last executing test programs: 3.592101823s ago: executing program 4 (id=611): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000000c300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000010900020073797a310000000008000440040002000900010073797a30000000000800034000000004"], 0x64}}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vxcan1\x00'}) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f00000001c0)={@dev, @broadcast}, &(0x7f0000000200)=0xc) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r3, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000012c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010025bd7000fcdbdf25010000007f0000000c41000000140014"], 0x30}, 0x1, 0x0, 0x0, 0x440a1}, 0x8000) 3.503184119s ago: executing program 4 (id=613): r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x3, 0x101142) ioctl$FS_IOC_RESVSP(r0, 0x40044591, 0x0) read(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 3.108240485s ago: executing program 4 (id=625): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c) listen(r0, 0x204) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f00000001c0)=[{&(0x7f00000006c0)="580000001500add427323b470c45b4560a067fffffff81004e22030d00ff0028925aa8002000ea8a211cb5a2ea0a5c85c1b758378e33b0a57b00090080020effffffe809020000ff", 0x48}], 0x1) 3.065945928s ago: executing program 4 (id=627): add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) socket$inet_tcp(0x2, 0x1, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x7}, 0x18) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0xc000, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800"/32], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r4 = socket$unix(0x1, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000040)=0x45f1, 0x4) getsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, 0x0, &(0x7f00000000c0)=0x2e) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000140), &(0x7f0000000040)='%pI4 \x00'}, 0x2a) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000180)='reclaim_retry_zone\x00', r5}, 0x3b) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="34000000000803000000000000000000000000000900010073797e30000000000600024088a800000500030001000000040004"], 0x34}}, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f00000004c0)={[{@dioread_lock}, {@noblock_validity}, {@abort}, {@dioread_lock}, {@stripe={'stripe', 0x3d, 0x1f5}}, {@grpjquota, 0x2e}, {@barrier}, {@nolazytime}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4aa, &(0x7f0000000740)="$eJzs3MtvG0UYAPBvN4++m7SURx9QQ0FEFJImLdADh4JA6gUJCQ7lGNJQlaYtaoJEq4oGhMoR8RcARyQkTlw4gYQQcAJxhTtCqlAvLRxQ0Nq7ybqxU8d5GOrfT7IzszvrmW93xx7vZB1A16pkT0nE1oj4NSIGatn6ApXan5vXL0/8df3yRBJzcy//mVTL3bh+eaIoWmy3Jc8MpRHp+0nsbVDv9MVLZ8anpiYv5PmRmbNvjkxfvPTE6bPjpyZPTZ4bO3r0yOHRp58ae3JV4sziurHnnfP7dh9/9aMXJ+bitR8+z9q7NV9fjqNmcMV1VqISc7mFpf3V50dW/Or/LdtK6aS3gw1hWXoiIjtcfdX+PxA9sXDwBuKF9+Yz33aogcCayT6bdixa2pP/Tec/v4A7UaKPQ5cqPvGz77/FYz3HH5127dnsebIa/838UVvTG2n2XXaw9o29p8n2x1ZY/9aIODH798fZIxpehwAAWF1fZ+OfxxuN/9K4p1Ruez6HMhgRByNiZ0TcFRG7IuLuiGrZeyPivmXWX7klv3j88/OmtgJrUTb+eyaf26of/6V5iWQ+t60af1/y+umpyUP5PhmKvg1ZfnSJOr55/pcPm62rlMZ/2SOrvxgL5u34o3dD/TYnx2fGVxBynWvvRuzpbRR/Mj8TkO2B3RGxp43Xz/bZ6cc+25elt29ZvP728S9hFeaZ5j6NeLR2/GfjlvgLSa2mZvOTIxtjavLQSHFWLPbjT1dfKuf7Sum6+De2FtPGdoNtIDv+mxue/3n8RTco5munl1/H1d8+aPqdZvHxT+LEbLlE7fxPS0uy878/eaWa7s+XvT0+M3NhNKI/X1C3fGxh2yJflM/iHzrQuP/vjPjnk3y7vRGRncT3R8QDEbE/b/uDEfFQRBxYIv7vn3v4jaX3UJvn/yrI4j+51PGPGEzK8/VtJHrOfPdVs/pbe/87Uk0N5Utaef9rtYEr2XcAAADwf5FW56CTdLhIly5O7YrN6dT56ZmDlXjr3MnaXPVg9KXFla6B0vXQ0fzacJEfuyV/OCJ2VP/TaFM1PzxxfmpbJwMHqvfq1PX/SNPh4dq635v90wtw51jWPFr57sAvvlz9xgDryv2a0L30f+he+j90L/0fulej/n8l4mYHmgKsM5//0L30f+he+j90L/0futLiW+KLn1tp507/hcTO4yvafM0TcwNr8sqzy9+qZ40ijfKPdjRNJBHRXhWRLl2mv4XaO5ZIb1vmWJu7ZRmJ/XliQ0S0utWVddurnX1fAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWC3/BgAA//+NJdz0") syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x48a, &(0x7f0000000000)={[{@jqfmt_vfsold}, {@grpjquota, 0x22}, {@errors_continue}, {@sb={'sb', 0x3d, 0x8}}, {@grpjquota}, {@usrjquota, 0x22}, {@errors_continue}, {@journal_checksum}, {@barrier}]}, 0x1, 0x455, &(0x7f0000000d80)="$eJzs3MtvG1UXAPAzdpy+v+Qr5dHSQqAgKh5Jkz7ogk0RSCxAQoJFEauQplWo26AkSLSKIGURlqgSe8QSib+ADWWDgBUSW9gjpICyobAyGnsmdRPbeTlxqX8/aZJ7fce693jm2sd3bAfQtQbSP0nE3oj4JSL6atU7dxio/bu1ODv29+LsWBKVyht/JtX9/lqcHct3ze+3p1apVFr0O/92xGi5PD6V1YdmLr83NH312nMTl0cvjl8cvzJy5szJE0d6T4+cakuc+9KxHvpw8vDBV9668drYuRvv/PBVOt69WXt9HO0yUHt0G3qy3Z112L66ctLTwYGwLsWISA9XqTr/+6IYu5ba+uLljzs6OGBLVSqFyo7mzXMV4B6WJupAN8pf6NP3v/m2TanHXWHhbCytY9zKtlpLTxSyfUrZe6StMBAR5+b++TzdYovWIQAA6t08GxHPNsr/CvFA3X7/y64N9UfE/yNif0TcFxEHIuL+iOq+D0bEQ2vsN19lXn6FZGX+U+nbcHBrkOZ/L2TXtu7M//LsL/qLWW1fNf5ScmGiPH48e0yORWlHWh9u0ce3L/38abO2+vwv3dL+81wwG8fvPcsW6M6PzoxuJuZ6C9cjDvU0ij9ZynnT/PhgRBzaYB8TT395uFnb6vG30IakvPJFxFO14z8Xy+LPJU2vTw4/f3rk1NDOKI8fH8rPipV+/Gn+9ay3ZHnbpuJvg4Wbldjd8PxfGmp/sjNi+uq1S9XrtdPr72P+10+avqfZ6Pnfm7xZLfdmt30wOjMzNRzRm7y68vaR2/fN6/n+6fl/7Gjj+b8/bj8SD0dEehIfiYhHIuLRbOyPRcTjEXG0Rfzfv/jEu+uPv8WqfBul8f9RWuX4R/3xX3+heOm7r9cffy49/ierpWPZLWt5/ms1rutTmzmbAQAA4L+nUP0MfFIYXCoXCoODtc/wH4jdhfLk9MwzFybfv3K+9ln5/igV8pWuvrr10OFsbTivjyyrn8jWjT8r7qrWB8cmy+c7HTx0uT1N5n/qt2KnRwdsOd/Xgu5l/kP3Mv+he5n/0L3Mf+hejeb/Rx0YB7D9Vnn937Vd4wC2n/wfupf5D93L/Ieu1PRL8oVNfeVfoUOFb3o391sNay9E4S4J+Z4plKJhU0/LH7NoQ2FHw6ZOPzMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0x78BAAD//0k+5Mg=") mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2390024, &(0x7f0000000000)) syz_open_dev$tty1(0xc, 0x4, 0x3) 2.328672777s ago: executing program 2 (id=641): pipe2$watch_queue(&(0x7f0000000040), 0x80) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x97}, 0x18) r1 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x401, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x300) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="140100002800010004000000f8dbdf2503"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x801}, 0x1c) listen(r3, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) accept(r2, 0x0, 0x0) 1.503400881s ago: executing program 2 (id=645): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) rename(&(0x7f0000000080)='./file0/file0\x00', 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000180)={'vxcan0\x00', 0x0}) socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r3, &(0x7f0000000040)={0x1d, r4}, 0x10) socket(0x2000000000000021, 0x2, 0x10000000000002) r5 = syz_io_uring_setup(0x6de4, &(0x7f0000000180)={0x0, 0x117a, 0x100, 0x2, 0x250}, &(0x7f00000000c0), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS2(r5, 0xf, &(0x7f00000024c0)={0x2, 0x0, 0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000240)=""/191, 0xbf}], &(0x7f0000002480)=[0x0]}, 0x20) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r4, {0xffe0}, {0xffff, 0xfff9}, {0x1}}}, 0x24}}, 0x40c0) 1.387512039s ago: executing program 2 (id=650): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) getpgrp(r0) socket$nl_xfrm(0x10, 0x3, 0x6) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000140)={0x0}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 1.344695891s ago: executing program 2 (id=652): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) write$selinux_load(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e7578"], 0x65) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x70, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x40810}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008011}, 0x4004) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000001c0)={0x0, 0xffff}, 0x8) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4e, 0x0, 0x0) close(r0) 961.556996ms ago: executing program 4 (id=655): pipe2$watch_queue(&(0x7f0000000040), 0x80) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x97}, 0x18) r1 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x401, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x300) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="140100002800010004000000f8dbdf2503"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x801}, 0x1c) listen(r3, 0x0) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) accept(r2, 0x0, 0x0) 931.118349ms ago: executing program 1 (id=656): r0 = mq_open(0x0, 0x6e93ebbbcc088cf2, 0x0, &(0x7f0000000300)={0x0, 0x1, 0xec}) mq_timedsend(r0, 0x0, 0xec, 0x9, 0x0) 878.235882ms ago: executing program 1 (id=657): mq_unlink(&(0x7f0000000000)='eth0\x00') newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1000) statx(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x800, 0x40, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) statx(0xffffffffffffffff, &(0x7f0000000080)='./cgroup\x00', 0x800, 0x4, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r4) sendmsg$ETHTOOL_MSG_TSINFO_GET(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002dbd7000fedbdf2531000000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x2004c890}, 0x2000c800) r6 = getgid() setresgid(r0, r1, r6) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x19, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x68, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r7, 0x0, 0xb}, 0x18) modify_ldt$write2(0x11, &(0x7f0000000100)={0x1d30, 