 0x0, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r1 = socket(0x10, 0x803, 0x0) socket$kcm(0x1e, 0x4, 0x0) socket$kcm(0x1e, 0x4, 0x0) close(0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0xa8}, 0x18) r2 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) 175.310206ms ago: executing program 3 (id=618): eventfd2(0x0, 0x800) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0x39000, 0x0) memfd_create(&(0x7f0000000080), 0x1) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x41, 0x1, 0x0, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) gettid() tkill(0x0, 0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'bond0\x00'}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TCSBRKP(r4, 0x5425, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sync() 174.599636ms ago: executing program 4 (id=619): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000440)=0x3) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$poke(0x420e, r2, 0x0, 0xfffffffffffffffe) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETKEYCODE(r1, 0x4b4d, &(0x7f0000000000)={0x0, 0x17}) ioctl$VT_DISALLOCATE(r3, 0x5608) dup(r3) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0) write(r5, &(0x7f0000004200)='t', 0x1) sendfile(r5, r4, 0x0, 0x3ffff) sendfile(r5, r4, 0x0, 0x7ffff000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0xfffffd28, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) 127.792057ms ago: executing program 0 (id=620): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r2}, 0x10) open(0x0, 0x64842, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x1400, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x0) 126.758268ms ago: executing program 0 (id=621): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18) socket$nl_rdma(0x10, 0x3, 0x14) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r2 = socket(0x10, 0x803, 0x0) socket$kcm(0x1e, 0x4, 0x0) socket$kcm(0x1e, 0x4, 0x0) close(0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0xa8}, 0x18) r3 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) 107.522778ms ago: executing program 0 (id=622): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xd9}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x2000000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xb851}, 0x1c) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$UHID_CREATE(r2, &(0x7f00000004c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0x0, 0x0, 0x0, 0x3, 0x0, 0x3, 0x6}}, 0x120) openat(0xffffffffffffff9c, &(0x7f0000003140)='./file0\x00', 0x101000, 0x1) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) io_uring_enter(0xffffffffffffffff, 0x2def, 0x4000, 0x0, 0x0, 0x0) write$UHID_DESTROY(r2, &(0x7f0000000200), 0x4) 440.24µs ago: executing program 0 (id=623): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44000}, 0x20040844) 0s ago: executing program 0 (id=624): bpf$PROG_BIND_MAP(0x23, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18) lchown(0x0, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="050000000436490034d599000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000800)='ext4_fc_replay\x00'}, 0x18) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000efffffff850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='sys_enter\x00', r3}, 0x10) rt_sigtimedwait(&(0x7f00000000c0)={[0x1]}, &(0x7f00000001c0), &(0x7f0000000100)={0x0, 0x3938700}, 0x8) kernel console output (not intermixed with test programs): v0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.886366][ T3307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.905988][ T3301] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.912990][ T3301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.939084][ T3301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.955908][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.962950][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.989026][ T3307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.012559][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.026226][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.086533][ T3308] team0: Port device team_slave_0 added [ 37.094328][ T3301] hsr_slave_0: entered promiscuous mode [ 37.100563][ T3301] hsr_slave_1: entered promiscuous mode [ 37.106352][ T3301] debugfs: 'hsr0' already exists in 'hsr' [ 37.112149][ T3301] Cannot create hsr debugfs directory [ 37.122377][ T3307] hsr_slave_0: entered promiscuous mode [ 37.128536][ T3307] hsr_slave_1: entered promiscuous mode [ 37.134417][ T3307] debugfs: 'hsr0' already exists in 'hsr' [ 37.140185][ T3307] Cannot create hsr debugfs directory [ 37.148767][ T3308] team0: Port device team_slave_1 added [ 37.211141][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.218217][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.244212][ T3308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.259987][ T3300] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 37.271244][ T3300] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 37.280234][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.287389][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.313405][ T3308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.335915][ T3300] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 37.355771][ T3300] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 37.388669][ T3308] hsr_slave_0: entered promiscuous mode [ 37.394687][ T3308] hsr_slave_1: entered promiscuous mode [ 37.400681][ T3308] debugfs: 'hsr0' already exists in 'hsr' [ 37.406411][ T3308] Cannot create hsr debugfs directory [ 37.473414][ T3305] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 37.484557][ T3305] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 37.500698][ T3305] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 37.518470][ T3305] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 37.566162][ T3307] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 37.576250][ T3307] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 37.587234][ T3307] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 37.602412][ T3307] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 37.635247][ T3301] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 37.658999][ T3301] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 37.668352][ T3301] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 37.677797][ T3301] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 37.710356][ T3300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.721746][ T3308] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 37.735263][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.750715][ T3308] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 37.763813][ T3308] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 37.773734][ T3308] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 37.784999][ T3300] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.802045][ T3307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.811665][ T2456] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.818751][ T2456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.838483][ T3305] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.855463][ T2456] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.862667][ T2456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.871420][ T2456] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.878665][ T2456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.896231][ T3307] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.913564][ T2456] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.920656][ T2456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.942726][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.949846][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.972771][ T2456] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.979955][ T2456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.000217][ T3300] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 38.036191][ T3301] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.070561][ T3301] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.078461][ T3307] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 38.099518][ T146] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.106605][ T146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.120417][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.131069][ T146] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.138182][ T146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.155820][ T3308] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.172150][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.200733][ T3307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.210836][ T3300] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.221989][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.229093][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.238924][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.246033][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.270120][ T3301] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 38.280797][ T3301] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 38.424994][ T3308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.440404][ T3305] veth0_vlan: entered promiscuous mode [ 38.469867][ T3305] veth1_vlan: entered promiscuous mode [ 38.487134][ T3300] veth0_vlan: entered promiscuous mode [ 38.511610][ T3301] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.521768][ T3300] veth1_vlan: entered promiscuous mode [ 38.536897][ T3305] veth0_macvtap: entered promiscuous mode [ 38.555767][ T3305] veth1_macvtap: entered promiscuous mode [ 38.571594][ T3307] veth0_vlan: entered promiscuous mode [ 38.579357][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.591699][ T3300] veth0_macvtap: entered promiscuous mode [ 38.611823][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.621281][ T3300] veth1_macvtap: entered promiscuous mode [ 38.632646][ T3307] veth1_vlan: entered promiscuous mode [ 38.639497][ T51] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.650958][ T3300] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.673297][ T146] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.688385][ T146] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.700747][ T3300] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.712949][ T146] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.728496][ T3308] veth0_vlan: entered promiscuous mode [ 38.743444][ T146] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.754773][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 38.754787][ T29] audit: type=1400 audit(1759099611.446:81): avc: denied { mounton } for pid=3305 comm="syz-executor" path="/root/syzkaller.3zoQzO/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 38.760363][ T3308] veth1_vlan: entered promiscuous mode [ 38.760939][ T29] audit: type=1400 audit(1759099611.446:82): avc: denied { mount } for pid=3305 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 38.796860][ T3308] veth0_macvtap: entered promiscuous mode [ 38.812683][ T29] audit: type=1400 audit(1759099611.446:83): avc: denied { mounton } for pid=3305 comm="syz-executor" path="/root/syzkaller.3zoQzO/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 38.822453][ T3308] veth1_macvtap: entered promiscuous mode [ 38.849554][ T29] audit: type=1400 audit(1759099611.446:84): avc: denied { mount } for pid=3305 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 38.871425][ T29] audit: type=1400 audit(1759099611.446:85): avc: denied { mounton } for pid=3305 comm="syz-executor" path="/root/syzkaller.3zoQzO/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 38.875520][ T3307] veth0_macvtap: entered promiscuous mode [ 38.898093][ T29] audit: type=1400 audit(1759099611.446:86): avc: denied { mounton } for pid=3305 comm="syz-executor" path="/root/syzkaller.3zoQzO/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 38.907569][ T146] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.931048][ T29] audit: type=1400 audit(1759099611.446:87): avc: denied { unmount } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 38.960465][ T3307] veth1_macvtap: entered promiscuous mode [ 38.967677][ T29] audit: type=1400 audit(1759099611.546:88): avc: denied { mounton } for pid=3305 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 38.968489][ T3301] veth0_vlan: entered promiscuous mode [ 38.990420][ T29] audit: type=1400 audit(1759099611.546:89): avc: denied { mount } for pid=3305 comm="syz-executor" name="/" dev="gadgetfs" ino=4863 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 39.021990][ T3305] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 39.031823][ T3301] veth1_vlan: entered promiscuous mode [ 39.043166][ T146] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.063791][ T29] audit: type=1400 audit(1759099611.746:90): avc: denied { read write } for pid=3305 comm="syz-executor" name="loop1" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 39.088583][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.105536][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.113255][ T146] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.139179][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.169375][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.182868][ T3472] netlink: 14 bytes leftover after parsing attributes in process `syz.1.6'. [ 39.201236][ T3430] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.215595][ T3301] veth0_macvtap: entered promiscuous mode [ 39.234910][ T3430] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.243887][ T3430] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.264074][ T3301] veth1_macvtap: entered promiscuous mode [ 39.285880][ T3301] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.305071][ T3430] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.315388][ T3301] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.333521][ T3430] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.352254][ T171] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.379991][ T171] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.390437][ T3487] FAULT_INJECTION: forcing a failure. [ 39.390437][ T3487] name failslab, interval 1, probability 0, space 0, times 1 [ 39.403246][ T3487] CPU: 1 UID: 0 PID: 3487 Comm: syz.2.3 Not tainted syzkaller #0 PREEMPT(voluntary) [ 39.403333][ T3487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 39.403349][ T3487] Call Trace: [ 39.403356][ T3487] [ 39.403365][ T3487] __dump_stack+0x1d/0x30 [ 39.403404][ T3487] dump_stack_lvl+0xe8/0x140 [ 39.403429][ T3487] dump_stack+0x15/0x1b [ 39.403450][ T3487] should_fail_ex+0x265/0x280 [ 39.403599][ T3487] should_failslab+0x8c/0xb0 [ 39.403625][ T3487] __kmalloc_noprof+0xa5/0x3e0 [ 39.403656][ T3487] ? nla_strdup+0x78/0xc0 [ 39.403692][ T3487] nla_strdup+0x78/0xc0 [ 39.403766][ T3487] nf_tables_newtable+0x3ba/0xea0 [ 39.403801][ T3487] nfnetlink_rcv+0xb96/0x1690 [ 39.403881][ T3487] netlink_unicast+0x5bd/0x690 [ 39.403910][ T3487] netlink_sendmsg+0x58b/0x6b0 [ 39.403943][ T3487] ? __pfx_netlink_sendmsg+0x10/0x10 [ 39.404010][ T3487] __sock_sendmsg+0x145/0x180 [ 39.404042][ T3487] ____sys_sendmsg+0x31e/0x4e0 [ 39.404097][ T3487] ___sys_sendmsg+0x17b/0x1d0 [ 39.404180][ T3487] __x64_sys_sendmsg+0xd4/0x160 [ 39.404293][ T3487] x64_sys_call+0x191e/0x2ff0 [ 39.404317][ T3487] do_syscall_64+0xd2/0x200 [ 39.404358][ T3487] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 39.404399][ T3487] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 39.404479][ T3487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 39.404502][ T3487] RIP: 0033:0x7f1ce294eec9 [ 39.404548][ T3487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 39.404571][ T3487] RSP: 002b:00007f1ce13b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 39.404612][ T3487] RAX: ffffffffffffffda RBX: 00007f1ce2ba5fa0 RCX: 00007f1ce294eec9 [ 39.404629][ T3487] RDX: 0000000000008040 RSI: 000020000000c2c0 RDI: 0000000000000006 [ 39.404643][ T3487] RBP: 00007f1ce13b7090 R08: 0000000000000000 R09: 0000000000000000 [ 39.404727][ T3487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 39.404743][ T3487] R13: 00007f1ce2ba6038 R14: 00007f1ce2ba5fa0 R15: 00007ffeb4e22e18 [ 39.404769][ T3487] [ 39.410492][ T171] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.431463][ T3491] FAULT_INJECTION: forcing a failure. [ 39.431463][ T3491] name failslab, interval 1, probability 0, space 0, times 0 [ 39.485657][ T171] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.488595][ T3491] CPU: 1 UID: 0 PID: 3491 Comm: syz.4.5 Not tainted syzkaller #0 PREEMPT(voluntary) [ 39.488669][ T3491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 39.488688][ T3491] Call Trace: [ 39.488697][ T3491] [ 39.488707][ T3491] __dump_stack+0x1d/0x30 [ 39.488764][ T3491] dump_stack_lvl+0xe8/0x140 [ 39.488792][ T3491] dump_stack+0x15/0x1b [ 39.488818][ T3491] should_fail_ex+0x265/0x280 [ 39.488861][ T3491] should_failslab+0x8c/0xb0 [ 39.488898][ T3491] kmem_cache_alloc_noprof+0x50/0x310 [ 39.488940][ T3491] ? skb_clone+0x151/0x1f0 [ 39.488981][ T3491] skb_clone+0x151/0x1f0 [ 39.489014][ T3491] __netlink_deliver_tap+0x2c9/0x500 [ 39.489106][ T3491] netlink_unicast+0x66b/0x690 [ 39.489138][ T3491] netlink_sendmsg+0x58b/0x6b0 [ 39.489181][ T3491] ? __pfx_netlink_sendmsg+0x10/0x10 [ 39.489215][ T3491] __sock_sendmsg+0x145/0x180 [ 39.489276][ T3491] ____sys_sendmsg+0x31e/0x4e0 [ 39.489317][ T3491] ___sys_sendmsg+0x17b/0x1d0 [ 39.489369][ T3491] __x64_sys_sendmsg+0xd4/0x160 [ 39.489473][ T3491] x64_sys_call+0x191e/0x2ff0 [ 39.489572][ T3491] do_syscall_64+0xd2/0x200 [ 39.489617][ T3491] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 39.489678][ T3491] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 39.489719][ T3491] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 39.489749][ T3491] RIP: 0033:0x7f2836dbeec9 [ 39.489772][ T3491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 39.489798][ T3491] RSP: 002b:00007f2835827038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 39.489834][ T3491] RAX: ffffffffffffffda RBX: 00007f2837015fa0 RCX: 00007f2836dbeec9 [ 39.489852][ T3491] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 39.489870][ T3491] RBP: 00007f2835827090 R08: 0000000000000000 R09: 0000000000000000 [ 39.489888][ T3491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 39.489906][ T3491] R13: 00007f2837016038 R14: 00007f2837015fa0 R15: 00007ffc1c66f258 [ 39.489933][ T3491] [ 39.489978][ T3491] netlink: 'syz.4.5': attribute type 20 has an invalid length. [ 39.868852][ T3493] process 'syz.0.9' launched './file0' with NULL argv: empty string added [ 39.888974][ T171] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.901128][ T171] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.960938][ T171] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.022070][ T3509] loop4: detected capacity change from 0 to 512 [ 40.075716][ T3516] Zero length message leads to an empty skb [ 40.096735][ T3509] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.13: iget: bad i_size value: 38620345925642 [ 40.119046][ T3523] IPv6: NLM_F_CREATE should be specified when creating new route [ 40.130392][ T3516] loop3: detected capacity change from 0 to 512 [ 40.137087][ T3516] EXT4-fs: Ignoring removed mblk_io_submit option [ 40.155445][ T3509] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.13: couldn't read orphan inode 15 (err -117) [ 40.184650][ T3509] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.185883][ T3516] EXT4-fs: Ignoring removed nomblk_io_submit option [ 40.221127][ T3529] loop0: detected capacity change from 0 to 512 [ 40.234061][ T3388] hid-generic 0000:0003:0000.0001: unknown main item tag 0x0 [ 40.241761][ T3388] hid-generic 0000:0003:0000.0001: unknown main item tag 0x0 [ 40.254815][ T3529] EXT4-fs: Ignoring removed mblk_io_submit option [ 40.262020][ T3529] EXT4-fs: Ignoring removed nomblk_io_submit option [ 40.269526][ T3388] hid-generic 0000:0003:0000.0001: hidraw0: HID v0.03 Device [syz0] on syz0 [ 40.281403][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.295665][ T3516] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 40.304237][ T3516] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 40.335934][ T3532] netlink: 'syz.4.22': attribute type 6 has an invalid length. [ 40.344547][ T3532] netlink: 8 bytes leftover after parsing attributes in process `syz.4.22'. [ 40.354744][ T3516] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.18: Allocating blocks 41-42 which overlap fs metadata [ 40.375743][ T3530] fido_id[3530]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 40.408335][ T3516] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.18: Allocating blocks 41-42 which overlap fs metadata [ 40.413664][ T3529] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 40.430605][ T3529] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 40.472324][ T3516] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.18: Failed to acquire dquot type 1 [ 40.496636][ T3516] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 40.503595][ T3529] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.21: Allocating blocks 41-42 which overlap fs metadata [ 40.512666][ T3516] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.18: corrupted inode contents [ 40.550210][ T3516] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #12: comm syz.3.18: mark_inode_dirty error [ 40.562989][ T3516] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.18: corrupted inode contents [ 40.575464][ T3516] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #12: comm syz.3.18: mark_inode_dirty error [ 40.630457][ T3516] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.18: corrupted inode contents [ 40.652239][ T3529] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.21: Failed to acquire dquot type 1 [ 40.685488][ T3529] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 40.704760][ T3543] netlink: 8 bytes leftover after parsing attributes in process `syz.4.24'. [ 40.719091][ T3516] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 40.774153][ T3550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26'. [ 40.783037][ T3550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26'. [ 40.796233][ T3516] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.18: corrupted inode contents [ 40.809341][ T3529] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #12: comm syz.0.21: corrupted inode contents [ 40.832833][ T3516] EXT4-fs error (device loop3): ext4_truncate:4666: inode #12: comm syz.3.18: mark_inode_dirty error [ 40.845743][ T3529] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #12: comm syz.0.21: mark_inode_dirty error [ 40.862517][ T3550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26'. [ 40.872075][ T3516] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 40.883301][ T3529] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #12: comm syz.0.21: corrupted inode contents [ 40.898800][ T3516] EXT4-fs (loop3): 1 truncate cleaned up [ 40.921727][ T3529] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #12: comm syz.0.21: mark_inode_dirty error [ 40.943834][ T3516] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.966828][ T3550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26'. [ 40.975635][ T3550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26'. [ 40.989861][ T3543] syz.4.24 (3543) used greatest stack depth: 10176 bytes left [ 41.026620][ T3550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26'. [ 41.045474][ T3529] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #12: comm syz.0.21: corrupted inode contents [ 41.059490][ T3529] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 41.074945][ T3516] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.18: Failed to acquire dquot type 1 [ 41.079185][ T3529] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #12: comm syz.0.21: corrupted inode contents [ 41.102649][ T3529] EXT4-fs error (device loop0): ext4_truncate:4666: inode #12: comm syz.0.21: mark_inode_dirty error [ 41.135156][ T3529] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 41.145672][ T3550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.26'. [ 41.145697][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.168108][ T3529] EXT4-fs (loop0): 1 truncate cleaned up [ 41.185748][ T3529] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.235156][ C1] hrtimer: interrupt took 37752 ns [ 41.298891][ T3562] loop4: detected capacity change from 0 to 512 [ 41.320100][ T3562] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 41.333249][ T3562] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 41.344867][ T3581] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 41.346062][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.353602][ T3581] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 41.382140][ T3430] EXT4-fs error (device loop0): ext4_release_dquot:6973: comm kworker/u8:8: Failed to release dquot type 1 [ 41.464778][ T3562] EXT4-fs (loop4): 1 truncate cleaned up [ 41.481040][ T3562] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.523485][ T3585] netlink: 'syz.0.34': attribute type 6 has an invalid length. [ 41.562883][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.601546][ T3587] loop1: detected capacity change from 0 to 512 [ 41.623782][ T3587] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.36: iget: bad i_size value: 38620345925642 [ 41.644676][ T3587] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.36: couldn't read orphan inode 15 (err -117) [ 41.658490][ T3587] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.726803][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.740549][ T3596] loop0: detected capacity change from 0 to 128 [ 41.783060][ T3599] loop2: detected capacity change from 0 to 128 [ 42.200697][ T3638] loop1: detected capacity change from 0 to 128 [ 42.437603][ T3654] netlink: 'syz.1.54': attribute type 6 has an invalid length. [ 42.514396][ T3658] IPv6: NLM_F_CREATE should be specified when creating new route [ 42.534148][ T3662] loop2: detected capacity change from 0 to 128 [ 42.629558][ T3674] sg_write: data in/out 63015/8 bytes for SCSI command 0x7e-- guessing data in; [ 42.629558][ T3674] program syz.4.62 not setting count and/or reply_len properly [ 42.700076][ T3674] loop4: detected capacity change from 0 to 128 [ 42.706964][ T3674] vfat: Unknown parameter 'Q&A;BNp_')]'dk>uQ<ߜi:$i# [ 42.706964][ T3674] (ڼ?4c30&~<{qBKk' [ 42.833025][ T3688] netlink: 'syz.0.66': attribute type 6 has an invalid length. [ 43.004148][ T3696] loop0: detected capacity change from 0 to 128 [ 43.040958][ T3699] FAULT_INJECTION: forcing a failure. [ 43.040958][ T3699] name failslab, interval 1, probability 0, space 0, times 0 [ 43.053860][ T3699] CPU: 0 UID: 0 PID: 3699 Comm: syz.1.71 Not tainted syzkaller #0 PREEMPT(voluntary) [ 43.053896][ T3699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 43.053910][ T3699] Call Trace: [ 43.053917][ T3699] [ 43.053928][ T3699] __dump_stack+0x1d/0x30 [ 43.053967][ T3699] dump_stack_lvl+0xe8/0x140 [ 43.053994][ T3699] dump_stack+0x15/0x1b [ 43.054053][ T3699] should_fail_ex+0x265/0x280 [ 43.054085][ T3699] should_failslab+0x8c/0xb0 [ 43.054119][ T3699] kmem_cache_alloc_node_noprof+0x57/0x320 [ 43.054161][ T3699] ? __alloc_skb+0x101/0x320 [ 43.054249][ T3699] __alloc_skb+0x101/0x320 [ 43.054276][ T3699] netdev_nl_page_pool_event+0x11c/0x240 [ 43.054314][ T3699] page_pool_unlist+0x2c/0xf0 [ 43.054410][ T3699] page_pool_release+0x476/0x860 [ 43.054442][ T3699] page_pool_destroy+0x202/0x370 [ 43.054570][ T3699] nsim_stop+0x14d/0x1c0 [ 43.054602][ T3699] ? __pfx_nsim_stop+0x10/0x10 [ 43.054707][ T3699] __dev_close_many+0x1e4/0x420 [ 43.054742][ T3699] netif_close_many+0xff/0x240 [ 43.054786][ T3699] unregister_netdevice_many_notify+0x301/0x15d0 [ 43.054827][ T3699] ? __schedule+0x6b9/0xb30 [ 43.054914][ T3699] unregister_netdevice_queue+0x1f5/0x220 [ 43.054954][ T3699] nsim_destroy+0xf2/0x2f0 [ 43.054994][ T3699] __nsim_dev_port_del+0xcf/0x110 [ 43.055021][ T3699] nsim_dev_reload_destroy+0x1a3/0x2c0 [ 43.055061][ T3699] ? nsim_dev_reload_down+0x5f/0x80 [ 43.055089][ T3699] nsim_dev_reload_down+0x67/0x80 [ 43.055117][ T3699] devlink_reload+0xad/0x580 [ 43.055225][ T3699] ? devlink_resources_validate+0x6a/0x90 [ 43.055265][ T3699] ? devlink_resources_validate+0x6a/0x90 [ 43.055382][ T3699] devlink_nl_reload_doit+0x503/0x8f0 [ 43.055426][ T3699] genl_family_rcv_msg_doit+0x143/0x1b0 [ 43.055493][ T3699] genl_rcv_msg+0x422/0x460 [ 43.055534][ T3699] ? __pfx_devlink_nl_pre_doit_dev_lock+0x10/0x10 [ 43.055642][ T3699] ? __pfx_devlink_nl_reload_doit+0x10/0x10 [ 43.055710][ T3699] ? __pfx_devlink_nl_post_doit_dev_lock+0x10/0x10 [ 43.055752][ T3699] netlink_rcv_skb+0x123/0x220 [ 43.055781][ T3699] ? __pfx_genl_rcv_msg+0x10/0x10 [ 43.055861][ T3699] genl_rcv+0x28/0x40 [ 43.055907][ T3699] netlink_unicast+0x5bd/0x690 [ 43.055929][ T3699] netlink_sendmsg+0x58b/0x6b0 [ 43.055964][ T3699] ? __pfx_netlink_sendmsg+0x10/0x10 [ 43.055998][ T3699] __sock_sendmsg+0x145/0x180 [ 43.056103][ T3699] ____sys_sendmsg+0x31e/0x4e0 [ 43.056141][ T3699] ___sys_sendmsg+0x17b/0x1d0 [ 43.056191][ T3699] __x64_sys_sendmsg+0xd4/0x160 [ 43.056225][ T3699] x64_sys_call+0x191e/0x2ff0 [ 43.056277][ T3699] do_syscall_64+0xd2/0x200 [ 43.056316][ T3699] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 43.056351][ T3699] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 43.056449][ T3699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 43.056479][ T3699] RIP: 0033:0x7f6530a2eec9 [ 43.056499][ T3699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 43.056567][ T3699] RSP: 002b:00007f652f497038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 43.056593][ T3699] RAX: ffffffffffffffda RBX: 00007f6530c85fa0 RCX: 00007f6530a2eec9 [ 43.056611][ T3699] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 43.056667][ T3699] RBP: 00007f652f497090 R08: 0000000000000000 R09: 0000000000000000 [ 43.056679][ T3699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 43.056755][ T3699] R13: 00007f6530c86038 R14: 00007f6530c85fa0 R15: 00007ffc35cc77d8 [ 43.056779][ T3699] [ 43.414920][ T3699] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.467786][ T3694] loop4: detected capacity change from 0 to 764 [ 43.494853][ T3699] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.572349][ T3699] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.652114][ T3708] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.673689][ T3699] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.700883][ T3709] netlink: 'syz.0.74': attribute type 11 has an invalid length. [ 43.720446][ T3708] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.750307][ T51] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.770488][ T51] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.782440][ T3708] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.808597][ T51] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.816835][ T51] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.825676][ T3714] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 43.832241][ T3714] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 43.839827][ T3714] vhci_hcd vhci_hcd.0: Device attached [ 43.851312][ T3715] vhci_hcd: connection closed [ 43.851496][ T37] vhci_hcd: stop threads [ 43.860520][ T37] vhci_hcd: release socket [ 43.864973][ T37] vhci_hcd: disconnect device [ 43.872723][ T3708] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.924908][ T37] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.946549][ T29] kauditd_printk_skb: 286 callbacks suppressed [ 43.946638][ T29] audit: type=1326 audit(1759099616.626:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3707 comm="syz.0.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 43.976530][ T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.984062][ T29] audit: type=1326 audit(1759099616.656:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3707 comm="syz.0.74" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 43.986593][ T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.019878][ T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.029852][ T3720] 9pnet_fd: Insufficient options for proto=fd [ 44.036031][ T29] audit: type=1400 audit(1759099616.726:369): avc: denied { mounton } for pid=3719 comm="syz.3.77" path="/6/file0" dev="tmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 44.069487][ T3722] netlink: 'syz.0.78': attribute type 6 has an invalid length. [ 44.076728][ T29] audit: type=1400 audit(1759099616.756:370): avc: denied { unmount } for pid=3307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 44.109635][ T29] audit: type=1326 audit(1759099616.786:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3724 comm="syz.4.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2836dbeec9 code=0x7ffc0000 [ 44.112354][ T3725] loop4: detected capacity change from 0 to 512 [ 44.133046][ T29] audit: type=1326 audit(1759099616.786:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3724 comm="syz.4.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2836dbeec9 code=0x7ffc0000 [ 44.162555][ T29] audit: type=1326 audit(1759099616.796:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3724 comm="syz.4.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2836dbeec9 code=0x7ffc0000 [ 44.185836][ T29] audit: type=1326 audit(1759099616.796:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3724 comm="syz.4.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2836dbeec9 code=0x7ffc0000 [ 44.188189][ T3725] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.79: iget: bad i_size value: 38620345925642 [ 44.209235][ T29] audit: type=1326 audit(1759099616.796:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3724 comm="syz.4.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2836dbeec9 code=0x7ffc0000 [ 44.209277][ T29] audit: type=1326 audit(1759099616.796:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3724 comm="syz.4.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2836dbeec9 code=0x7ffc0000 [ 44.245474][ T3732] loop3: detected capacity change from 0 to 512 [ 44.279896][ T3732] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 44.288393][ T3725] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.79: couldn't read orphan inode 15 (err -117) [ 44.302516][ T3732] EXT4-fs (loop3): 1 truncate cleaned up [ 44.309382][ T3730] __nla_validate_parse: 25 callbacks suppressed [ 44.309401][ T3730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.81'. [ 44.310185][ T3725] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.315743][ T3730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.81'. [ 44.336296][ T3732] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.343741][ T3730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.81'. [ 44.383972][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.394415][ T3730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.81'. [ 44.403220][ T3730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.81'. [ 44.414049][ T3730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.81'. [ 44.423626][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.440077][ T3739] netlink: 8 bytes leftover after parsing attributes in process `syz.3.82'. [ 44.497731][ T3745] netlink: 4 bytes leftover after parsing attributes in process `syz.0.85'. [ 44.506642][ T3745] netlink: 4 bytes leftover after parsing attributes in process `syz.0.85'. [ 44.532191][ T3749] IPv6: NLM_F_CREATE should be specified when creating new route [ 44.556073][ T3745] netlink: 4 bytes leftover after parsing attributes in process `syz.0.85'. [ 44.611803][ T3759] SELinux: policydb version 0 does not match my version range 15-35 [ 44.623788][ T3759] SELinux: failed to load policy [ 44.628996][ T3753] SELinux: policydb version 0 does not match my version range 15-35 [ 44.637329][ T3753] SELinux: failed to load policy [ 44.672708][ T3388] hid-generic 0000:0003:0000.0002: item fetching failed at offset 0/2 [ 44.672739][ T3765] 9pnet_fd: Insufficient options for proto=fd [ 44.683296][ T3388] hid-generic 0000:0003:0000.0002: probe with driver hid-generic failed with error -22 [ 44.776324][ T3775] loop3: detected capacity change from 0 to 512 [ 44.803550][ T3775] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 44.814632][ T3774] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.838785][ T3775] EXT4-fs (loop3): 1 truncate cleaned up [ 44.844819][ T3775] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.916172][ T3774] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.940519][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.988984][ T3766] loop1: detected capacity change from 0 to 764 [ 45.083999][ T3774] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.175849][ T3774] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.320811][ T3789] loop4: detected capacity change from 0 to 1024 [ 45.333403][ T3789] ======================================================= [ 45.333403][ T3789] WARNING: The mand mount option has been deprecated and [ 45.333403][ T3789] and is ignored by this kernel. Remove the mand [ 45.333403][ T3789] option from the mount to silence this warning. [ 45.333403][ T3789] ======================================================= [ 45.370480][ T3789] EXT4-fs: Ignoring removed nobh option [ 45.376164][ T3789] EXT4-fs: Ignoring removed bh option [ 45.383765][ T3789] EXT4-fs (loop4): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 45.409881][ T3789] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.440597][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.671802][ T3808] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.699291][ T3811] loop4: detected capacity change from 0 to 1024 [ 45.712553][ T3811] EXT4-fs: Ignoring removed nobh option [ 45.718248][ T3811] EXT4-fs: Ignoring removed bh option [ 45.727858][ T3812] netlink: 'syz.2.107': attribute type 11 has an invalid length. [ 45.740733][ T3808] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.752990][ T3811] EXT4-fs (loop4): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 45.770045][ T3811] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.793361][ T3808] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.819140][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.870549][ T3808] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.941980][ T3430] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.961237][ T3430] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.980690][ T3430] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.990483][ T3430] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.033878][ T3828] loop2: detected capacity change from 0 to 1024 [ 46.053826][ T3828] EXT4-fs: Ignoring removed orlov option [ 46.070242][ T3828] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.193483][ T3842] loop3: detected capacity change from 0 to 1024 [ 46.204843][ T3842] EXT4-fs: Ignoring removed orlov option [ 46.231188][ T3842] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.289594][ T3850] loop1: detected capacity change from 0 to 512 [ 46.322953][ T3850] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.122: iget: bad i_size value: 38620345925642 [ 46.376155][ T3850] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.122: couldn't read orphan inode 15 (err -117) [ 46.390065][ T3850] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.403447][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.426851][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.510153][ T3858] loop1: detected capacity change from 0 to 1024 [ 46.518983][ T3858] EXT4-fs: Ignoring removed orlov option [ 46.529668][ T3858] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.690226][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.774830][ T3866] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.800358][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.816960][ T3867] netlink: 'syz.3.126': attribute type 11 has an invalid length. [ 46.851339][ T3866] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.896843][ T3866] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.959003][ T3866] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.148778][ T37] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.185414][ T37] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.203145][ T37] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.242759][ T37] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.278811][ T3887] loop3: detected capacity change from 0 to 512 [ 47.279097][ T3891] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 47.292692][ T3891] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 47.300835][ T3891] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 47.308438][ T3891] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 47.331078][ T3887] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.135: iget: bad i_size value: 38620345925642 [ 47.344915][ T3887] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.135: couldn't read orphan inode 15 (err -117) [ 47.360260][ T3887] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.386530][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.464732][ T3907] bridge1: entered promiscuous mode [ 47.562451][ T3916] loop3: detected capacity change from 0 to 1024 [ 47.573101][ T3916] EXT4-fs: Ignoring removed orlov option [ 47.592405][ T3916] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.789650][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.813173][ T3430] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.830799][ T3430] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.839654][ T3430] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.848088][ T3430] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.396415][ T3959] loop0: detected capacity change from 0 to 8192 [ 48.761487][ T3982] loop0: detected capacity change from 0 to 128 [ 48.789942][ T3984] SELinux: policydb version 295490586 does not match my version range 15-35 [ 48.809368][ T3984] SELinux: failed to load policy [ 48.955104][ T3996] netem: change failed [ 48.966871][ T29] kauditd_printk_skb: 502 callbacks suppressed [ 48.966899][ T29] audit: type=1400 audit(1759099621.646:879): avc: denied { create } for pid=3983 comm="syz.1.173" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 48.992997][ T29] audit: type=1400 audit(1759099621.646:880): avc: denied { setopt } for pid=3983 comm="syz.1.173" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 49.012385][ T29] audit: type=1400 audit(1759099621.666:881): avc: denied { create } for pid=3983 comm="syz.1.173" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 49.031844][ T29] audit: type=1400 audit(1759099621.666:882): avc: denied { setopt } for pid=3983 comm="syz.1.173" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 49.051312][ T29] audit: type=1400 audit(1759099621.666:883): avc: denied { bind } for pid=3983 comm="syz.1.173" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 49.070730][ T29] audit: type=1400 audit(1759099621.666:884): avc: denied { name_bind } for pid=3983 comm="syz.1.173" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 49.094973][ T29] audit: type=1400 audit(1759099621.666:885): avc: denied { node_bind } for pid=3983 comm="syz.1.173" saddr=127.0.0.1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 49.117191][ T29] audit: type=1326 audit(1759099621.686:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3983 comm="syz.1.