0x0, 0x2003, 0x1}, 0x10) syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) 877.102182ms ago: executing program 1 (id=658): creat(&(0x7f00000000c0)='./file0\x00', 0x48) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0xfffffffe}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000002c0)=r1}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000"], 0x50) setsockopt$WPAN_WANTACK(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000c80), 0x4) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000380)=ANY=[], 0x15) socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x1018}, './file0\x00'}) 825.471225ms ago: executing program 1 (id=660): creat(&(0x7f00000000c0)='./file0\x00', 0x48) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0xfffffffe}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000002c0)=r1}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000"], 0x50) setsockopt$WPAN_WANTACK(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000c80), 0x4) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000380)=ANY=[], 0x15) socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x1018}, './file0\x00'}) 755.16391ms ago: executing program 1 (id=661): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000300)=[{0x5, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) getpgrp(0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f00000031c0)={0x1}) syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2082) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x51, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x50, 0x0, 0x0}) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB='\t\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="04583184da029024f2064346b5b345d0bd00000002000000010000000000c99cb43f0000000000000000b9c5a1b83ef3e64bbac153c0e946bb9104eb182120ef22fa0adb671263268b4f47e8b799166da18afd6e984e15bb40e14875a538f8ae68603d20540ea09ea9643b97d18c5805f77ceb213e92db0fb709f48d3a117d44b919e1f2f1ef69fa2deb7a631fa35997b7dad4d4d1b4ae88d741bdd230a9425cde5b149a9cea20459b469459412baa5865a928bb58b8e3b3b6d4cb3622bf0249b70f262d525406f75b22b463fcfe756f9ea237d8fd1c981b32d330d55df547fbb685659676ad45cb634583556211543e4b46870d141e04439d5e52e95154f151c3e32acb24c50f100182fc"], 0x50) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r0, 0xffffffffffffffff, 0x100000000000000) 634.402028ms ago: executing program 3 (id=663): r0 = socket$key(0xf, 0x3, 0x2) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x531, &(0x7f0000000640)="$eJzs3cFvI1cZAPBvnDib7GabFDhApZZCi7IVrJ00tI04lCIhOFVClPsSEieK4sRR7LSbqILsX4CEECBxggsXJP4AJLQSF44IqRKcQSoCIdiCBAfoINvjJDjjxFuceNf5/aTZeW/GM9/3vHnjGc/TOIAr69mIeC0i3k/T9IWImMmWF7IpDttT83XvPXh7pTklkaZv/DWJJFvW2VeSzW9km01GxFe/HPGN5HTc+v7B5nK1WtnN6uXG1k65vn9we2Nreb2yXtleXFx4eemVpZeW5gfSzpsR8eoX//i9b//kS6/+4jNv/eHOn299s5nWdLb+ZDse0vhZK9tNL16b7Npg9wMGexQ121PsVKb62+beBeYDAEBvzXP8D0XEJyPihZiJsbNPZwEAAIDHUPr56fh3EpHmm+ixHAAAAHiMFFpjYJNCKRsLMB2FQqnUHsP7kbheqNbqjU+v1fa2V9tjZWejWFjbqFbms7HCs1FMmvWFVvm4/mJXfTEinoyI785MteqllVp1ddhffgAAAMAVcePE9X+apuk/ZtrX/wAAAMCImR12AgAAAMCFc/0PAAAAo8/1PwAAAIy0r7z+enNKO79/vfrm/t5m7c3bq5X6Zmlrb6W0UtvdKa3XauutZ/Ztnbe/aq2289nY3rtbblTqjXJ9/+DOVm1vu3FnIyYvpUEAAADAKU9+/P7vkog4/NxUa2qaGHZSwKUYPyol2Tyn9//+ifb83UtKCrgUY3285t1r+cudJ8Djbbx7QY++Doye4rATAIYuOWd9z8E7v87mnxhsPgAAwODNfSz//v951wMRh4VLSA+4QDoxXF1d9//TmWElAly61v3/fgfyOFmAkVLsawQgMMr+7/v/50rTh0oIAAAYuOnWlBRK2dd701EolEoRN1s/C1BM1jaqlfmIeCIifjtTvNasL7S2TPoYIwAAAAAAAAAAAAAAAAAAAAAAAAAAROup3EmkAAAAwEiLKPwp+WX7Wf5zM89Pd38/MJH8q/WTwBMR8dYP3/j+3eVGY3ehufxvR8sbP8iWvziMbzAAAACAbp3r9Nb8n8POBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBR896Dt1c6Ux8vnxpU3L98ISJm8+KPx2RrPhnFiLj+9yTGT2yXRMTYAOIf3ouIj+bFT5ppHYXMiz+IN+Gc+DGbvQt58W8MID5cZfebx5/X8vpfIZ5tzfP733jE/9Q/qN7Hvzg6/o316P83+4zx1Ds/K/eMfy/iqfH8408nftIj/nN9xv/61w4Oeq1LfxQx1/n8aR3xTkY4LpUbWzvl+v7B7Y2t5fXKemV7cXHh5aVXll5ami+vbVQr2b+5Mb7z9M/fP6v913M//5Ism97tfz5nf3mfSf955+6DD3cqh6fj33ouJ/6vfpy94nT8QhbnU1m5uX6uUz5sl0965qe/eeas9q8et7/4MP//t3rttNupjvJ0v386AMAFqO8fbC5Xq5XdkS00r9IfgTQUHsHCtwa6wzRN02afyll1PyL62U8SA25pIT+f40LPI8Cwj0wAAMCgHZ/0DzsTAAAAAAAAAAAAAAAAAAAAuLou4ylr3TGPH4GcDOIR2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/HfAAAA//9nf9fz") sendmsg$key(r0, 0x0, 0x2) 627.178618ms ago: executing program 1 (id=664): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) getpid() r2 = pidfd_getfd(r1, r1, 0x0) setns(r2, 0x66020000) mount$9p_fd(0x0, &(0x7f0000000980)='.\x00', 0x0, 0x104000, 0x0) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)={0x2, 0x4, 0x0, 0x0, 0xc, 0x0, 0x0, 0x25dfdbfd, [@sadb_address={0x5, 0x6, 0x2832d002fddab76c, 0x20, 0x0, @in6={0xa, 0x4e24, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xfffffff7}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0xfb, 0x3}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @local}}]}, 0x60}, 0x1, 0x7}, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 579.307702ms ago: executing program 0 (id=665): setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 578.818722ms ago: executing program 0 (id=666): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x4c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 578.399322ms ago: executing program 0 (id=667): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c) listen(r0, 0x204) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f00000001c0)=[{&(0x7f00000006c0)="580000001500add427323b470c45b4560a067fffffff81004e22030d00ff0028925aa8002000ea8a211cb5a2ea0a5c85c1b758378e33b0a57b00090080020effffffe809020000ff0004f03a09000000ff", 0x51}], 0x1) 544.835474ms ago: executing program 0 (id=668): r0 = socket$nl_route(0x10, 0x3, 0x0) gettid() bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4, 0x2}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xfffffffffffffffe}}}]}, {0x25}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0) 498.151327ms ago: executing program 0 (id=669): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) r4 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4}, &(0x7f0000000300)=0x0, &(0x7f0000000580)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES16=0x0], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r8}, 0x18) openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) syz_io_uring_submit(r5, r6, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x49, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1}) io_uring_enter(r4, 0x6e2, 0x3900, 0x3, 0x0, 0x0) sendmsg$BATADV_CMD_GET_MESH(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newqdisc={0x3c, 0x24, 0xe0b, 0xfefffffc, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x9}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}]}}]}, 0x3c}}, 0x0) sendto$packet(r1, &(0x7f00000002c0)="44c394f305916c4516999da286dd", 0xe, 0x0, &(0x7f0000000340)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @random="fb76f11b713b"}, 0x14) socket$nl_route(0x10, 0x3, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000f00000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r11}, 0x10) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) 408.420563ms ago: executing program 2 (id=670): socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080)) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x12, 0x8, &(0x7f0000000640)=ANY=[@ANYRES64=r0], &(0x7f0000000100)='GPL\x00'}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1, 0x0, 0x1e2}, 0x18) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000008040900000000000000000000000000000000219739d69f4bb57e2ef5faa0fc000000000000f163069962c5ad98b3b6d06035e8bc0e8b0ff95f3e794b0a050029b4a7bcd5d89d7513633139336b61ce71b99a24facf41ce465c84eae1164780a24afb24b534a0c7980a03b66cda4fd18db25c731d82f95b479e6661b3e7e76505c4007779b5e2e5a30600840cc721bdaa09219a6d72c4882fc4b71ad96272864adf779c11f081da38ee64dec3c0017bdd6ce4df224e2ca9da50a17a7cecbbe34e9c42569834c6733040d0b0cb6699a58eb66e896bd4c67ed0f1c3bc917ac9c31b346c088b369d488588089933b710bec6c3a33628421c512760da7e00000000a397f6a01200"/276], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='+}[@\x00') poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000a42e9e00"/23, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) prctl$PR_SET_NAME(0xf, &(0x7f00000003c0)='},\x00') r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) fcntl$setlease(r2, 0x400, 0xc525ea5b60da1dfd) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r6}, 0x10) r8 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x8401) ioctl$BLKTRACESETUP(r8, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x7ff, 0x5, 0xc, 0xfffffffffffffffd, 0x59c, 0xffffffffffffffff}) sendfile(r7, r3, &(0x7f00000002c0)=0xa77, 0xae3) ioctl$SG_BLKTRACETEARDOWN(r8, 0x1276, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000240)=ANY=[@ANYRESOCT=r6, @ANYRES32=r9, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r10 = mq_open(&(0x7f0000000080)='!selin\xdb\xa1\x02\xbf\xd9l\xd7\xcd\xc0uxse\xee\x0e\xcd\xce6\xbf\xfa;\xb9-a\xb8\xef\x8de\x14\xbc\x9ej\xa1q\xa2\xa5\t\x98\x8a\x8f>\xba', 0x6e93ebbbcc088cf2, 0x0, &(0x7f0000000300)={0x0, 0x1, 0xec}) mq_timedsend(r10, 0x0, 0xec, 0x9, 0x0) 402.961703ms ago: executing program 0 (id=671): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) socket$igmp(0x2, 0x3, 0x2) r1 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x85, &(0x7f0000000880)={r4, @in6={{0x2, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1b}}, 0x1}}, 0x0, 0xeffc}, &(0x7f0000000300)=0x90) add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000180)={'fscrypt:', @auto=[0x39, 0x66, 0x0, 0x0, 0x66, 0x35, 0x38, 0x30, 0x34, 0x61, 0x35, 0x35, 0x33, 0x32, 0x66, 0x32]}, &(0x7f0000000240)={0x0, "0616607f47d839facd07ce87485dbfc2692e826f14df86fe9ed41eee148917c05487e81de41dff39a75ec74a32fdd1b2af7b0a3a8064c9de0b6aa1fd3a3adb1e", 0x20}, 0x48, r1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB='\v\x00'], 0x48) syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1000, 0x8}, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='mm_page_free\x00', r5}, 0x10) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) mount(&(0x7f0000000100), 0x0, &(0x7f00000002c0)='9p\x00', 0x8c, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xc, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x51031, 0xffffffffffffffff, 0x0) r6 = socket$rds(0x15, 0x5, 0x0) bind$rds(r6, &(0x7f0000000040)={0x2, 0x4e22, @loopback}, 0x10) sendmsg$rds(r6, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)}, 0x0) 377.697975ms ago: executing program 3 (id=672): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000000c300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000010900020073797a310000000008000440040002000900010073797a30000000000800034000000004"], 0x64}}, 0x0) r1 = socket(0x10, 0x803, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 264.761563ms ago: executing program 3 (id=673): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64"], 0x3c}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x15c, 0x10, 0x713, 0x0, 0x25dfdbfc, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x4e21, 0x2, 0x0, 0x0, 0x0, 0x5f, 0x0, 0xee00}, {@in6=@private1, 0xfe, 0x32}, @in=@multicast2, {0x0, 0x0, 0x0, 0x9, 0xffffffff00000001, 0x0, 0x80000001, 0x543}, {0x4, 0x7fffffffffffffff, 0x0, 0x1}, {}, 0x70bd2c, 0x3500, 0xa, 0x0, 0x0, 0x50}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "210466d38547aa140db9a200000000c538c7cb7a"}}, @offload={0xc, 0x1c, {r2, 0x3}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2000) 164.366409ms ago: executing program 3 (id=674): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000300)=[{0x5, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f00000031c0)={0x1}) syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2082) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x51, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x50, 0x0, 0x0}) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB='\t\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="04583184da029024f2064346b5b345d0bd00000002000000010000000000c99cb43f0000000000000000b9c5a1b83ef3e64bbac153c0e946bb9104eb182120ef22fa0adb671263268b4f47e8b799166da18afd6e984e15bb40e14875a538f8ae68603d20540ea09ea9643b97d18c5805f77ceb213e92db0fb709f48d3a117d44b919e1f2f1ef69fa2deb7a631fa35997b7dad4d4d1b4ae88d741bdd230a9425cde5b149a9cea20459b469459412baa5865a928bb58b8e3b3b6d4cb3622bf0249b70f262d525406f75b22b463fcfe756f9ea237d8fd1c981b32d330d55df547fbb685659676ad45cb634583556211543e4b46870d141e04439d5e52e95154f151c3e32acb24c50f100182fc"], 0x50) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r0, 0xffffffffffffffff, 0x100000000000000) 135.396511ms ago: executing program 2 (id=675): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @remote}]}, &(0x7f0000000180)=0x10) socket$inet_sctp(0x2, 0x1, 0x84) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x6042, 0x0) pwritev2(r3, &(0x7f0000000080)=[{&(0x7f0000000240)="a0", 0x1}], 0x1, 0x7fff, 0xffffffff, 0x1d) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0x80000001}}, 0x200000, 0x0, 0x1, 0x0, 0x0, 0x5}, &(0x7f00000001c0)=0x9c) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newtaction={0x6c, 0x30, 0x1, 0x0, 0x25dfdbfe, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x0, 0xffffffff, 0x30000001}, 0x4}}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8847}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x15}, 0x80) socket$inet6_sctp(0xa, 0x5, 0x84) 114.867652ms ago: executing program 3 (id=676): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) getpgrp(r0) socket$nl_xfrm(0x10, 0x3, 0x6) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000140)={0x0}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 55.335366ms ago: executing program 4 (id=677): setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 0s ago: executing program 3 (id=678): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) rename(&(0x7f0000000080)='./file0/file0\x00', 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000180)={'vxcan0\x00', 0x0}) socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r3, &(0x7f0000000040)={0x1d, r4}, 0x10) socket(0x2000000000000021, 0x2, 0x10000000000002) r5 = syz_io_uring_setup(0x6de4, &(0x7f0000000180)={0x0, 0x117a, 0x100, 0x2, 0x250}, &(0x7f00000000c0), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS2(r5, 0xf, &(0x7f00000024c0)={0x2, 0x0, 0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000240)=""/191, 0xbf}], &(0x7f0000002480)=[0x2]}, 0x20) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r4, {0xffe0}, {0xffff, 0xfff9}, {0x1}}}, 0x24}}, 0x40c0) kernel console output (not intermixed with test programs): orking HSR network [ 37.140432][ T3316] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.164611][ T3315] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.182731][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.211455][ T3320] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.229557][ T3311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.245164][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.252376][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.278284][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.285458][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.316398][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.328734][ T3316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.357049][ T3320] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.418764][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.478219][ T3315] veth0_vlan: entered promiscuous mode [ 37.491935][ T3311] veth0_vlan: entered promiscuous mode [ 37.499730][ T3320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.510875][ T3315] veth1_vlan: entered promiscuous mode [ 37.519468][ T3311] veth1_vlan: entered promiscuous mode [ 37.577923][ T3315] veth0_macvtap: entered promiscuous mode [ 37.586037][ T3316] veth0_vlan: entered promiscuous mode [ 37.593671][ T3311] veth0_macvtap: entered promiscuous mode [ 37.601843][ T3316] veth1_vlan: entered promiscuous mode [ 37.609984][ T3315] veth1_macvtap: entered promiscuous mode [ 37.617994][ T3311] veth1_macvtap: entered promiscuous mode [ 37.643155][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.658887][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.676288][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.687183][ T3316] veth0_macvtap: entered promiscuous mode [ 37.700962][ T3320] veth0_vlan: entered promiscuous mode [ 37.711143][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.719701][ T3316] veth1_macvtap: entered promiscuous mode [ 37.726434][ T58] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.742404][ T58] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.757386][ T52] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.768255][ T3320] veth1_vlan: entered promiscuous mode [ 37.777469][ T52] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.794999][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.802819][ T52] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.815269][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.829904][ T52] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.839123][ T52] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.848490][ T52] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.870466][ T3310] veth0_vlan: entered promiscuous mode [ 37.882670][ T1699] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.900524][ T3310] veth1_vlan: entered promiscuous mode [ 37.907472][ T3311] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 37.909517][ T1699] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.945187][ T3320] veth0_macvtap: entered promiscuous mode [ 37.964143][ T3320] veth1_macvtap: entered promiscuous mode [ 37.972468][ T3480] netlink: 'syz.1.2': attribute type 10 has an invalid length. [ 37.977722][ T3310] veth0_macvtap: entered promiscuous mode [ 37.980172][ T3480] netlink: 'syz.1.2': attribute type 19 has an invalid length. [ 37.980186][ T3480] netlink: 14536 bytes leftover after parsing attributes in process `syz.1.2'. [ 38.003846][ T1699] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.017116][ T1699] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.027004][ T3320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.029862][ T3480] loop1: detected capacity change from 0 to 512 [ 38.045098][ T3480] EXT4-fs: Ignoring removed