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6530a2eec9 code=0x7ffc0000 [ 49.140617][ T29] audit: type=1326 audit(1759099621.686:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3983 comm="syz.1.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6530a2eec9 code=0x7ffc0000 [ 49.167159][ T29] audit: type=1400 audit(1759099621.806:888): avc: denied { read } for pid=3997 comm="syz.4.179" name="qrtr-tun" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 49.214975][ T4003] loop1: detected capacity change from 0 to 512 [ 49.232583][ T4003] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.246021][ T4003] ext4 filesystem being mounted at /63/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 49.258600][ T4003] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.181: Failed to acquire dquot type 1 [ 49.289743][ T4010] FAULT_INJECTION: forcing a failure. [ 49.289743][ T4010] name failslab, interval 1, probability 0, space 0, times 0 [ 49.302458][ T4010] CPU: 0 UID: 0 PID: 4010 Comm: syz.0.182 Not tainted syzkaller #0 PREEMPT(voluntary) [ 49.302506][ T4010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 49.302533][ T4010] Call Trace: [ 49.302541][ T4010] [ 49.302551][ T4010] __dump_stack+0x1d/0x30 [ 49.302579][ T4010] dump_stack_lvl+0xe8/0x140 [ 49.302602][ T4010] dump_stack+0x15/0x1b [ 49.302618][ T4010] should_fail_ex+0x265/0x280 [ 49.302643][ T4010] should_failslab+0x8c/0xb0 [ 49.302753][ T4010] kmem_cache_alloc_node_noprof+0x57/0x320 [ 49.302787][ T4010] ? __alloc_skb+0x101/0x320 [ 49.302815][ T4010] __alloc_skb+0x101/0x320 [ 49.302841][ T4010] netlink_alloc_large_skb+0xba/0xf0 [ 49.302867][ T4010] netlink_sendmsg+0x3cf/0x6b0 [ 49.302987][ T4010] ? __pfx_netlink_sendmsg+0x10/0x10 [ 49.303014][ T4010] __sock_sendmsg+0x145/0x180 [ 49.303054][ T4010] ____sys_sendmsg+0x31e/0x4e0 [ 49.303089][ T4010] ___sys_sendmsg+0x17b/0x1d0 [ 49.303201][ T4010] __x64_sys_sendmsg+0xd4/0x160 [ 49.303348][ T4010] x64_sys_call+0x191e/0x2ff0 [ 49.303452][ T4010] do_syscall_64+0xd2/0x200 [ 49.303492][ T4010] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 49.303550][ T4010] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 49.303596][ T4010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 49.303623][ T4010] RIP: 0033:0x7ff6a6f7eec9 [ 49.303642][ T4010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 49.303665][ T4010] RSP: 002b:00007ff6a59e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 49.303690][ T4010] RAX: ffffffffffffffda RBX: 00007ff6a71d5fa0 RCX: 00007ff6a6f7eec9 [ 49.303707][ T4010] RDX: 0000000000000000 RSI: 0000200000001200 RDI: 0000000000000006 [ 49.303794][ T4010] RBP: 00007ff6a59e7090 R08: 0000000000000000 R09: 0000000000000000 [ 49.303811][ T4010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 49.303827][ T4010] R13: 00007ff6a71d6038 R14: 00007ff6a71d5fa0 R15: 00007ffdddfc4f98 [ 49.303852][ T4010] [ 49.304527][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.547702][ T4017] __nla_validate_parse: 19 callbacks suppressed [ 49.547733][ T4017] netlink: 8 bytes leftover after parsing attributes in process `syz.1.183'. [ 49.576739][ T4019] loop4: detected capacity change from 0 to 128 [ 49.602266][ T4019] netlink: 20 bytes leftover after parsing attributes in process `syz.4.186'. [ 49.669079][ T4033] loop0: detected capacity change from 0 to 512 [ 49.680901][ T4033] ext3: Unknown parameter 'silent' [ 49.697181][ T4041] program syz.4.195 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 49.736399][ T4046] 9pnet_fd: Insufficient options for proto=fd [ 49.754191][ T4050] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 49.755868][ T4047] netlink: 8 bytes leftover after parsing attributes in process `syz.0.198'. [ 49.803216][ T4053] loop1: detected capacity change from 0 to 512 [ 49.810670][ T4053] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 49.822486][ T4053] EXT4-fs (loop1): 1 truncate cleaned up [ 49.828595][ T4053] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.867477][ T4059] loop0: detected capacity change from 0 to 128 [ 49.876452][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.889962][ T4059] netlink: 20 bytes leftover after parsing attributes in process `syz.0.202'. [ 49.922697][ T4062] loop0: detected capacity change from 0 to 512 [ 49.930238][ T4062] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 49.939877][ T4062] EXT4-fs (loop0): orphan cleanup on readonly fs [ 49.946636][ T4062] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.204: Failed to acquire dquot type 1 [ 49.960088][ T4062] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.204: bg 0: block 40: padding at end of block bitmap is not set [ 49.974464][ T4062] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 50.004253][ T4062] EXT4-fs (loop0): 1 truncate cleaned up [ 50.015564][ T4062] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 50.061948][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.095587][ T4071] netlink: 16 bytes leftover after parsing attributes in process `syz.0.207'. [ 50.223194][ T4078] FAULT_INJECTION: forcing a failure. [ 50.223194][ T4078] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 50.236449][ T4078] CPU: 1 UID: 0 PID: 4078 Comm: syz.1.210 Not tainted syzkaller #0 PREEMPT(voluntary) [ 50.236476][ T4078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 50.236488][ T4078] Call Trace: [ 50.236497][ T4078] [ 50.236506][ T4078] __dump_stack+0x1d/0x30 [ 50.236531][ T4078] dump_stack_lvl+0xe8/0x140 [ 50.236558][ T4078] dump_stack+0x15/0x1b [ 50.236578][ T4078] should_fail_ex+0x265/0x280 [ 50.236605][ T4078] should_fail+0xb/0x20 [ 50.236633][ T4078] should_fail_usercopy+0x1a/0x20 [ 50.236680][ T4078] strncpy_from_user+0x25/0x230 [ 50.236720][ T4078] ? kmem_cache_alloc_noprof+0x186/0x310 [ 50.236749][ T4078] ? getname_flags+0x80/0x3b0 [ 50.236804][ T4078] getname_flags+0xae/0x3b0 [ 50.236842][ T4078] getname_uflags+0x21/0x30 [ 50.236878][ T4078] __x64_sys_execveat+0x5d/0x90 [ 50.236911][ T4078] x64_sys_call+0x1fec/0x2ff0 [ 50.237007][ T4078] do_syscall_64+0xd2/0x200 [ 50.237048][ T4078] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 50.237079][ T4078] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 50.237124][ T4078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.237186][ T4078] RIP: 0033:0x7f6530a2eec9 [ 50.237205][ T4078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.237264][ T4078] RSP: 002b:00007f652f497038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 50.237316][ T4078] RAX: ffffffffffffffda RBX: 00007f6530c85fa0 RCX: 00007f6530a2eec9 [ 50.237331][ T4078] RDX: 0000000000000000 RSI: 0000200000001400 RDI: ffffffffffffff9c [ 50.237347][ T4078] RBP: 00007f652f497090 R08: 0000000000000000 R09: 0000000000000000 [ 50.237362][ T4078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 50.237378][ T4078] R13: 00007f6530c86038 R14: 00007f6530c85fa0 R15: 00007ffc35cc77d8 [ 50.237403][ T4078] [ 50.441870][ T4079] netlink: 8 bytes leftover after parsing attributes in process `syz.2.211'. [ 50.503682][ T4083] loop0: detected capacity change from 0 to 8192 [ 50.736672][ T4099] SELinux: policydb version 0 does not match my version range 15-35 [ 50.745963][ T4099] SELinux: failed to load policy [ 50.804201][ T4101] loop2: detected capacity change from 0 to 1024 [ 50.821381][ T4101] EXT4-fs: Ignoring removed orlov option [ 50.825717][ T4104] loop1: detected capacity change from 0 to 512 [ 50.839645][ T4101] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.852742][ T4104] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.220: iget: bad i_size value: 38620345925642 [ 50.865643][ T4104] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.220: couldn't read orphan inode 15 (err -117) [ 50.882122][ T4104] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.058619][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.144461][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.192090][ T4118] loop0: detected capacity change from 0 to 512 [ 51.198942][ T4118] EXT4-fs: Ignoring removed mblk_io_submit option [ 51.207395][ T4118] EXT4-fs: Ignoring removed nomblk_io_submit option [ 51.214525][ T4118] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 51.223034][ T4118] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 51.240697][ T4118] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.223: Allocating blocks 41-42 which overlap fs metadata [ 51.259268][ T4118] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.223: Failed to acquire dquot type 1 [ 51.274137][ T4118] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 51.290258][ T4118] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #12: comm syz.0.223: corrupted inode contents [ 51.302881][ T4118] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #12: comm syz.0.223: mark_inode_dirty error [ 51.315451][ T4118] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #12: comm syz.0.223: corrupted inode contents [ 51.333300][ T4129] netlink: 'syz.2.227': attribute type 1 has an invalid length. [ 51.341687][ T4118] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #12: comm syz.0.223: mark_inode_dirty error [ 51.353311][ T4118] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #12: comm syz.0.223: corrupted inode contents [ 51.381379][ T4118] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 51.390936][ T4118] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #12: comm syz.0.223: corrupted inode contents [ 51.403052][ T4118] EXT4-fs error (device loop0): ext4_truncate:4666: inode #12: comm syz.0.223: mark_inode_dirty error [ 51.417312][ T4118] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 51.442657][ T4118] EXT4-fs (loop0): 1 truncate cleaned up [ 51.443805][ T4137] loop4: detected capacity change from 0 to 1024 [ 51.448985][ T4118] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.456354][ T4137] EXT4-fs: Ignoring removed orlov option [ 51.474330][ T4139] 9pnet_fd: Insufficient options for proto=fd [ 51.484721][ T4137] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.508979][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.519176][ T171] EXT4-fs error (device loop0): ext4_release_dquot:6973: comm kworker/u8:6: Failed to release dquot type 1 [ 51.541530][ T4141] loop1: detected capacity change from 0 to 512 [ 51.549423][ T4141] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 51.583650][ T4141] EXT4-fs (loop1): 1 truncate cleaned up [ 51.583683][ T4146] loop0: detected capacity change from 0 to 164 [ 51.589910][ T4141] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.624862][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.637386][ C0] af_packet: tpacket_rcv: packet too big, clamped from 56 to 4294967272. macoff=96 [ 51.649247][ T4146] syz.0.236: attempt to access beyond end of device [ 51.649247][ T4146] loop0: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 51.664723][ T4146] syz.0.236: attempt to access beyond end of device [ 51.664723][ T4146] loop0: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 51.700392][ T4152] netlink: 16 bytes leftover after parsing attributes in process `syz.1.239'. [ 51.828743][ T4166] netlink: 8 bytes leftover after parsing attributes in process `syz.0.245'. [ 51.847449][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.856745][ T4166] netlink: 'syz.0.245': attribute type 27 has an invalid length. [ 51.936999][ T4166] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.944413][ T4166] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.988582][ T4173] netlink: 8 bytes leftover after parsing attributes in process `syz.0.245'. [ 52.215514][ T4166] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 52.228991][ T4166] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 52.321752][ T51] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.389635][ T37] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.420233][ T37] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.450720][ T37] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.478690][ T4204] IPv6: NLM_F_CREATE should be specified when creating new route [ 52.509680][ T4206] netlink: 16 bytes leftover after parsing attributes in process `syz.2.254'. [ 52.529567][ T4207] loop4: detected capacity change from 0 to 512 [ 52.556317][ T4207] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.253: iget: bad i_size value: 38620345925642 [ 52.586671][ T4207] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.253: couldn't read orphan inode 15 (err -117) [ 52.600110][ T4207] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.644884][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.809317][ T4231] SELinux: policydb version 295490586 does not match my version range 15-35 [ 52.827178][ T4231] SELinux: failed to load policy [ 52.848268][ T4238] loop3: detected capacity change from 0 to 512 [ 52.882048][ T4238] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.268: iget: bad i_size value: 38620345925642 [ 52.931846][ T4238] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.268: couldn't read orphan inode 15 (err -117) [ 52.970064][ T4238] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.001477][ T4241] loop2: detected capacity change from 0 to 1024 [ 53.042641][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.052538][ T4241] EXT4-fs (loop2): VFS: Can't find ext4 filesystem [ 53.358354][ T4272] SELinux: policydb version 0 does not match my version range 15-35 [ 53.366600][ T4272] SELinux: failed to load policy [ 53.474418][ T4284] loop0: detected capacity change from 0 to 512 [ 53.481444][ T4284] EXT4-fs: Ignoring removed oldalloc option [ 53.487528][ T4284] EXT4-fs: inline encryption not supported [ 53.493399][ T4284] EXT4-fs: Ignoring removed mblk_io_submit option [ 53.501223][ T4284] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 53.531566][ T4284] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.288: bg 0: block 64: padding at end of block bitmap is not set [ 53.546828][ T4284] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.288: Failed to acquire dquot type 0 [ 53.561602][ T4284] EXT4-fs (loop0): 1 truncate cleaned up [ 53.567976][ T4284] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.597458][ T4284] syz.0.288 (4284) used greatest stack depth: 9264 bytes left [ 53.608680][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.732119][ T4299] FAULT_INJECTION: forcing a failure. [ 53.732119][ T4299] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 53.745380][ T4299] CPU: 0 UID: 0 PID: 4299 Comm: syz.0.292 Not tainted syzkaller #0 PREEMPT(voluntary) [ 53.745411][ T4299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 53.745505][ T4299] Call Trace: [ 53.745513][ T4299] [ 53.745523][ T4299] __dump_stack+0x1d/0x30 [ 53.745604][ T4299] dump_stack_lvl+0xe8/0x140 [ 53.745628][ T4299] dump_stack+0x15/0x1b [ 53.745648][ T4299] should_fail_ex+0x265/0x280 [ 53.745725][ T4299] should_fail+0xb/0x20 [ 53.745749][ T4299] should_fail_usercopy+0x1a/0x20 [ 53.745782][ T4299] strncpy_from_user+0x25/0x230 [ 53.745844][ T4299] ? kmem_cache_alloc_noprof+0x186/0x310 [ 53.745876][ T4299] ? getname_flags+0x80/0x3b0 [ 53.745909][ T4299] getname_flags+0xae/0x3b0 [ 53.746000][ T4299] do_sys_openat2+0x60/0x110 [ 53.746087][ T4299] __x64_sys_open+0xe6/0x110 [ 53.746128][ T4299] x64_sys_call+0x1457/0x2ff0 [ 53.746162][ T4299] do_syscall_64+0xd2/0x200 [ 53.746194][ T4299] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 53.746218][ T4299] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 53.746254][ T4299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.746325][ T4299] RIP: 0033:0x7ff6a6f7eec9 [ 53.746349][ T4299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.746371][ T4299] RSP: 002b:00007ff6a59c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 53.746395][ T4299] RAX: ffffffffffffffda RBX: 00007ff6a71d6090 RCX: 00007ff6a6f7eec9 [ 53.746412][ T4299] RDX: 0000000000000000 RSI: 0000000000060840 RDI: 00002000009e1000 [ 53.746532][ T4299] RBP: 00007ff6a59c6090 R08: 0000000000000000 R09: 0000000000000000 [ 53.746543][ T4299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 53.746585][ T4299] R13: 00007ff6a71d6128 R14: 00007ff6a71d6090 R15: 00007ffdddfc4f98 [ 53.746609][ T4299] [ 53.942899][ T4236] syz.2.267 (4236) used greatest stack depth: 7288 bytes left [ 53.968045][ T29] kauditd_printk_skb: 2158 callbacks suppressed [ 53.968063][ T29] audit: type=1400 audit(1759099626.656:3037): avc: denied { connect } for pid=4301 comm="syz.2.295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 53.994157][ T29] audit: type=1400 audit(1759099626.676:3038): avc: denied { shutdown } for pid=4301 comm="syz.2.295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 54.022440][ T29] audit: type=1400 audit(1759099626.696:3039): avc: denied { unlink } for pid=3300 comm="syz-executor" name="file0" dev="tmpfs" ino=428 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 54.045252][ T29] audit: type=1400 audit(1759099626.706:3040): avc: denied { create } for pid=4305 comm="syz.0.297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 54.064956][ T29] audit: type=1326 audit(1759099626.706:3041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4305 comm="syz.0.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 54.088426][ T29] audit: type=1326 audit(1759099626.706:3042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4305 comm="syz.0.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 54.111750][ T29] audit: type=1326 audit(1759099626.706:3043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4305 comm="syz.0.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 54.135176][ T29] audit: type=1326 audit(1759099626.706:3044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4305 comm="syz.0.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 54.158558][ T29] audit: type=1400 audit(1759099626.706:3045): avc: denied { setopt } for pid=4305 comm="syz.0.297" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 54.180262][ T29] audit: type=1326 audit(1759099626.866:3046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4305 comm="syz.0.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 54.271955][ T4318] loop0: detected capacity change from 0 to 1024 [ 54.282765][ T4318] EXT4-fs: Ignoring removed bh option [ 54.306395][ T4318] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.362048][ T4338] FAULT_INJECTION: forcing a failure. [ 54.362048][ T4338] name failslab, interval 1, probability 0, space 0, times 0 [ 54.366217][ T4318] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 54.374977][ T4338] CPU: 1 UID: 0 PID: 4338 Comm: syz.2.309 Not tainted syzkaller #0 PREEMPT(voluntary) [ 54.375016][ T4338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 54.375087][ T4338] Call Trace: [ 54.375156][ T4338] [ 54.375176][ T4338] __dump_stack+0x1d/0x30 [ 54.375206][ T4338] dump_stack_lvl+0xe8/0x140 [ 54.375233][ T4338] dump_stack+0x15/0x1b [ 54.375256][ T4338] should_fail_ex+0x265/0x280 [ 54.375292][ T4338] should_failslab+0x8c/0xb0 [ 54.375328][ T4338] kmem_cache_alloc_node_noprof+0x57/0x320 [ 54.375418][ T4338] ? __alloc_skb+0x101/0x320 [ 54.375448][ T4338] __alloc_skb+0x101/0x320 [ 54.375474][ T4338] ? audit_log_start+0x365/0x6c0 [ 54.375558][ T4338] audit_log_start+0x380/0x6c0 [ 54.375606][ T4338] audit_seccomp+0x48/0x100 [ 54.375672][ T4338] ? __seccomp_filter+0x68c/0x10d0 [ 54.375703][ T4338] __seccomp_filter+0x69d/0x10d0 [ 54.375735][ T4338] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 54.375825][ T4338] ? vfs_write+0x7e8/0x960 [ 54.375858][ T4338] ? __rcu_read_unlock+0x4f/0x70 [ 54.375945][ T4338] ? __fget_files+0x184/0x1c0 [ 54.375984][ T4338] __secure_computing+0x82/0x150 [ 54.376046][ T4338] syscall_trace_enter+0xcf/0x1e0 [ 54.376082][ T4338] do_syscall_64+0xac/0x200 [ 54.376132][ T4338] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 54.376169][ T4338] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 54.376255][ T4338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.376283][ T4338] RIP: 0033:0x7f1ce294eec9 [ 54.376304][ T4338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.376330][ T4338] RSP: 002b:00007f1ce13b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000040 [ 54.376357][ T4338] RAX: ffffffffffffffda RBX: 00007f1ce2ba5fa0 RCX: 00007f1ce294eec9 [ 54.376376][ T4338] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 [ 54.376420][ T4338] RBP: 00007f1ce13b7090 R08: 0000000000000000 R09: 0000000000000000 [ 54.376437][ T4338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 54.376455][ T4338] R13: 00007f1ce2ba6038 R14: 00007f1ce2ba5fa0 R15: 00007ffeb4e22e18 [ 54.376485][ T4338] [ 54.603918][ T4318] EXT4-fs error (device loop0): ext4_check_all_de:659: inode #12: block 7: comm syz.0.302: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=124 fake=0 [ 54.625084][ T4318] EXT4-fs (loop0): Remounting filesystem read-only [ 54.740962][ T4360] tipc: Started in network mode [ 54.745889][ T4360] tipc: Node identity 4, cluster identity 4711 [ 54.752120][ T4360] tipc: Node number set to 4 [ 54.757947][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.784143][ T4364] __nla_validate_parse: 3 callbacks suppressed [ 54.784158][ T4364] netlink: 8 bytes leftover after parsing attributes in process `syz.4.319'. [ 54.801131][ T4366] netlink: 8 bytes leftover after parsing attributes in process `syz.0.320'. [ 54.865267][ T4368] SELinux: policydb version 295490586 does not match my version range 15-35 [ 54.874197][ T4368] SELinux: failed to load policy [ 54.895176][ T4370] SELinux: policydb version 0 does not match my version range 15-35 [ 54.903598][ T4370] SELinux: failed to load policy [ 54.990716][ T4186] hid-generic 0000:0003:0000.0003: item fetching failed at offset 0/2 [ 55.001949][ T4186] hid-generic 0000:0003:0000.0003: probe with driver hid-generic failed with error -22 [ 55.108030][ T4394] 9pnet_fd: Insufficient options for proto=fd [ 55.122597][ T4396] netlink: 8 bytes leftover after parsing attributes in process `syz.0.334'. [ 55.177547][ T4394] loop4: detected capacity change from 0 to 512 [ 55.185414][ T4394] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 55.198242][ T4394] EXT4-fs (loop4): 1 truncate cleaned up [ 55.206009][ T4399] loop0: detected capacity change from 0 to 128 [ 55.227859][ T4394] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.273365][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.375312][ T4409] loop4: detected capacity change from 0 to 512 [ 55.390687][ T4413] 9pnet_fd: Insufficient options for proto=fd [ 55.400167][ T4409] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.338: corrupted in-inode xattr: invalid ea_ino [ 55.422031][ T4409] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.338: couldn't read orphan inode 15 (err -117) [ 55.435481][ T4409] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.488728][ T4417] loop0: detected capacity change from 0 to 512 [ 55.495805][ T4417] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 55.522256][ T3307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.532803][ T4417] EXT4-fs (loop0): 1 truncate cleaned up [ 55.540207][ T4417] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.599769][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.739711][ T4429] netlink: 8 bytes leftover after parsing attributes in process `syz.2.345'. [ 55.834263][ T9] hid-generic 0000:0003:0000.0004: item fetching failed at offset 0/2 [ 55.843814][ T9] hid-generic 0000:0003:0000.0004: probe with driver hid-generic failed with error -22 [ 55.862494][ T4444] loop2: detected capacity change from 0 to 1024 [ 55.869467][ T4444] EXT4-fs: Ignoring removed orlov option [ 55.880956][ T4444] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.916067][ T4450] loop4: detected capacity change from 0 to 512 [ 55.952980][ T4450] EXT4-fs: Ignoring removed mblk_io_submit option [ 55.977185][ T4450] EXT4-fs: Ignoring removed nomblk_io_submit option [ 55.997952][ T4450] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 56.006758][ T4450] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 56.017050][ T4454] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.030122][ T4450] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.353: Allocating blocks 41-42 which overlap fs metadata [ 56.045356][ T4450] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.353: Allocating blocks 41-42 which overlap fs metadata [ 56.060368][ T4450] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.353: Failed to acquire dquot type 1 [ 56.067772][ T4459] netlink: 'syz.3.354': attribute type 11 has an invalid length. [ 56.072430][ T4450] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 56.095194][ T4450] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #12: comm syz.4.353: corrupted inode contents [ 56.096494][ T4454] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.118603][ T4450] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #12: comm syz.4.353: mark_inode_dirty error [ 56.131083][ T4450] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #12: comm syz.4.353: corrupted inode contents [ 56.143309][ T4450] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #12: comm syz.4.353: mark_inode_dirty error [ 56.154819][ T4450] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #12: comm syz.4.353: corrupted inode contents [ 56.166808][ T4450] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 56.176517][ T4450] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #12: comm syz.4.353: corrupted inode contents [ 56.191341][ T4450] EXT4-fs error (device loop4): ext4_truncate:4666: inode #12: comm syz.4.353: mark_inode_dirty error [ 56.203379][ T4454] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.204051][ T4450] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 56.223851][ T4450] EXT4-fs (loop4): 1 truncate cleaned up [ 56.230066][ T4450] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.251543][ T4450] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.353: Allocating blocks 41-42 which overlap fs metadata [ 56.266562][ T4450] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.353: Failed to acquire dquot type 1 [ 56.279584][ T4454] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.317442][ T4464] loop4: detected capacity change from 0 to 512 [ 56.325887][ T4464] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.356: iget: bad i_size value: 38620345925642 [ 56.340981][ T4464] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.356: couldn't read orphan inode 15 (err -117) [ 56.355652][ T3430] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.366231][ T4467] SELinux: policydb version 0 does not match my version range 15-35 [ 56.368959][ T3430] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.374670][ T4467] SELinux: failed to load policy [ 56.397367][ T3430] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.410389][ T3430] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.460066][ T4473] loop4: detected capacity change from 0 to 512 [ 56.481432][ T4473] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.360: iget: bad i_size value: 38620345925642 [ 56.509439][ T4188] hid-generic 0000:0003:0000.0005: unknown main item tag 0x0 [ 56.516912][ T4188] hid-generic 0000:0003:0000.0005: unknown main item tag 0x0 [ 56.524562][ T4473] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.360: couldn't read orphan inode 15 (err -117) [ 56.541082][ T4188] hid-generic 0000:0003:0000.0005: hidraw0: HID v0.03 Device [syz0] on syz0 [ 56.605142][ T4485] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.651764][ T4488] netlink: 'syz.4.365': attribute type 11 has an invalid length. [ 56.673876][ T4490] loop2: detected capacity change from 0 to 512 [ 56.690641][ T4490] EXT4-fs: Ignoring removed mblk_io_submit option [ 56.697493][ T4490] EXT4-fs: Ignoring removed nomblk_io_submit option [ 56.704973][ T4485] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.716114][ T4490] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 56.724696][ T4490] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 56.740420][ T4495] SELinux: policydb version 0 does not match my version range 15-35 [ 56.748816][ T4495] SELinux: failed to load policy [ 56.755323][ T4490] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.367: Allocating blocks 41-42 which overlap fs metadata [ 56.774108][ T4490] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.367: Failed to acquire dquot type 1 [ 56.785985][ T4490] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 56.802904][ T4490] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.367: corrupted inode contents [ 56.815940][ T4490] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #12: comm syz.2.367: mark_inode_dirty error [ 56.827915][ T4490] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.367: corrupted inode contents [ 56.845018][ T4490] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #12: comm syz.2.367: mark_inode_dirty error [ 56.856699][ T4485] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.859399][ T4490] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.367: corrupted inode contents [ 56.879603][ T4490] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 56.888524][ T4490] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #12: comm syz.2.367: corrupted inode contents [ 56.900828][ T4490] EXT4-fs error (device loop2): ext4_truncate:4666: inode #12: comm syz.2.367: mark_inode_dirty error [ 56.912142][ T4490] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 56.921493][ T4490] EXT4-fs (loop2): 1 truncate cleaned up [ 56.949483][ T37] EXT4-fs error (device loop2): ext4_release_dquot:6973: comm kworker/u8:2: Failed to release dquot type 1 [ 56.962224][ T4485] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.983479][ T4507] netlink: 16 bytes leftover after parsing attributes in process `syz.3.374'. [ 57.037515][ T3430] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.051668][ T3430] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.061746][ T3430] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.070107][ T3430] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.134722][ T4520] loop2: detected capacity change from 0 to 512 [ 57.144271][ T4520] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 57.156373][ T4520] EXT4-fs (loop2): 1 truncate cleaned up [ 57.170540][ T4524] loop4: detected capacity change from 0 to 1024 [ 57.194373][ T4524] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. [ 57.204272][ T4524] netlink: 4 bytes leftover after parsing attributes in process `syz.4.379'. [ 57.214317][ T4524] bridge_slave_1: left allmulticast mode [ 57.220392][ T4524] bridge_slave_1: left promiscuous mode [ 57.226469][ T4524] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.235150][ T4524] bridge_slave_0: left allmulticast mode [ 57.241001][ T4524] bridge_slave_0: left promiscuous mode [ 57.246754][ T4524] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.284757][ T4533] netlink: 8 bytes leftover after parsing attributes in process `syz.3.383'. [ 57.332432][ T4536] loop3: detected capacity change from 0 to 512 [ 57.339327][ T4536] EXT4-fs: Ignoring removed mblk_io_submit option [ 57.345792][ T4536] EXT4-fs: Ignoring removed nomblk_io_submit option [ 57.353152][ T4536] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 57.355846][ T4530] tipc: Started in network mode [ 57.361625][ T4536] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 57.375663][ T4530] tipc: Node identity 4, cluster identity 4711 [ 57.379203][ T4536] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.384: Allocating blocks 41-42 which overlap fs metadata [ 57.381858][ T4530] tipc: Node number set to 4 [ 57.397052][ T4536] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.384: Allocating blocks 41-42 which overlap fs metadata [ 57.414180][ T4536] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.384: Failed to acquire dquot type 1 [ 57.425737][ T4536] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 57.440377][ T4536] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.384: corrupted inode contents [ 57.452348][ T4536] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #12: comm syz.3.384: mark_inode_dirty error [ 57.464040][ T4536] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.384: corrupted inode contents [ 57.476121][ T4536] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #12: comm syz.3.384: mark_inode_dirty error [ 57.487708][ T4536] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.384: corrupted inode contents [ 57.499889][ T4536] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 57.508958][ T4536] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #12: comm syz.3.384: corrupted inode contents [ 57.521192][ T4536] EXT4-fs error (device loop3): ext4_truncate:4666: inode #12: comm syz.3.384: mark_inode_dirty error [ 57.532529][ T4536] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 57.541846][ T4536] EXT4-fs (loop3): 1 truncate cleaned up [ 57.554048][ T4536] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.384: Allocating blocks 41-42 which overlap fs metadata [ 57.568095][ T4536] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.384: Failed to acquire dquot type 1 [ 57.629303][ T4542] netlink: 16 bytes leftover after parsing attributes in process `syz.3.386'. [ 57.996923][ T4560] loop0: detected capacity change from 0 to 764 [ 58.103876][ T4182] hid-generic 0000:0003:0000.0006: unknown main item tag 0x0 [ 58.111421][ T4182] hid-generic 0000:0003:0000.0006: unknown main item tag 0x0 [ 58.119773][ T4182] hid-generic 0000:0003:0000.0006: hidraw0: HID v0.03 Device [syz0] on syz0 [ 58.302746][ T4582] loop2: detected capacity change from 0 to 512 [ 58.314667][ T4582] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 58.326530][ T4582] EXT4-fs (loop2): 1 truncate cleaned up [ 58.358649][ T4588] SELinux: policydb version 0 does not match my version range 15-35 [ 58.366865][ T4588] SELinux: failed to load policy [ 58.394043][ T4590] loop2: detected capacity change from 0 to 1024 [ 58.400917][ T4590] EXT4-fs: Ignoring removed orlov option [ 58.422078][ T4586] loop1: detected capacity change from 0 to 512 [ 58.429639][ T4586] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 58.440984][ T4586] EXT4-fs (loop1): 1 truncate cleaned up [ 58.594656][ T4188] hid-generic 0000:0003:0000.0007: unknown main item tag 0x0 [ 58.602172][ T4188] hid-generic 0000:0003:0000.0007: unknown main item tag 0x0 [ 58.672858][ T4188] hid-generic 0000:0003:0000.0007: hidraw0: HID v0.03 Device [syz0] on syz0 [ 58.769601][ T4615] netlink: 16 bytes leftover after parsing attributes in process `syz.2.418'. [ 58.822724][ T4618] netlink: 12 bytes leftover after parsing attributes in process `syz.3.419'. [ 58.862795][ T4619] FAULT_INJECTION: forcing a failure. [ 58.862795][ T4619] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 58.875964][ T4619] CPU: 1 UID: 0 PID: 4619 Comm: syz.2.420 Not tainted syzkaller #0 PREEMPT(voluntary) [ 58.876054][ T4619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 58.876083][ T4619] Call Trace: [ 58.876092][ T4619] [ 58.876108][ T4619] __dump_stack+0x1d/0x30 [ 58.876193][ T4619] dump_stack_lvl+0xe8/0x140 [ 58.876248][ T4619] dump_stack+0x15/0x1b [ 58.876271][ T4619] should_fail_ex+0x265/0x280 [ 58.876302][ T4619] should_fail+0xb/0x20 [ 58.876330][ T4619] should_fail_usercopy+0x1a/0x20 [ 58.876365][ T4619] _copy_to_user+0x20/0xa0 [ 58.876479][ T4619] simple_read_from_buffer+0xb5/0x130 [ 58.876509][ T4619] proc_fail_nth_read+0x10e/0x150 [ 58.876547][ T4619] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 58.876615][ T4619] vfs_read+0x1a5/0x770 [ 58.876640][ T4619] ? __rcu_read_unlock+0x4f/0x70 [ 58.876688][ T4619] ? __fget_files+0x184/0x1c0 [ 58.876784][ T4619] ksys_read+0xda/0x1a0 [ 58.876813][ T4619] __x64_sys_read+0x40/0x50 [ 58.876841][ T4619] x64_sys_call+0x27bc/0x2ff0 [ 58.876868][ T4619] do_syscall_64+0xd2/0x200 [ 58.876958][ T4619] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 58.876990][ T4619] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 58.877028][ T4619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.877089][ T4619] RIP: 0033:0x7f1ce294d8dc [ 58.877109][ T4619] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 58.877132][ T4619] RSP: 002b:00007f1ce13b7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 58.877185][ T4619] RAX: ffffffffffffffda RBX: 00007f1ce2ba5fa0 RCX: 00007f1ce294d8dc [ 58.877203][ T4619] RDX: 000000000000000f RSI: 00007f1ce13b70a0 RDI: 0000000000000004 [ 58.877219][ T4619] RBP: 00007f1ce13b7090 R08: 0000000000000000 R09: 0000000000000000 [ 58.877235][ T4619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 58.877256][ T4619] R13: 00007f1ce2ba6038 R14: 00007f1ce2ba5fa0 R15: 00007ffeb4e22e18 [ 58.877280][ T4619] [ 59.135168][ T29] kauditd_printk_skb: 623 callbacks suppressed [ 59.135186][ T29] audit: type=1326 audit(1759099631.816:3652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 59.164989][ T29] audit: type=1326 audit(1759099631.816:3653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 59.188618][ T29] audit: type=1326 audit(1759099631.816:3654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 59.212098][ T29] audit: type=1326 audit(1759099631.816:3655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 59.235668][ T29] audit: type=1326 audit(1759099631.816:3656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 59.259247][ T29] audit: type=1326 audit(1759099631.816:3657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 59.282662][ T29] audit: type=1326 audit(1759099631.816:3658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 59.306140][ T29] audit: type=1326 audit(1759099631.816:3659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 59.329620][ T29] audit: type=1326 audit(1759099631.816:3660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 59.353033][ T29] audit: type=1326 audit(1759099631.816:3661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4626 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7ff6a6f7eec9 code=0x7ffc0000 [ 59.399858][ T4634] IPv6: NLM_F_CREATE should be specified when creating new route [ 59.446377][ T4642] loop3: detected capacity change from 0 to 128 [ 59.454873][ T4642] ext4 filesystem being mounted at /80/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.498423][ T4186] hid-generic 0000:0003:0000.0008: unknown main item tag 0x0 [ 59.505980][ T4186] hid-generic 0000:0003:0000.0008: unknown main item tag 0x0 [ 59.517868][ T4186] hid-generic 0000:0003:0000.0008: hidraw0: HID v0.03 Device [syz0] on syz0 [ 59.582846][ T4654] loop3: detected capacity change from 0 to 1024 [ 59.589823][ T4654] EXT4-fs: Ignoring removed orlov option [ 59.841655][ T4682] FAULT_INJECTION: forcing a failure. [ 59.841655][ T4682] name failslab, interval 1, probability 0, space 0, times 0 [ 59.854411][ T4682] CPU: 0 UID: 0 PID: 4682 Comm: syz.0.446 Not tainted syzkaller #0 PREEMPT(voluntary) [ 59.854487][ T4682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 59.854501][ T4682] Call Trace: [ 59.854509][ T4682] [ 59.854519][ T4682] __dump_stack+0x1d/0x30 [ 59.854545][ T4682] dump_stack_lvl+0xe8/0x140 [ 59.854570][ T4682] dump_stack+0x15/0x1b [ 59.854589][ T4682] should_fail_ex+0x265/0x280 [ 59.854701][ T4682] ? bpf_prog_alloc_no_stats+0xc4/0x3a0 [ 59.854730][ T4682] should_failslab+0x8c/0xb0 [ 59.854761][ T4682] __kmalloc_cache_noprof+0x4c/0x320 [ 59.854803][ T4682] bpf_prog_alloc_no_stats+0xc4/0x3a0 [ 59.854859][ T4682] bpf_prog_alloc+0x3c/0x150 [ 59.854894][ T4682] bpf_prog_load+0x514/0x1070 [ 59.855032][ T4682] ? security_bpf+0x2b/0x90 [ 59.855052][ T4682] __sys_bpf+0x462/0x7b0 [ 59.855127][ T4682] __x64_sys_bpf+0x41/0x50 [ 59.855159][ T4682] x64_sys_call+0x2aea/0x2ff0 [ 59.855187][ T4682] do_syscall_64+0xd2/0x200 [ 59.855220][ T4682] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 59.855329][ T4682] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 59.855434][ T4682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.855465][ T4682] RIP: 0033:0x7ff6a6f7eec9 [ 59.855523][ T4682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.855538][ T4682] RSP: 002b:00007ff6a59e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 59.855555][ T4682] RAX: ffffffffffffffda RBX: 00007ff6a71d5fa0 RCX: 00007ff6a6f7eec9 [ 59.855566][ T4682] RDX: 0000000000000094 RSI: 00002000000001c0 RDI: 0000000000000005 [ 59.855576][ T4682] RBP: 00007ff6a59e7090 R08: 0000000000000000 R09: 0000000000000000 [ 59.855596][ T4682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 59.855607][ T4682] R13: 00007ff6a71d6038 R14: 00007ff6a71d5fa0 R15: 00007ffdddfc4f98 [ 59.855625][ T4682] [ 60.139844][ T4699] loop3: detected capacity change from 0 to 1024 [ 60.146467][ T4699] EXT4-fs: Ignoring removed orlov option [ 60.342258][ T4713] loop0: detected capacity change from 0 to 1024 [ 60.373829][ T4713] __nla_validate_parse: 1 callbacks suppressed [ 60.373904][ T4713] netlink: 4 bytes leftover after parsing attributes in process `syz.0.458'. [ 60.389095][ T4713] bridge_slave_1: left allmulticast mode [ 60.389116][ T4713] bridge_slave_1: left promiscuous mode [ 60.389252][ T4713] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 