mblk_io_submit option [ 38.052855][ T3310] veth1_macvtap: entered promiscuous mode [ 38.077974][ T3320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.085653][ T3480] EXT4-fs: Ignoring removed nomblk_io_submit option [ 38.097601][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.105725][ T3485] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4'. [ 38.115276][ T3480] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 38.123931][ T3480] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 38.136408][ T37] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.149442][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.165867][ T29] kauditd_printk_skb: 29 callbacks suppressed [ 38.165883][ T29] audit: type=1400 audit(1759826019.797:101): avc: denied { map_create } for pid=3482 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 38.192830][ T3487] loop0: detected capacity change from 0 to 512 [ 38.200332][ T29] audit: type=1400 audit(1759826019.797:102): avc: denied { map_read map_write } for pid=3482 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 38.220304][ T29] audit: type=1400 audit(1759826019.807:103): avc: denied { create } for pid=3482 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 38.256686][ T3480] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4193: comm syz.1.2: Allocating blocks 41-42 which overlap fs metadata [ 38.271958][ T37] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.283033][ T3480] Quota error (device loop1): write_blk: dquota write failed [ 38.290536][ T3480] Quota error (device loop1): find_free_dqentry: Can't write quota data block 5 [ 38.300208][ T3487] Quota error (device loop0): v2_read_file_info: Free block number 1 out of range (1, 6). [ 38.305126][ T3480] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 38.320569][ T29] audit: type=1400 audit(1759826019.937:104): avc: denied { create } for pid=3496 comm="syz.3.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 38.328106][ T3487] EXT4-fs warning (device loop0): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 38.347780][ T29] audit: type=1400 audit(1759826019.947:105): avc: denied { connect } for pid=3496 comm="syz.3.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 38.373841][ T3480] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.2: Failed to acquire dquot type 1 [ 38.374515][ T3480] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 38.389664][ T29] audit: type=1400 audit(1759826020.017:106): avc: denied { write } for pid=3496 comm="syz.3.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 38.405822][ T3499] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3'. [ 38.431245][ T3487] EXT4-fs (loop0): mount failed [ 38.437524][ T37] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.455546][ T3501] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 38.460316][ T37] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.472424][ T3480] EXT4-fs error (device loop1): ext4_do_update_inode:5624: inode #12: comm syz.1.2: corrupted inode contents [ 38.499252][ T3480] EXT4-fs error (device loop1): ext4_dirty_inode:6509: inode #12: comm syz.1.2: mark_inode_dirty error [ 38.550598][ T37] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.565589][ T3480] EXT4-fs error (device loop1): ext4_do_update_inode:5624: inode #12: comm syz.1.2: corrupted inode contents [ 38.573253][ T37] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.591811][ T3504] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5'. [ 38.599530][ T37] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.615433][ T3504] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5'. [ 38.627549][ T3480] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #12: comm syz.1.2: mark_inode_dirty error [ 38.631929][ T37] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.650404][ T3480] EXT4-fs error (device loop1): ext4_do_update_inode:5624: inode #12: comm syz.1.2: corrupted inode contents [ 38.675608][ T3480] EXT4-fs error (device loop1) in ext4_orphan_del:301: Corrupt filesystem [ 38.716470][ T3480] EXT4-fs error (device loop1): ext4_do_update_inode:5624: inode #12: comm syz.1.2: corrupted inode contents [ 38.729090][ T3519] FAULT_INJECTION: forcing a failure. [ 38.729090][ T3519] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 38.742350][ T3519] CPU: 1 UID: 0 PID: 3519 Comm: syz.0.13 Not tainted syzkaller #0 PREEMPT(voluntary) [ 38.742457][ T3519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 38.742537][ T3519] Call Trace: [ 38.742543][ T3519] [ 38.742550][ T3519] __dump_stack+0x1d/0x30 [ 38.742573][ T3519] dump_stack_lvl+0xe8/0x140 [ 38.742597][ T3519] dump_stack+0x15/0x1b [ 38.742612][ T3519] should_fail_ex+0x265/0x280 [ 38.742672][ T3519] should_fail+0xb/0x20 [ 38.742707][ T3519] should_fail_usercopy+0x1a/0x20 [ 38.742776][ T3519] strncpy_from_user+0x25/0x230 [ 38.742808][ T3519] ? kmem_cache_alloc_noprof+0x242/0x480 [ 38.742837][ T3519] ? getname_flags+0x80/0x3b0 [ 38.742868][ T3519] getname_flags+0xae/0x3b0 [ 38.742917][ T3519] do_sys_openat2+0x60/0x110 [ 38.743000][ T3519] __x64_sys_open+0xe6/0x110 [ 38.743083][ T3519] x64_sys_call+0x1457/0x3000 [ 38.743147][ T3519] do_syscall_64+0xd2/0x200 [ 38.743175][ T3519] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 38.743205][ T3519] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 38.743271][ T3519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 38.743298][ T3519] RIP: 0033:0x7f7df515eec9 [ 38.743382][ T3519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 38.743404][ T3519] RSP: 002b:00007f7df3bbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 38.743424][ T3519] RAX: ffffffffffffffda RBX: 00007f7df53b5fa0 RCX: 00007f7df515eec9 [ 38.743440][ T3519] RDX: 0000000000000102 RSI: 0000000000145142 RDI: 0000200000000300 [ 38.743455][ T3519] RBP: 00007f7df3bbf090 R08: 0000000000000000 R09: 0000000000000000 [ 38.743470][ T3519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 38.743484][ T3519] R13: 00007f7df53b6038 R14: 00007f7df53b5fa0 R15: 00007ffec8438238 [ 38.743509][ T3519] [ 38.888450][ T3480] EXT4-fs error (device loop1): ext4_truncate:4637: inode #12: comm syz.1.2: mark_inode_dirty error [ 38.950430][ T3480] EXT4-fs error (device loop1) in ext4_process_orphan:343: Corrupt filesystem [ 38.986824][ T3480] EXT4-fs (loop1): 1 truncate cleaned up [ 38.993146][ T3480] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.039629][ T3523] netlink: 256 bytes leftover after parsing attributes in process `syz.4.16'. [ 39.048912][ T3480] syz.1.2 (3480) used greatest stack depth: 10224 bytes left [ 39.065482][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.216105][ T3536] loop0: detected capacity change from 0 to 512 [ 39.256420][ T3545] loop3: detected capacity change from 0 to 512 [ 39.265263][ T3536] EXT4-fs warning (device loop0): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 39.293251][ T3545] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.319048][ T3536] EXT4-fs (loop0): mount failed [ 39.326896][ T3552] netlink: 12 bytes leftover after parsing attributes in process `syz.1.22'. [ 39.342651][ T3545] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.375521][ T3552] vlan2: entered promiscuous mode [ 39.380723][ T3552] bond0: entered promiscuous mode [ 39.386069][ T3552] bond_slave_0: entered promiscuous mode [ 39.392022][ T3552] bond_slave_1: entered promiscuous mode [ 39.401506][ T3545] SELinux: Context @ is not valid (left unmapped). [ 39.433680][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.464073][ T3543] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 39.477436][ T3543] 9pnet_fd: Insufficient options for proto=fd [ 39.527785][ T3560] FAULT_INJECTION: forcing a failure. [ 39.527785][ T3560] name failslab, interval 1, probability 0, space 0, times 1 [ 39.540635][ T3560] CPU: 0 UID: 0 PID: 3560 Comm: syz.1.25 Not tainted syzkaller #0 PREEMPT(voluntary) [ 39.540664][ T3560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 39.540687][ T3560] Call Trace: [ 39.540696][ T3560] [ 39.540707][ T3560] __dump_stack+0x1d/0x30 [ 39.540785][ T3560] dump_stack_lvl+0xe8/0x140 [ 39.540810][ T3560] dump_stack+0x15/0x1b [ 39.540830][ T3560] should_fail_ex+0x265/0x280 [ 39.540871][ T3560] should_failslab+0x8c/0xb0 [ 39.540974][ T3560] kmem_cache_alloc_noprof+0x50/0x480 [ 39.541001][ T3560] ? sctp_get_port_local+0x438/0xae0 [ 39.541034][ T3560] sctp_get_port_local+0x438/0xae0 [ 39.541142][ T3560] sctp_do_bind+0x398/0x4b0 [ 39.541178][ T3560] sctp_connect_new_asoc+0x153/0x3a0 [ 39.541216][ T3560] sctp_sendmsg+0xf10/0x18d0 [ 39.541248][ T3560] ? selinux_socket_sendmsg+0x141/0x1b0 [ 39.541327][ T3560] ? __pfx_sctp_sendmsg+0x10/0x10 [ 39.541352][ T3560] inet_sendmsg+0xc2/0xd0 [ 39.541444][ T3560] __sock_sendmsg+0x102/0x180 [ 39.541488][ T3560] __sys_sendto+0x268/0x330 [ 39.541525][ T3560] __x64_sys_sendto+0x76/0x90 [ 39.541587][ T3560] x64_sys_call+0x2d14/0x3000 [ 39.541614][ T3560] do_syscall_64+0xd2/0x200 [ 39.541642][ T3560] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 39.541683][ T3560] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 39.541716][ T3560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 39.541736][ T3560] RIP: 0033:0x7ffac119eec9 [ 39.541755][ T3560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 39.541804][ T3560] RSP: 002b:00007ffabfbff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 39.541827][ T3560] RAX: ffffffffffffffda RBX: 00007ffac13f5fa0 RCX: 00007ffac119eec9 [ 39.541844][ T3560] RDX: 000000000000ffe0 RSI: 0000200000000100 RDI: 0000000000000006 [ 39.541859][ T3560] RBP: 00007ffabfbff090 R08: 0000200000000140 R09: 000000000000001c [ 39.541875][ T3560] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000001 [ 39.541890][ T3560] R13: 00007ffac13f6038 R14: 00007ffac13f5fa0 R15: 00007fff00f72098 [ 39.541920][ T3560] [ 39.854978][ T3563] FAULT_INJECTION: forcing a failure. [ 39.854978][ T3563] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 39.868362][ T3563] CPU: 0 UID: 0 PID: 3563 Comm: syz.1.26 Not tainted syzkaller #0 PREEMPT(voluntary) [ 39.868393][ T3563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 39.868407][ T3563] Call Trace: [ 39.868413][ T3563] [ 39.868420][ T3563] __dump_stack+0x1d/0x30 [ 39.868446][ T3563] dump_stack_lvl+0xe8/0x140 [ 39.868471][ T3563] dump_stack+0x15/0x1b [ 39.868489][ T3563] should_fail_ex+0x265/0x280 [ 39.868577][ T3563] should_fail+0xb/0x20 [ 39.868668][ T3563] should_fail_usercopy+0x1a/0x20 [ 39.868688][ T3563] strncpy_from_user+0x25/0x230 [ 39.868715][ T3563] ? kmem_cache_alloc_noprof+0x242/0x480 [ 39.868807][ T3563] ? getname_flags+0x80/0x3b0 [ 39.868953][ T3563] getname_flags+0xae/0x3b0 [ 39.868980][ T3563] do_sys_openat2+0x60/0x110 [ 39.869014][ T3563] __x64_sys_open+0xe6/0x110 [ 39.869049][ T3563] x64_sys_call+0x1457/0x3000 [ 39.869070][ T3563] do_syscall_64+0xd2/0x200 [ 39.869093][ T3563] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 39.869176][ T3563] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 39.869267][ T3563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 39.869288][ T3563] RIP: 0033:0x7ffac119eec9 [ 39.869303][ T3563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 39.869326][ T3563] RSP: 002b:00007ffabfbff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 39.869344][ T3563] RAX: ffffffffffffffda RBX: 00007ffac13f5fa0 RCX: 00007ffac119eec9 [ 39.869357][ T3563] RDX: 0000000000000102 RSI: 0000000000145142 RDI: 0000200000000300 [ 39.869412][ T3563] RBP: 00007ffabfbff090 R08: 0000000000000000 R09: 0000000000000000 [ 39.869457][ T3563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 39.869468][ T3563] R13: 00007ffac13f6038 R14: 00007ffac13f5fa0 R15: 00007fff00f72098 [ 39.869542][ T3563] [ 40.207458][ T3582] netlink: 256 bytes leftover after parsing attributes in process `syz.1.29'. [ 40.228759][ C0] hrtimer: interrupt took 58101 ns [ 40.269748][ T3588] loop4: detected capacity change from 0 to 1024 [ 40.279882][ T3588] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 40.291183][ T3588] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 40.306791][ T3588] JBD2: no valid journal superblock found [ 40.312677][ T3588] EXT4-fs (loop4): Could not load journal inode [ 40.340283][ T3588] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 40.355005][ T3590] loop2: detected capacity change from 0 to 512 [ 40.409406][ T3590] EXT4-fs warning (device loop2): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 40.412750][ T3591] syz.3.32 (3591) used obsolete PPPIOCDETACH ioctl [ 40.432435][ T3590] EXT4-fs (loop2): mount failed [ 40.704162][ T3612] netlink: 5548 bytes leftover after parsing attributes in process `syz.3.42'. [ 40.749478][ T3615] bridge0: entered promiscuous mode [ 40.914670][ T3626] netlink: 64 bytes leftover after parsing attributes in process `syz.3.48'. [ 40.932138][ T3626] loop3: detected capacity change from 0 to 1024 [ 40.940778][ T3626] EXT4-fs: Ignoring removed orlov option [ 40.974676][ T3626] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 41.004973][ T3626] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.086154][ T3604] SELinux: failed to load policy [ 41.097021][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.187594][ T3640] 9pnet_fd: Insufficient options for proto=fd [ 41.228584][ T3644] loop1: detected capacity change from 0 to 512 [ 41.260112][ T3644] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 41.331731][ T3646] process 'syz.4.53' launched '/dev/fd/5' with NULL argv: empty string added [ 41.345313][ T3644] EXT4-fs (loop1): orphan cleanup on readonly fs [ 41.352632][ T3644] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.50: Failed to acquire dquot type 1 [ 41.398217][ T3644] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.50: bg 0: block 40: padding at end of block bitmap is not set [ 41.460021][ T3644] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 41.489245][ T3644] EXT4-fs (loop1): 1 truncate cleaned up [ 41.506113][ T3644] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 41.890896][ T3634] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 41.936539][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.044860][ T3678] SELinux: syz.2.65 (3678) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 42.204999][ T3685] loop1: detected capacity change from 0 to 256 [ 42.293213][ T3694] netlink: 'syz.3.70': attribute type 10 has an invalid length. [ 42.364379][ T3698] capability: warning: `syz.3.72' uses deprecated v2 capabilities in a way that may be insecure [ 42.427735][ T3704] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 42.451302][ T3704] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 42.468230][ T3706] 9pnet_fd: Insufficient options for proto=fd [ 42.562864][ T3712] netlink: 'syz.1.78': attribute type 13 has an invalid length. [ 42.636491][ T3712] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.643916][ T3712] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.706003][ T3712] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 42.724749][ T3712] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 42.755004][ T3721] loop4: detected capacity change from 0 to 1024 [ 42.768779][ T3721] EXT4-fs (loop4): corrupt root inode, run e2fsck [ 42.775850][ T3721] EXT4-fs (loop4): mount failed [ 42.809159][ T3714] bridge_slave_1: left allmulticast mode [ 42.815055][ T3714] bridge_slave_1: left promiscuous mode [ 42.821167][ T3714] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.829945][ T3714] bridge_slave_0: left allmulticast mode [ 42.835881][ T3714] bridge_slave_0: left promiscuous mode [ 42.841627][ T3714] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.914160][ T1699] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.923669][ T1699] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.934738][ T1699] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.944579][ T1699] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.998434][ T3731] __nla_validate_parse: 5 callbacks suppressed [ 42.998448][ T3731] netlink: 256 bytes leftover after parsing attributes in process `syz.0.85'. [ 43.020225][ T3727] loop1: detected capacity change from 0 to 512 [ 43.049869][ T3727] EXT4-fs warning (device loop1): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 43.071593][ T3727] EXT4-fs (loop1): mount failed [ 43.108927][ T3741] loop3: detected capacity change from 0 to 4096 [ 43.116374][ T3741] EXT4-fs: Ignoring removed nomblk_io_submit option [ 43.123083][ T3741] EXT4-fs: Ignoring removed i_version option [ 43.130078][ T3741] EXT4-fs (loop3): cluster size (1024) smaller than block size (4096) [ 43.165939][ T3745] loop1: detected capacity change from 0 to 1024 [ 43.187263][ T3745] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.200477][ T29] kauditd_printk_skb: 418 callbacks suppressed [ 43.200494][ T29] audit: type=1400 audit(43.171:520): avc: denied { add_name } for pid=3743 comm="syz.1.89" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 43.227132][ T29] audit: type=1400 audit(43.171:521): avc: denied { create } for pid=3743 comm="syz.1.89" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 43.467657][ T29] audit: type=1326 audit(43.441:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3753 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 43.490771][ T29] audit: type=1326 audit(43.441:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3753 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 43.514370][ T29] audit: type=1326 audit(43.451:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3753 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 43.536996][ T29] audit: type=1326 audit(43.451:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3753 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 43.559569][ T29] audit: type=1326 audit(43.451:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3753 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 43.583055][ T29] audit: type=1326 audit(43.451:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3753 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 43.605984][ T29] audit: type=1326 audit(43.451:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3753 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 43.628589][ T29] audit: type=1326 audit(43.451:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3753 comm="syz.3.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 43.860347][ T3781] netlink: 8 bytes leftover after parsing attributes in process `syz.0.98'. [ 43.951880][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.047981][ T3368] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 44.123648][ T3368] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 45.130556][ T3809] loop4: detected capacity change from 0 to 512 [ 45.156954][ T3809] EXT4-fs warning (device loop4): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 45.188255][ T3809] EXT4-fs (loop4): mount failed [ 45.196191][ T3817] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 45.202852][ T3817] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 45.210560][ T3817] vhci_hcd vhci_hcd.0: Device attached [ 45.252722][ T3818] vhci_hcd: connection closed [ 45.253012][ T31] vhci_hcd: stop threads [ 45.262185][ T31] vhci_hcd: release socket [ 45.266723][ T31] vhci_hcd: disconnect device [ 45.275312][ T3829] FAULT_INJECTION: forcing a failure. [ 45.275312][ T3829] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 45.288720][ T3829] CPU: 0 UID: 0 PID: 3829 Comm: syz.4.112 Not tainted syzkaller #0 PREEMPT(voluntary) [ 45.288749][ T3829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 45.288765][ T3829] Call Trace: [ 45.288772][ T3829] [ 45.288781][ T3829] __dump_stack+0x1d/0x30 [ 45.288806][ T3829] dump_stack_lvl+0xe8/0x140 [ 45.288831][ T3829] dump_stack+0x15/0x1b [ 45.288900][ T3829] should_fail_ex+0x265/0x280 [ 45.288937][ T3829] should_fail+0xb/0x20 [ 45.288965][ T3829] should_fail_usercopy+0x1a/0x20 [ 45.288983][ T3829] _copy_from_user+0x1c/0xb0 [ 45.289055][ T3829] do_seccomp+0x118/0xa40 [ 45.289092][ T3829] ? fput+0x8f/0xc0 [ 45.289129][ T3829] ? ksys_write+0x192/0x1a0 [ 45.289159][ T3829] __x64_sys_seccomp+0x40/0x50 [ 45.289190][ T3829] x64_sys_call+0x2ad8/0x3000 [ 45.289274][ T3829] do_syscall_64+0xd2/0x200 [ 45.289295][ T3829] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 45.289336][ T3829] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 45.289512][ T3829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 45.289533][ T3829] RIP: 0033:0x7f8359b7eec9 [ 45.289563][ T3829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 45.289584][ T3829] RSP: 002b:00007f83585e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000013d [ 45.289602][ T3829] RAX: ffffffffffffffda RBX: 00007f8359dd5fa0 RCX: 00007f8359b7eec9 [ 45.289651][ T3829] RDX: 0000200000000040 RSI: 000000000000000c RDI: 0000000000000001 [ 45.289675][ T3829] RBP: 00007f83585e7090 R08: 0000000000000000 R09: 0000000000000000 [ 45.289689][ T3829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 45.289703][ T3829] R13: 00007f8359dd6038 R14: 00007f8359dd5fa0 R15: 00007ffcb66bfd08 [ 45.289725][ T3829] [ 45.699911][ T3838] loop1: detected capacity change from 0 to 512 [ 45.745210][ T3838] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 45.756787][ T3838] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 45.767006][ T3838] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.114: Corrupt directory, running e2fsck is recommended [ 45.914636][ T3838] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 45.932444][ T3838] EXT4-fs error (device loop1): ext4_iget_extra_inode:5075: inode #15: comm syz.1.114: corrupted in-inode xattr: invalid ea_ino [ 45.952714][ T3838] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.114: couldn't read orphan inode 15 (err -117) [ 45.968736][ T3844] netlink: 'syz.3.117': attribute type 13 has an invalid length. [ 46.017333][ T3846] FAULT_INJECTION: forcing a failure. [ 46.017333][ T3846] name failslab, interval 1, probability 0, space 0, times 0 [ 46.030041][ T3846] CPU: 1 UID: 0 PID: 3846 Comm: syz.4.118 Not tainted syzkaller #0 PREEMPT(voluntary) [ 46.030136][ T3846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 46.030155][ T3846] Call Trace: [ 46.030164][ T3846] [ 46.030176][ T3846] __dump_stack+0x1d/0x30 [ 46.030212][ T3846] dump_stack_lvl+0xe8/0x140 [ 46.030240][ T3846] dump_stack+0x15/0x1b [ 46.030263][ T3846] should_fail_ex+0x265/0x280 [ 46.030345][ T3846] ? __request_module+0x1c4/0x3e0 [ 46.030430][ T3846] should_failslab+0x8c/0xb0 [ 46.030463][ T3846] ? get_fs_type+0x11d/0x330 [ 46.030497][ T3846] __kmalloc_cache_noprof+0x4c/0x4a0 [ 46.030552][ T3846] ? get_fs_type+0x11d/0x330 [ 46.030582][ T3846] __request_module+0x1c4/0x3e0 [ 46.030614][ T3846] ? strncmp+0x34/0x70 [ 46.030842][ T3846] get_fs_type+0x11d/0x330 [ 46.030873][ T3846] __se_sys_fsopen+0x86/0x1e0 [ 46.030926][ T3846] __x64_sys_fsopen+0x31/0x40 [ 46.030956][ T3846] x64_sys_call+0x2aa1/0x3000 [ 46.031004][ T3846] do_syscall_64+0xd2/0x200 [ 46.031024][ T3846] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 46.031107][ T3846] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 46.031149][ T3846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 46.031177][ T3846] RIP: 0033:0x7f8359b7eec9 [ 46.031201][ T3846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 46.031286][ T3846] RSP: 002b:00007f83585e7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 46.031307][ T3846] RAX: ffffffffffffffda RBX: 00007f8359dd5fa0 RCX: 00007f8359b7eec9 [ 46.031401][ T3846] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00002000000002c0 [ 46.031415][ T3846] RBP: 00007f83585e7090 R08: 0000000000000000 R09: 0000000000000000 [ 46.031426][ T3846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 46.031437][ T3846] R13: 00007f8359dd6038 R14: 00007f8359dd5fa0 R15: 00007ffcb66bfd08 [ 46.031457][ T3846] [ 46.108672][ T3838] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.288702][ T3844] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.295905][ T3844] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.379949][ T3838] EXT4-fs: Ignoring sb option on remount [ 46.428361][ T3838] EXT4-fs (loop1): changing journal_checksum during remount not supported; ignoring [ 46.515450][ T3844] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 46.533792][ T3838] EXT4-fs error (device loop1): __ext4_remount:6748: comm syz.1.114: Abort forced by user [ 46.567574][ T3844] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 46.655404][ T3838] EXT4-fs (loop1): Remounting filesystem read-only [ 46.662009][ T3838] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 46.706885][ T37] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.716990][ T3866] netlink: 4 bytes leftover after parsing attributes in process `syz.4.126'. [ 46.730152][ T37] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.797483][ T37] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.806404][ T3844] syz.3.117 (3844) used greatest stack depth: 10208 bytes left [ 46.825213][ T37] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.864631][ T3873] netlink: 4 bytes leftover after parsing attributes in process `syz.0.129'. [ 46.968348][ T3879] random: crng reseeded on system resumption [ 47.111820][ T3895] bridge_slave_0: left allmulticast mode [ 47.117627][ T3895] bridge_slave_0: left promiscuous mode [ 47.123417][ T3895] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.145995][ T3900] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 47.152563][ T3900] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 47.160255][ T3900] vhci_hcd vhci_hcd.0: Device attached [ 47.181724][ T3895] bridge_slave_1: left allmulticast mode [ 47.187570][ T3895] bridge_slave_1: left promiscuous mode [ 47.193443][ T3895] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.212795][ T3901] vhci_hcd: connection closed [ 47.213040][ T3889] vhci_hcd: stop threads [ 47.222025][ T3889] vhci_hcd: release socket [ 47.226582][ T3889] vhci_hcd: disconnect device [ 47.262368][ T3895] bond0: (slave bond_slave_0): Releasing backup interface [ 47.270746][ T3895] bond0: (slave bond_slave_1): Releasing backup interface [ 47.283578][ T3895] team0: Port device team_slave_0 removed [ 47.302821][ T3895] team0: Port device team_slave_1 removed [ 47.308791][ T3895] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 47.316846][ T3895] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 47.328540][ T3895] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 47.459760][ T3923] netlink: 120 bytes leftover after parsing attributes in process `syz.4.145'. [ 47.552961][ T3925] netlink: 20 bytes leftover after parsing attributes in process `syz.2.146'. [ 47.601511][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.645612][ T3938] loop2: detected capacity change from 0 to 512 [ 47.668262][ T3938] EXT4-fs warning (device loop2): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 47.683473][ T3938] EXT4-fs (loop2): mount failed [ 47.718215][ T3947] netlink: 20 bytes leftover after parsing attributes in process `syz.1.153'. [ 47.729811][ T3947] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 47.736360][ T3947] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 47.743952][ T3947] vhci_hcd vhci_hcd.0: Device attached [ 47.752600][ T3948] vhci_hcd: connection closed [ 47.752723][ T3885] vhci_hcd: stop threads [ 47.761719][ T3885] vhci_hcd: release socket [ 47.766252][ T3885] vhci_hcd: disconnect device [ 47.769540][ T3952] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 47.770988][ T3953] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 47.777464][ T3952] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 47.784048][ T3953] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 47.784175][ T3953] vhci_hcd vhci_hcd.0: Device attached [ 47.791769][ T3952] vhci_hcd vhci_hcd.0: Device attached [ 47.808448][ T3955] vhci_hcd: connection closed [ 47.810916][ T3883] vhci_hcd: stop threads [ 47.820189][ T3883] vhci_hcd: release socket [ 47.822797][ T3954] vhci_hcd: connection closed [ 47.824726][ T3883] vhci_hcd: disconnect device [ 47.835913][ T3883] vhci_hcd: stop threads [ 47.840178][ T3883] vhci_hcd: release socket [ 47.844626][ T3883] vhci_hcd: disconnect device [ 48.376828][ T29] kauditd_printk_skb: 250 callbacks suppressed [ 48.376846][ T29] audit: type=1400 audit(48.351:778): avc: denied { create } for pid=3965 comm="syz.0.159" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 48.377571][ T3967] FAULT_INJECTION: forcing a failure. [ 48.377571][ T3967] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 48.416614][ T3967] CPU: 1 UID: 0 PID: 3967 Comm: ¬í Not tainted syzkaller #0 PREEMPT(voluntary) [ 48.416669][ T3967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 48.416684][ T3967] Call Trace: [ 48.416692][ T3967] [ 48.416701][ T3967] __dump_stack+0x1d/0x30 [ 48.416726][ T3967] dump_stack_lvl+0xe8/0x140 [ 48.416760][ T3967] dump_stack+0x15/0x1b [ 48.416777][ T3967] should_fail_ex+0x265/0x280 [ 48.416810][ T3967] should_fail+0xb/0x20 [ 48.416840][ T3967] should_fail_usercopy+0x1a/0x20 [ 48.416864][ T3967] _copy_to_user+0x20/0xa0 [ 48.416914][ T3967] simple_read_from_buffer+0xb5/0x130 [ 48.416984][ T3967] proc_fail_nth_read+0x10e/0x150 [ 48.417013][ T3967] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 48.417106][ T3967] vfs_read+0x1a5/0x770 [ 48.417128][ T3967] ? __rcu_read_unlock+0x4f/0x70 [ 48.417152][ T3967] ? __fget_files+0x184/0x1c0 [ 48.417229][ T3967] ksys_read+0xda/0x1a0 [ 48.417324][ T3967] __x64_sys_read+0x40/0x50 [ 48.417346][ T3967] x64_sys_call+0x27c0/0x3000 [ 48.417367][ T3967] do_syscall_64+0xd2/0x200 [ 48.417389][ T3967] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 48.417429][ T3967] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 48.417465][ T3967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.417487][ T3967] RIP: 0033:0x7f7df515d8dc [ 48.417537][ T3967] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 48.417555][ T3967] RSP: 002b:00007f7df3bbf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 48.417573][ T3967] RAX: ffffffffffffffda RBX: 00007f7df53b5fa0 RCX: 00007f7df515d8dc [ 48.417586][ T3967] RDX: 000000000000000f RSI: 00007f7df3bbf0a0 RDI: 0000000000000009 [ 48.417598][ T3967] RBP: 00007f7df3bbf090 R08: 0000000000000000 R09: 0000000000000000 [ 48.417610][ T3967] R10: c08fc34b8a2df698 R11: 0000000000000246 R12: 0000000000000001 [ 48.417622][ T3967] R13: 00007f7df53b6038 R14: 00007f7df53b5fa0 R15: 00007ffec8438238 [ 48.417641][ T3967] [ 48.422765][ T3968] SELinux: policydb version 0 does not match my version range 15-35 [ 48.622336][ T29] audit: type=1400 audit(48.531:779): avc: denied { unlink } for pid=3311 comm="syz-executor" name="file0" dev="tmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 48.653155][ T29] audit: type=1400 audit(48.631:780): avc: denied { relabelfrom } for pid=3971 comm="syz.3.162" name="" dev="pipefs" ino=6784 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 48.675208][ T3968] SELinux: failed to load policy [ 48.685283][ T29] audit: type=1400 audit(48.651:781): avc: denied { override_creds } for pid=3981 comm="syz.1.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 48.723818][ T29] audit: type=1400 audit(48.701:782): avc: denied { ioctl } for pid=3985 comm="syz.1.166" path="socket:[6803]" dev="sockfs" ino=6803 ioctlcmd=0x8941 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 48.755812][ T3968] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.763083][ T3968] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.773242][ T29] audit: type=1326 audit(48.751:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3987 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8359b7eec9 code=0x7ffc0000 [ 48.797875][ T29] audit: type=1326 audit(48.751:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3987 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8359b7eec9 code=0x7ffc0000 [ 48.820906][ T29] audit: type=1326 audit(48.751:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3987 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8359b7eec9 code=0x7ffc0000 [ 48.843768][ T29] audit: type=1326 audit(48.751:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3987 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8359b7eec9 code=0x7ffc0000 [ 48.866574][ T29] audit: type=1326 audit(48.751:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3987 comm="syz.4.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8359b7eec9 code=0x7ffc0000 [ 48.913293][ T3968] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 48.923389][ T3968] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 48.958746][ T3883] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.976342][ T3883] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.996946][ T3883] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.014108][ T3883] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.040495][ T3999] netlink: 256 bytes leftover after parsing attributes in process `syz.1.171'. [ 49.047795][ T4001] loop2: detected capacity change from 0 to 2048 [ 49.092704][ T3301] loop2: p2 < > p4 [ 49.098028][ T3301] loop2: p4 size 262144 extends beyond EOD, truncated [ 49.108500][ T4001] loop2: p2 < > p4 [ 49.118786][ T4001] loop2: p4 size 262144 extends beyond EOD, truncated [ 49.158547][ T4008] loop2: detected capacity change from 0 to 2048 [ 49.166405][ T3534] udevd[3534]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 49.170227][ T3301] udevd[3301]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 49.194715][ T4008] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.223658][ T4008] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.247174][ T4008] loop2: detected capacity change from 0 to 512 [ 49.254662][ T4008] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 49.267782][ T4008] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 49.277066][ T4008] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 49.286056][ T4008] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 49.295417][ T4008] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 49.303724][ T4008] System zones: 0-2, 18-18, 34-35 [ 49.309471][ T4008] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.449303][ T4024] netlink: 4 bytes leftover after parsing attributes in process `syz.4.179'. [ 49.516994][ T4030] netlink: 152 bytes leftover after parsing attributes in process `syz.0.182'. [ 49.996017][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.057957][ T4044] loop2: detected capacity change from 0 to 512 [ 50.083493][ T4044] EXT4-fs warning (device loop2): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 50.103876][ T4044] EXT4-fs (loop2): mount failed [ 50.202951][ T4065] netlink: 28 bytes leftover after parsing attributes in process `syz.4.192'. [ 50.310156][ T4075] netlink: 56 bytes leftover after parsing attributes in process `syz.4.192'. [ 50.333189][ T4082] loop2: detected capacity change from 0 to 512 [ 50.363719][ T4082] EXT4-fs warning (device loop2): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 50.375370][ T4082] EXT4-fs warning (device loop2): dx_probe:849: Enable large directory feature to access it [ 50.385505][ T4082] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.193: Corrupt directory, running e2fsck is recommended [ 50.492245][ T4082] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 50.506337][ T4100] netlink: 24 bytes leftover after parsing attributes in process `syz.0.194'. [ 50.527528][ T4100] Zero length message leads to an empty skb [ 50.533999][ T4100] netlink: 4 bytes leftover after parsing attributes in process `syz.0.194'. [ 50.535884][ T4082] EXT4-fs error (device loop2): ext4_iget_extra_inode:5075: inode #15: comm syz.2.193: corrupted in-inode xattr: invalid ea_ino [ 50.594475][ T4082] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.193: couldn't read orphan inode 15 (err -117) [ 50.607670][ T4082] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.628389][ T4082] EXT4-fs: Ignoring sb option on remount [ 50.638057][ T4082] EXT4-fs (loop2): changing journal_checksum during remount not supported; ignoring [ 50.648129][ T4082] EXT4-fs error (device loop2): __ext4_remount:6748: comm syz.2.193: Abort forced by user [ 50.660295][ T4082] EXT4-fs (loop2): Remounting filesystem read-only [ 50.666910][ T4082] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 50.759940][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.850378][ T4117] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 