60.389310][ T4713] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.389920][ T4713] bridge_slave_0: left allmulticast mode [ 60.389938][ T4713] bridge_slave_0: left promiscuous mode [ 60.390039][ T4713] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.456608][ T4188] hid-generic 0000:0003:0000.0009: item fetching failed at offset 0/2 [ 60.465532][ T4188] hid-generic 0000:0003:0000.0009: probe with driver hid-generic failed with error -22 [ 60.600978][ T4728] FAULT_INJECTION: forcing a failure. [ 60.600978][ T4728] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 60.614201][ T4728] CPU: 0 UID: 0 PID: 4728 Comm: syz.2.464 Not tainted syzkaller #0 PREEMPT(voluntary) [ 60.614235][ T4728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 60.614282][ T4728] Call Trace: [ 60.614288][ T4728] [ 60.614295][ T4728] __dump_stack+0x1d/0x30 [ 60.614314][ T4728] dump_stack_lvl+0xe8/0x140 [ 60.614331][ T4728] dump_stack+0x15/0x1b [ 60.614345][ T4728] should_fail_ex+0x265/0x280 [ 60.614367][ T4728] should_fail+0xb/0x20 [ 60.614458][ T4728] should_fail_usercopy+0x1a/0x20 [ 60.614481][ T4728] _copy_to_user+0x20/0xa0 [ 60.614525][ T4728] simple_read_from_buffer+0xb5/0x130 [ 60.614637][ T4728] proc_fail_nth_read+0x10e/0x150 [ 60.614671][ T4728] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 60.614707][ T4728] vfs_read+0x1a5/0x770 [ 60.614768][ T4728] ? __rcu_read_unlock+0x4f/0x70 [ 60.614827][ T4728] ? __fget_files+0x184/0x1c0 [ 60.614886][ T4728] ksys_read+0xda/0x1a0 [ 60.614916][ T4728] __x64_sys_read+0x40/0x50 [ 60.614946][ T4728] x64_sys_call+0x27bc/0x2ff0 [ 60.614973][ T4728] do_syscall_64+0xd2/0x200 [ 60.615063][ T4728] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 60.615096][ T4728] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 60.615133][ T4728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.615185][ T4728] RIP: 0033:0x7f1ce294d8dc [ 60.615204][ T4728] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 60.615222][ T4728] RSP: 002b:00007f1ce13b7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 60.615244][ T4728] RAX: ffffffffffffffda RBX: 00007f1ce2ba5fa0 RCX: 00007f1ce294d8dc [ 60.615274][ T4728] RDX: 000000000000000f RSI: 00007f1ce13b70a0 RDI: 0000000000000004 [ 60.615289][ T4728] RBP: 00007f1ce13b7090 R08: 0000000000000000 R09: 0000000000000000 [ 60.615305][ T4728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.615388][ T4728] R13: 00007f1ce2ba6038 R14: 00007f1ce2ba5fa0 R15: 00007ffeb4e22e18 [ 60.615414][ T4728] [ 60.960640][ T4737] netlink: 8 bytes leftover after parsing attributes in process `syz.0.468'. [ 61.002702][ T4739] program syz.0.469 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 61.012216][ T4739] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 61.039554][ T4731] tmpfs: Bad value for 'mpol' [ 61.274716][ T4745] team0: Port device team_slave_0 removed [ 61.326161][ T4749] loop3: detected capacity change from 0 to 736 [ 61.342436][ T4751] netlink: 20 bytes leftover after parsing attributes in process `syz.0.474'. [ 61.353234][ T4749] mmap: syz.3.473 (4749) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 61.388754][ T4753] netlink: 'syz.0.475': attribute type 1 has an invalid length. [ 61.403243][ T4753] 8021q: adding VLAN 0 to HW filter on device bond1 [ 61.423013][ T4753] 8021q: adding VLAN 0 to HW filter on device bond1 [ 61.430807][ T4753] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 61.442316][ T4753] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 61.472804][ T4758] macvlan2: entered promiscuous mode [ 61.478912][ T4758] bond1: entered promiscuous mode [ 61.484294][ T4758] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 61.492751][ T4758] bond1: left promiscuous mode [ 61.532783][ T4765] netlink: 8 bytes leftover after parsing attributes in process `syz.3.480'. [ 61.597420][ T4753] sg_write: data in/out 134810845/1782 bytes for SCSI command 0x0-- guessing data in; [ 61.597420][ T4753] program syz.0.475 not setting count and/or reply_len properly [ 61.629736][ T4772] FAULT_INJECTION: forcing a failure. [ 61.629736][ T4772] name failslab, interval 1, probability 0, space 0, times 0 [ 61.642469][ T4772] CPU: 0 UID: 0 PID: 4772 Comm: syz.3.482 Not tainted syzkaller #0 PREEMPT(voluntary) [ 61.642548][ T4772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 61.642564][ T4772] Call Trace: [ 61.642572][ T4772] [ 61.642623][ T4772] __dump_stack+0x1d/0x30 [ 61.642647][ T4772] dump_stack_lvl+0xe8/0x140 [ 61.642669][ T4772] dump_stack+0x15/0x1b [ 61.642688][ T4772] should_fail_ex+0x265/0x280 [ 61.642758][ T4772] should_failslab+0x8c/0xb0 [ 61.642815][ T4772] kmem_cache_alloc_noprof+0x50/0x310 [ 61.642846][ T4772] ? skb_clone+0x151/0x1f0 [ 61.642873][ T4772] skb_clone+0x151/0x1f0 [ 61.642904][ T4772] __netlink_deliver_tap+0x2c9/0x500 [ 61.642977][ T4772] netlink_unicast+0x66b/0x690 [ 61.643002][ T4772] netlink_sendmsg+0x58b/0x6b0 [ 61.643028][ T4772] ? __pfx_netlink_sendmsg+0x10/0x10 [ 61.643116][ T4772] __sock_sendmsg+0x145/0x180 [ 61.643191][ T4772] ____sys_sendmsg+0x31e/0x4e0 [ 61.643227][ T4772] ___sys_sendmsg+0x17b/0x1d0 [ 61.643317][ T4772] __x64_sys_sendmsg+0xd4/0x160 [ 61.643355][ T4772] x64_sys_call+0x191e/0x2ff0 [ 61.643383][ T4772] do_syscall_64+0xd2/0x200 [ 61.643450][ T4772] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 61.643534][ T4772] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 61.643581][ T4772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.643610][ T4772] RIP: 0033:0x7f201b0ceec9 [ 61.643629][ T4772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.643653][ T4772] RSP: 002b:00007f2019b0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 61.643678][ T4772] RAX: ffffffffffffffda RBX: 00007f201b326090 RCX: 00007f201b0ceec9 [ 61.643694][ T4772] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000007 [ 61.643711][ T4772] RBP: 00007f2019b0e090 R08: 0000000000000000 R09: 0000000000000000 [ 61.643774][ T4772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 61.643790][ T4772] R13: 00007f201b326128 R14: 00007f201b326090 R15: 00007ffffe23ccd8 [ 61.643814][ T4772] [ 61.877739][ T4775] team0: Port device team_slave_0 removed [ 61.906043][ T4782] : renamed from vlan1 (while UP) [ 61.914814][ T4783] netlink: 20 bytes leftover after parsing attributes in process `syz.0.486'. [ 61.963857][ T4186] hid-generic 0000:0003:0000.000A: item fetching failed at offset 0/2 [ 61.972494][ T4186] hid-generic 0000:0003:0000.000A: probe with driver hid-generic failed with error -22 [ 62.075983][ T4798] loop3: detected capacity change from 0 to 1024 [ 62.083889][ T4798] EXT4-fs: Ignoring removed orlov option [ 62.116007][ T4805] netlink: 16 bytes leftover after parsing attributes in process `syz.4.495'. [ 62.342468][ T4815] program syz.4.499 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 62.352843][ T4815] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 62.363746][ T4815] FAULT_INJECTION: forcing a failure. [ 62.363746][ T4815] name failslab, interval 1, probability 0, space 0, times 0 [ 62.376453][ T4815] CPU: 0 UID: 0 PID: 4815 Comm: syz.4.499 Not tainted syzkaller #0 PREEMPT(voluntary) [ 62.376486][ T4815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 62.376531][ T4815] Call Trace: [ 62.376540][ T4815] [ 62.376549][ T4815] __dump_stack+0x1d/0x30 [ 62.376571][ T4815] dump_stack_lvl+0xe8/0x140 [ 62.376590][ T4815] dump_stack+0x15/0x1b [ 62.376667][ T4815] should_fail_ex+0x265/0x280 [ 62.376698][ T4815] ? audit_log_d_path+0x8d/0x150 [ 62.376739][ T4815] should_failslab+0x8c/0xb0 [ 62.376769][ T4815] __kmalloc_cache_noprof+0x4c/0x320 [ 62.376885][ T4815] audit_log_d_path+0x8d/0x150 [ 62.376990][ T4815] audit_log_d_path_exe+0x42/0x70 [ 62.377032][ T4815] audit_log_task+0x1e9/0x250 [ 62.377069][ T4815] audit_seccomp+0x61/0x100 [ 62.377149][ T4815] ? __seccomp_filter+0x68c/0x10d0 [ 62.377255][ T4815] __seccomp_filter+0x69d/0x10d0 [ 62.377282][ T4815] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 62.377382][ T4815] ? vfs_write+0x7e8/0x960 [ 62.377411][ T4815] ? __rcu_read_unlock+0x4f/0x70 [ 62.377440][ T4815] ? __fget_files+0x184/0x1c0 [ 62.377563][ T4815] __secure_computing+0x82/0x150 [ 62.377592][ T4815] syscall_trace_enter+0xcf/0x1e0 [ 62.377683][ T4815] do_syscall_64+0xac/0x200 [ 62.377720][ T4815] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 62.377819][ T4815] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 62.377848][ T4815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.377960][ T4815] RIP: 0033:0x7f2836dbeec9 [ 62.377976][ T4815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.378000][ T4815] RSP: 002b:00007f2835827038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2 [ 62.378046][ T4815] RAX: ffffffffffffffda RBX: 00007f2837015fa0 RCX: 00007f2836dbeec9 [ 62.378156][ T4815] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 62.378169][ T4815] RBP: 00007f2835827090 R08: 0000000000000000 R09: 0000000000000000 [ 62.378184][ T4815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 62.378200][ T4815] R13: 00007f2837016038 R14: 00007f2837015fa0 R15: 00007ffc1c66f258 [ 62.378226][ T4815] [ 62.636827][ T4818] netlink: 20 bytes leftover after parsing attributes in process `syz.2.500'. [ 62.672247][ T4819] team0: Port device team_slave_0 removed [ 62.788789][ T4827] netlink: 16 bytes leftover after parsing attributes in process `syz.1.503'. [ 62.797767][ T4827] netlink: 16 bytes leftover after parsing attributes in process `syz.1.503'. [ 62.806173][ T4829] netlink: 64 bytes leftover after parsing attributes in process `syz.2.504'. [ 62.873066][ T4837] loop2: detected capacity change from 0 to 1024 [ 62.879891][ T4837] EXT4-fs: Ignoring removed orlov option [ 63.041645][ T4863] loop9: detected capacity change from 0 to 7 [ 63.048212][ T4863] Buffer I/O error on dev loop9, logical block 0, async page read [ 63.056443][ T4863] Buffer I/O error on dev loop9, logical block 0, async page read [ 63.058358][ T4864] capability: warning: `syz.4.518' uses deprecated v2 capabilities in a way that may be insecure [ 63.064485][ T4863] loop9: unable to read partition table [ 63.080821][ T4863] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 63.080821][ T4863] ) failed (rc=-5) [ 63.092664][ T4864] dvmrp8: entered allmulticast mode [ 63.110509][ T4861] dvmrp8: left allmulticast mode [ 63.189927][ T4871] loop4: detected capacity change from 0 to 1024 [ 63.197794][ T4871] EXT4-fs (loop4): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 63.249646][ T4871] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: inode #11: comm syz.4.521: missing EA_INODE flag [ 63.263302][ T4871] EXT4-fs (loop4): Remounting filesystem read-only [ 63.302982][ T4889] FAULT_INJECTION: forcing a failure. [ 63.302982][ T4889] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 63.316123][ T4889] CPU: 1 UID: 0 PID: 4889 Comm: syz.1.528 Not tainted syzkaller #0 PREEMPT(voluntary) [ 63.316155][ T4889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 63.316168][ T4889] Call Trace: [ 63.316175][ T4889] [ 63.316182][ T4889] __dump_stack+0x1d/0x30 [ 63.316205][ T4889] dump_stack_lvl+0xe8/0x140 [ 63.316226][ T4889] dump_stack+0x15/0x1b [ 63.316243][ T4889] should_fail_ex+0x265/0x280 [ 63.316354][ T4889] should_fail+0xb/0x20 [ 63.316376][ T4889] should_fail_usercopy+0x1a/0x20 [ 63.316403][ T4889] _copy_from_iter+0xd2/0xe80 [ 63.316434][ T4889] ? __build_skb_around+0x1a0/0x200 [ 63.316456][ T4889] ? __alloc_skb+0x223/0x320 [ 63.316504][ T4889] netlink_sendmsg+0x471/0x6b0 [ 63.316534][ T4889] ? __pfx_netlink_sendmsg+0x10/0x10 [ 63.316560][ T4889] __sock_sendmsg+0x145/0x180 [ 63.316616][ T4889] ____sys_sendmsg+0x31e/0x4e0 [ 63.316646][ T4889] ___sys_sendmsg+0x17b/0x1d0 [ 63.316741][ T4889] __x64_sys_sendmsg+0xd4/0x160 [ 63.316807][ T4889] x64_sys_call+0x191e/0x2ff0 [ 63.316830][ T4889] do_syscall_64+0xd2/0x200 [ 63.316862][ T4889] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 63.316888][ T4889] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 63.316982][ T4889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.317005][ T4889] RIP: 0033:0x7f6530a2eec9 [ 63.317021][ T4889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.317040][ T4889] RSP: 002b:00007f652f497038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.317122][ T4889] RAX: ffffffffffffffda RBX: 00007f6530c85fa0 RCX: 00007f6530a2eec9 [ 63.317135][ T4889] RDX: 0000000000000040 RSI: 00002000000001c0 RDI: 0000000000000004 [ 63.317192][ T4889] RBP: 00007f652f497090 R08: 0000000000000000 R09: 0000000000000000 [ 63.317205][ T4889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 63.317217][ T4889] R13: 00007f6530c86038 R14: 00007f6530c85fa0 R15: 00007ffc35cc77d8 [ 63.317238][ T4889] [ 63.596555][ T4902] FAULT_INJECTION: forcing a failure. [ 63.596555][ T4902] name failslab, interval 1, probability 0, space 0, times 0 [ 63.609344][ T4902] CPU: 1 UID: 0 PID: 4902 Comm: syz.4.533 Not tainted syzkaller #0 PREEMPT(voluntary) [ 63.609478][ T4902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 63.609491][ T4902] Call Trace: [ 63.609497][ T4902] [ 63.609503][ T4902] __dump_stack+0x1d/0x30 [ 63.609527][ T4902] dump_stack_lvl+0xe8/0x140 [ 63.609551][ T4902] dump_stack+0x15/0x1b [ 63.609573][ T4902] should_fail_ex+0x265/0x280 [ 63.609702][ T4902] should_failslab+0x8c/0xb0 [ 63.609729][ T4902] kmem_cache_alloc_noprof+0x50/0x310 [ 63.609831][ T4902] ? audit_log_start+0x365/0x6c0 [ 63.609872][ T4902] audit_log_start+0x365/0x6c0 [ 63.609929][ T4902] audit_seccomp+0x48/0x100 [ 63.609963][ T4902] ? __seccomp_filter+0x68c/0x10d0 [ 63.609991][ T4902] __seccomp_filter+0x69d/0x10d0 [ 63.610096][ T4902] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 63.610124][ T4902] ? vfs_write+0x7e8/0x960 [ 63.610154][ T4902] __secure_computing+0x82/0x150 [ 63.610290][ T4902] syscall_trace_enter+0xcf/0x1e0 [ 63.610320][ T4902] do_syscall_64+0xac/0x200 [ 63.610360][ T4902] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 63.610391][ T4902] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 63.610543][ T4902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.610564][ T4902] RIP: 0033:0x7f2836dbeec9 [ 63.610582][ T4902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.610605][ T4902] RSP: 002b:00007f2835827038 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 63.610624][ T4902] RAX: ffffffffffffffda RBX: 00007f2837015fa0 RCX: 00007f2836dbeec9 [ 63.610637][ T4902] RDX: 0000200000000080 RSI: 0000000000001efe RDI: 0000000000000000 [ 63.610653][ T4902] RBP: 00007f2835827090 R08: 0000200000000040 R09: 0000000000000000 [ 63.610726][ T4902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 63.610738][ T4902] R13: 00007f2837016038 R14: 00007f2837015fa0 R15: 00007ffc1c66f258 [ 63.610756][ T4902] [ 63.829551][ T4900] bridge_slave_0: left allmulticast mode [ 63.835292][ T4900] bridge_slave_0: left promiscuous mode [ 63.841060][ T4900] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.865380][ T4900] bridge_slave_1: left allmulticast mode [ 63.871148][ T4900] bridge_slave_1: left promiscuous mode [ 63.876862][ T4900] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.893274][ T4900] bond0: (slave bond_slave_0): Releasing backup interface [ 63.913009][ T4900] bond0: (slave bond_slave_1): Releasing backup interface [ 63.934350][ T4900] team0: Port device team_slave_1 removed [ 63.954848][ T4904] : renamed from wg2 (while UP) [ 63.973385][ T4896] : renamed from wg2 (while UP) [ 64.078000][ T4929] loop2: detected capacity change from 0 to 2048 [ 64.091834][ T4931] loop3: detected capacity change from 0 to 1024 [ 64.099932][ T4931] EXT4-fs: Ignoring removed orlov option [ 64.211907][ T4955] loop9: detected capacity change from 0 to 7 [ 64.234377][ T4955] Buffer I/O error on dev loop9, logical block 0, async page read [ 64.243099][ T4955] Buffer I/O error on dev loop9, logical block 0, async page read [ 64.251190][ T4955] loop9: unable to read partition table [ 64.257684][ T4955] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 64.257684][ T4955] ) failed (rc=-5) [ 64.289560][ T29] kauditd_printk_skb: 493 callbacks suppressed [ 64.289577][ T29] audit: type=1326 audit(1759099636.976:4153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4960 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6530a2eec9 code=0x7ffc0000 [ 64.321459][ T29] audit: type=1326 audit(1759099637.006:4154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4960 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6530a2eec9 code=0x7ffc0000 [ 64.345045][ T29] audit: type=1326 audit(1759099637.006:4155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4960 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6530a2eec9 code=0x7ffc0000 [ 64.368563][ T29] audit: type=1326 audit(1759099637.006:4156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4960 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6530a2eec9 code=0x7ffc0000 [ 64.386237][ T4962] geneve3: entered promiscuous mode [ 64.392246][ T29] audit: type=1326 audit(1759099637.006:4157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4960 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6530a2eec9 code=0x7ffc0000 [ 64.420471][ T29] audit: type=1326 audit(1759099637.006:4158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4960 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6530a2eec9 code=0x7ffc0000 [ 64.443954][ T29] audit: type=1326 audit(1759099637.006:4159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4960 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f6530a2eec9 code=0x7ffc0000 [ 64.467425][ T29] audit: type=1326 audit(1759099637.006:4160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4960 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6530a2eec9 code=0x7ffc0000 [ 64.490905][ T29] audit: type=1326 audit(1759099637.006:4161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4960 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f6530a2eec9 code=0x7ffc0000 [ 64.532162][ T29] audit: type=1326 audit(1759099637.116:4162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4954 comm="syz.4.553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2836dbeec9 code=0x7ffc0000 [ 64.598182][ T4972] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 64.621835][ T4976] FAULT_INJECTION: forcing a failure. [ 64.621835][ T4976] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 64.635140][ T4976] CPU: 0 UID: 0 PID: 4976 Comm: syz.4.561 Not tainted syzkaller #0 PREEMPT(voluntary) [ 64.635258][ T4976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 64.635275][ T4976] Call Trace: [ 64.635283][ T4976] [ 64.635294][ T4976] __dump_stack+0x1d/0x30 [ 64.635324][ T4976] dump_stack_lvl+0xe8/0x140 [ 64.635352][ T4976] dump_stack+0x15/0x1b [ 64.635376][ T4976] should_fail_ex+0x265/0x280 [ 64.635471][ T4976] should_fail+0xb/0x20 [ 64.635500][ T4976] should_fail_usercopy+0x1a/0x20 [ 64.635546][ T4976] strncpy_from_user+0x25/0x230 [ 64.635664][ T4976] ? __kmalloc_cache_noprof+0x189/0x320 [ 64.635709][ T4976] __se_sys_memfd_create+0x1ff/0x590 [ 64.635780][ T4976] __x64_sys_memfd_create+0x31/0x40 [ 64.635809][ T4976] x64_sys_call+0x2abe/0x2ff0 [ 64.635838][ T4976] do_syscall_64+0xd2/0x200 [ 64.635898][ T4976] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 64.635981][ T4976] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 64.636105][ T4976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.636134][ T4976] RIP: 0033:0x7f2836dbeec9 [ 64.636154][ T4976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.636227][ T4976] RSP: 002b:00007f2835826e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 64.636253][ T4976] RAX: ffffffffffffffda RBX: 0000000000000512 RCX: 00007f2836dbeec9 [ 64.636270][ T4976] RDX: 00007f2835826ef0 RSI: 0000000000000000 RDI: 00007f2836e42960 [ 64.636288][ T4976] RBP: 0000200000000380 R08: 00007f2835826bb7 R09: 00007f2835826e40 [ 64.636305][ T4976] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000080 [ 64.636321][ T4976] R13: 00007f2835826ef0 R14: 00007f2835826eb0 R15: 0000200000000340 [ 64.636347][ T4976] [ 64.841886][ T4972] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 64.877495][ T4984] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 64.887654][ T4977] netlink: 'syz.3.559': attribute type 2 has an invalid length. [ 64.953740][ T4988] loop4: detected capacity change from 0 to 1024 [ 64.960647][ T4988] EXT4-fs: Ignoring removed orlov option [ 65.110896][ T5009] loop3: detected capacity change from 0 to 1024 [ 65.117685][ T5009] EXT4-fs: Ignoring removed orlov option [ 65.227079][ T5019] loop2: detected capacity change from 0 to 1024 [ 65.274579][ T5019] EXT4-fs: Ignoring removed orlov option [ 65.315391][ T5026] FAULT_INJECTION: forcing a failure. [ 65.315391][ T5026] name failslab, interval 1, probability 0, space 0, times 0 [ 65.328251][ T5026] CPU: 0 UID: 0 PID: 5026 Comm: syz.0.579 Not tainted syzkaller #0 PREEMPT(voluntary) [ 65.328284][ T5026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 65.328300][ T5026] Call Trace: [ 65.328308][ T5026] [ 65.328317][ T5026] __dump_stack+0x1d/0x30 [ 65.328343][ T5026] dump_stack_lvl+0xe8/0x140 [ 65.328395][ T5026] dump_stack+0x15/0x1b [ 65.328417][ T5026] should_fail_ex+0x265/0x280 [ 65.328449][ T5026] should_failslab+0x8c/0xb0 [ 65.328481][ T5026] kmem_cache_alloc_noprof+0x50/0x310 [ 65.328569][ T5026] ? getname_flags+0x80/0x3b0 [ 65.328615][ T5026] getname_flags+0x80/0x3b0 [ 65.328659][ T5026] user_path_at+0x28/0x130 [ 65.328764][ T5026] __se_sys_mount+0x25b/0x2e0 [ 65.328796][ T5026] ? fput+0x8f/0xc0 [ 65.328906][ T5026] __x64_sys_mount+0x67/0x80 [ 65.328945][ T5026] x64_sys_call+0x2b4d/0x2ff0 [ 65.328967][ T5026] do_syscall_64+0xd2/0x200 [ 65.329026][ T5026] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 65.329059][ T5026] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 65.329096][ T5026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.329125][ T5026] RIP: 0033:0x7ff6a6f7eec9 [ 65.329220][ T5026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.329244][ T5026] RSP: 002b:00007ff6a59e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 65.329267][ T5026] RAX: ffffffffffffffda RBX: 00007ff6a71d5fa0 RCX: 00007ff6a6f7eec9 [ 65.329281][ T5026] RDX: 00002000000002c0 RSI: 0000200000000080 RDI: 0000000000000000 [ 65.329294][ T5026] RBP: 00007ff6a59e7090 R08: 0000200000000240 R09: 0000000000000000 [ 65.329340][ T5026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 65.329356][ T5026] R13: 00007ff6a71d6038 R14: 00007ff6a71d5fa0 R15: 00007ffdddfc4f98 [ 65.329380][ T5026] [ 65.577832][ T5038] __nla_validate_parse: 23 callbacks suppressed [ 65.577850][ T5038] netlink: 44 bytes leftover after parsing attributes in process `syz.0.584'. [ 65.593129][ T5038] netlink: 44 bytes leftover after parsing attributes in process `syz.0.584'. [ 65.683148][ T5048] netlink: 8 bytes leftover after parsing attributes in process `syz.3.589'. [ 65.809223][ T5065] syz.0.595 uses obsolete (PF_INET,SOCK_PACKET) [ 65.818933][ T5068] netlink: 44 bytes leftover after parsing attributes in process `syz.3.597'. [ 65.827908][ T5068] netlink: 44 bytes leftover after parsing attributes in process `syz.3.597'. [ 65.855495][ T5071] netlink: 4 bytes leftover after parsing attributes in process `syz.2.598'. [ 65.864393][ T5071] netlink: 4 bytes leftover after parsing attributes in process `syz.2.598'. [ 65.875384][ T5071] netlink: 4 bytes leftover after parsing attributes in process `syz.2.598'. [ 65.970845][ T5075] loop3: detected capacity change from 0 to 1024 [ 65.977535][ T5071] netlink: 4 bytes leftover after parsing attributes in process `syz.2.598'. [ 65.986442][ T5071] netlink: 4 bytes leftover after parsing attributes in process `syz.2.598'. [ 66.026803][ T5075] EXT4-fs: Ignoring removed orlov option [ 66.535918][ T5111] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 66.568988][ T5116] FAULT_INJECTION: forcing a failure. [ 66.568988][ T5116] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 66.582201][ T5116] CPU: 1 UID: 0 PID: 5116 Comm: syz.4.615 Not tainted syzkaller #0 PREEMPT(voluntary) [ 66.582306][ T5116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 66.582322][ T5116] Call Trace: [ 66.582330][ T5116] [ 66.582339][ T5116] __dump_stack+0x1d/0x30 [ 66.582368][ T5116] dump_stack_lvl+0xe8/0x140 [ 66.582388][ T5116] dump_stack+0x15/0x1b [ 66.582409][ T5116] should_fail_ex+0x265/0x280 [ 66.582492][ T5116] should_fail+0xb/0x20 [ 66.582519][ T5116] should_fail_usercopy+0x1a/0x20 [ 66.582563][ T5116] _copy_to_user+0x20/0xa0 [ 66.582598][ T5116] simple_read_from_buffer+0xb5/0x130 [ 66.582623][ T5116] proc_fail_nth_read+0x10e/0x150 [ 66.582700][ T5116] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 66.582729][ T5116] vfs_read+0x1a5/0x770 [ 66.582751][ T5116] ? __rcu_read_unlock+0x4f/0x70 [ 66.582775][ T5116] ? __fget_files+0x184/0x1c0 [ 66.582865][ T5116] ksys_read+0xda/0x1a0 [ 66.582890][ T5116] __x64_sys_read+0x40/0x50 [ 66.582913][ T5116] x64_sys_call+0x27bc/0x2ff0 [ 66.583011][ T5116] do_syscall_64+0xd2/0x200 [ 66.583044][ T5116] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 66.583070][ T5116] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 66.583124][ T5116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.583170][ T5116] RIP: 0033:0x7f2836dbd8dc [ 66.583187][ T5116] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 66.583206][ T5116] RSP: 002b:00007f2835827030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 66.583234][ T5116] RAX: ffffffffffffffda RBX: 00007f2837015fa0 RCX: 00007f2836dbd8dc [ 66.583247][ T5116] RDX: 000000000000000f RSI: 00007f28358270a0 RDI: 0000000000000004 [ 66.583261][ T5116] RBP: 00007f2835827090 R08: 0000000000000000 R09: 0000000000000000 [ 66.583274][ T5116] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 66.583287][ T5116] R13: 00007f2837016038 R14: 00007f2837015fa0 R15: 00007ffc1c66f258 [ 66.583367][ T5116] [ 66.834967][ T5127] loop4: detected capacity change from 0 to 1024 [ 66.843127][ T5127] EXT4-fs: Ignoring removed orlov option [ 67.010381][ T5138] ================================================================== [ 67.018547][ T5138] BUG: KCSAN: data-race in vfs_fsync_range / writeback_single_inode [ 67.026573][ T5138] [ 67.028923][ T5138] write to 0xffff8881191168b8 of 4 bytes by task 5127 on cpu 1: [ 67.036600][ T5138] writeback_single_inode+0x14a/0x3e0 [ 67.042004][ T5138] sync_inode_metadata+0x5b/0x90 [ 67.046977][ T5138] generic_buffers_fsync_noflush+0xd9/0x120 [ 67.052911][ T5138] ext4_sync_file+0x1ab/0x690 [ 67.057609][ T5138] vfs_fsync_range+0x10a/0x130 [ 67.062395][ T5138] ext4_buffered_write_iter+0x34f/0x3c0 [ 67.067977][ T5138] ext4_file_write_iter+0x383/0xf00 [ 67.073285][ T5138] iter_file_splice_write+0x666/0xa60 [ 67.078673][ T5138] direct_splice_actor+0x156/0x2a0 [ 67.083793][ T5138] splice_direct_to_actor+0x312/0x680 [ 67.089213][ T5138] do_splice_direct+0xda/0x150 [ 67.094044][ T5138] do_sendfile+0x380/0x650 [ 67.098494][ T5138] __x64_sys_sendfile64+0x105/0x150 [ 67.103723][ T5138] x64_sys_call+0x2bb0/0x2ff0 [ 67.108420][ T5138] do_syscall_64+0xd2/0x200 [ 67.112952][ T5138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.118861][ T5138] [ 67.121193][ T5138] read to 0xffff8881191168b8 of 4 bytes by task 5138 on cpu 0: [ 67.128827][ T5138] vfs_fsync_range+0x9b/0x130 [ 67.133716][ T5138] ext4_buffered_write_iter+0x34f/0x3c0 [ 67.139287][ T5138] ext4_file_write_iter+0x383/0xf00 [ 67.144513][ T5138] iter_file_splice_write+0x666/0xa60 [ 67.149901][ T5138] direct_splice_actor+0x156/0x2a0 [ 67.155028][ T5138] splice_direct_to_actor+0x312/0x680 [ 67.160442][ T5138] do_splice_direct+0xda/0x150 [ 67.165457][ T5138] do_sendfile+0x380/0x650 [ 67.169895][ T5138] __x64_sys_sendfile64+0x105/0x150 [ 67.175118][ T5138] x64_sys_call+0x2bb0/0x2ff0 [ 67.179811][ T5138] do_syscall_64+0xd2/0x200 [ 67.184514][ T5138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.190515][ T5138] [ 67.192840][ T5138] value changed: 0x00000038 -> 0x00000002 [ 67.198559][ T5138] [ 67.200892][ T5138] Reported by Kernel Concurrency Sanitizer on: [ 67.207043][ T5138] CPU: 0 UID: 0 PID: 5138 Comm: syz.4.619 Not tainted syzkaller #0 PREEMPT(voluntary) [ 67.216771][ T5138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 67.226837][ T5138] ==================================================================