50.856940][ T4117] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 50.864851][ T4117] vhci_hcd vhci_hcd.0: Device attached [ 50.876786][ T4120] lo: entered allmulticast mode [ 50.882907][ T4120] tunl0: entered allmulticast mode [ 50.889237][ T4120] gre0: entered allmulticast mode [ 50.895585][ T4120] gretap0: entered allmulticast mode [ 50.901642][ T4120] erspan0: entered allmulticast mode [ 50.907648][ T4120] ip_vti0: entered allmulticast mode [ 50.914137][ T4120] ip6_vti0: entered allmulticast mode [ 50.920696][ T4120] sit0: entered allmulticast mode [ 50.927222][ T4120] ip6tnl0: entered allmulticast mode [ 50.934171][ T4120] ip6gre0: entered allmulticast mode [ 50.940756][ T4120] syz_tun: entered allmulticast mode [ 50.946802][ T4120] ip6gretap0: entered allmulticast mode [ 50.953160][ T4120] bridge0: entered allmulticast mode [ 50.959294][ T4120] vcan0: entered allmulticast mode [ 50.965623][ T4120] bond0: entered allmulticast mode [ 50.970749][ T4120] bond_slave_0: entered allmulticast mode [ 50.977087][ T4120] bond_slave_1: entered allmulticast mode [ 50.986150][ T4120] team0: entered allmulticast mode [ 50.991386][ T4120] team_slave_0: entered allmulticast mode [ 50.997201][ T4120] team_slave_1: entered allmulticast mode [ 51.004371][ T4120] dummy0: entered allmulticast mode [ 51.010965][ T4120] nlmon0: entered allmulticast mode [ 51.062966][ T4118] vhci_hcd: connection closed [ 51.118449][ T3889] vhci_hcd: stop threads [ 51.127618][ T3889] vhci_hcd: release socket [ 51.132206][ T3889] vhci_hcd: disconnect device [ 51.156736][ T4120] caif0: entered allmulticast mode [ 51.161938][ T4120] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 51.354292][ T4133] loop2: detected capacity change from 0 to 512 [ 51.438567][ T4133] EXT4-fs warning (device loop2): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 51.578925][ T4133] EXT4-fs (loop2): mount failed [ 51.658977][ T4149] FAULT_INJECTION: forcing a failure. [ 51.658977][ T4149] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 51.672357][ T4149] CPU: 0 UID: 0 PID: 4149 Comm: syz.1.206 Not tainted syzkaller #0 PREEMPT(voluntary) [ 51.672394][ T4149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 51.672407][ T4149] Call Trace: [ 51.672419][ T4149] [ 51.672427][ T4149] __dump_stack+0x1d/0x30 [ 51.672449][ T4149] dump_stack_lvl+0xe8/0x140 [ 51.672507][ T4149] dump_stack+0x15/0x1b [ 51.672524][ T4149] should_fail_ex+0x265/0x280 [ 51.672558][ T4149] should_fail+0xb/0x20 [ 51.672589][ T4149] should_fail_usercopy+0x1a/0x20 [ 51.672647][ T4149] _copy_to_user+0x20/0xa0 [ 51.672675][ T4149] simple_read_from_buffer+0xb5/0x130 [ 51.672698][ T4149] proc_fail_nth_read+0x10e/0x150 [ 51.672729][ T4149] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 51.672781][ T4149] vfs_read+0x1a5/0x770 [ 51.672802][ T4149] ? __rcu_read_unlock+0x4f/0x70 [ 51.672828][ T4149] ? __fget_files+0x184/0x1c0 [ 51.672856][ T4149] ksys_read+0xda/0x1a0 [ 51.672909][ T4149] __x64_sys_read+0x40/0x50 [ 51.672932][ T4149] x64_sys_call+0x27c0/0x3000 [ 51.672953][ T4149] do_syscall_64+0xd2/0x200 [ 51.673054][ T4149] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 51.673087][ T4149] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 51.673205][ T4149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.673228][ T4149] RIP: 0033:0x7ffac119d8dc [ 51.673244][ T4149] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 51.673263][ T4149] RSP: 002b:00007ffabfbff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 51.673283][ T4149] RAX: ffffffffffffffda RBX: 00007ffac13f5fa0 RCX: 00007ffac119d8dc [ 51.673368][ T4149] RDX: 000000000000000f RSI: 00007ffabfbff0a0 RDI: 0000000000000004 [ 51.673381][ T4149] RBP: 00007ffabfbff090 R08: 0000000000000000 R09: 0000000000000000 [ 51.673394][ T4149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 51.673406][ T4149] R13: 00007ffac13f6038 R14: 00007ffac13f5fa0 R15: 00007fff00f72098 [ 51.673424][ T4149] [ 52.057756][ T4183] loop2: detected capacity change from 0 to 512 [ 52.082611][ T4183] ======================================================= [ 52.082611][ T4183] WARNING: The mand mount option has been deprecated and [ 52.082611][ T4183] and is ignored by this kernel. Remove the mand [ 52.082611][ T4183] option from the mount to silence this warning. [ 52.082611][ T4183] ======================================================= [ 52.274442][ T4183] FAULT_INJECTION: forcing a failure. [ 52.274442][ T4183] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 52.288456][ T4183] CPU: 0 UID: 0 PID: 4183 Comm: syz.2.213 Not tainted syzkaller #0 PREEMPT(voluntary) [ 52.288485][ T4183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 52.288561][ T4183] Call Trace: [ 52.288569][ T4183] [ 52.288586][ T4183] __dump_stack+0x1d/0x30 [ 52.288615][ T4183] dump_stack_lvl+0xe8/0x140 [ 52.288696][ T4183] dump_stack+0x15/0x1b [ 52.288727][ T4183] should_fail_ex+0x265/0x280 [ 52.288855][ T4183] should_fail+0xb/0x20 [ 52.288894][ T4183] should_fail_usercopy+0x1a/0x20 [ 52.289009][ T4183] strncpy_from_user+0x25/0x230 [ 52.289104][ T4183] ? kmem_cache_alloc_noprof+0x242/0x480 [ 52.289139][ T4183] ? getname_flags+0x80/0x3b0 [ 52.289178][ T4183] getname_flags+0xae/0x3b0 [ 52.289214][ T4183] user_path_at+0x28/0x130 [ 52.289325][ T4183] bpf_obj_get_user+0x66/0x300 [ 52.289359][ T4183] bpf_obj_get+0xed/0x100 [ 52.289382][ T4183] __sys_bpf+0x5dc/0x7c0 [ 52.289426][ T4183] __x64_sys_bpf+0x41/0x50 [ 52.289470][ T4183] x64_sys_call+0x2aee/0x3000 [ 52.289498][ T4183] do_syscall_64+0xd2/0x200 [ 52.289595][ T4183] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 52.289661][ T4183] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 52.289698][ T4183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.289767][ T4183] RIP: 0033:0x7f7b719eeec9 [ 52.289787][ T4183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 52.289806][ T4183] RSP: 002b:00007f7b7044f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 52.289824][ T4183] RAX: ffffffffffffffda RBX: 00007f7b71c45fa0 RCX: 00007f7b719eeec9 [ 52.289868][ T4183] RDX: 0000000000000018 RSI: 0000200000000480 RDI: 0000000000000007 [ 52.289885][ T4183] RBP: 00007f7b7044f090 R08: 0000000000000000 R09: 0000000000000000 [ 52.289902][ T4183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 52.289946][ T4183] R13: 00007f7b71c46038 R14: 00007f7b71c45fa0 R15: 00007ffc15369038 [ 52.289971][ T4183] [ 52.689955][ T4196] netlink: 5548 bytes leftover after parsing attributes in process `syz.3.216'. [ 52.842800][ T4205] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 52.849381][ T4205] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 52.857049][ T4205] vhci_hcd vhci_hcd.0: Device attached [ 52.902778][ T4206] vhci_hcd: connection closed [ 52.903054][ T37] vhci_hcd: stop threads [ 52.912109][ T37] vhci_hcd: release socket [ 52.916547][ T37] vhci_hcd: disconnect device [ 53.400453][ T4238] netlink: 4 bytes leftover after parsing attributes in process `syz.1.232'. [ 53.500833][ T4242] netlink: 12 bytes leftover after parsing attributes in process `syz.2.234'. [ 53.524231][ T4242] 8021q: adding VLAN 0 to HW filter on device bond1 [ 53.539613][ T4242] loop2: detected capacity change from 0 to 1024 [ 53.549496][ T4242] EXT4-fs: Ignoring removed orlov option [ 53.577474][ T4242] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 53.599475][ T4242] vlan2: entered allmulticast mode [ 53.604717][ T4242] bond1: entered allmulticast mode [ 53.664915][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 53.695970][ T29] kauditd_printk_skb: 221 callbacks suppressed [ 53.695990][ T29] audit: type=1326 audit(53.671:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4250 comm="syz.2.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 53.735459][ T29] audit: type=1326 audit(53.671:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4250 comm="syz.2.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 53.758220][ T29] audit: type=1326 audit(53.671:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4250 comm="syz.2.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 53.780987][ T29] audit: type=1326 audit(53.681:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4250 comm="syz.2.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 53.803708][ T29] audit: type=1326 audit(53.681:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4250 comm="syz.2.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 53.826405][ T29] audit: type=1326 audit(53.681:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4250 comm="syz.2.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 53.849155][ T29] audit: type=1326 audit(53.691:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4250 comm="syz.2.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 53.872128][ T29] audit: type=1326 audit(53.691:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4250 comm="syz.2.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 53.895076][ T29] audit: type=1326 audit(53.691:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4250 comm="syz.2.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 53.917721][ T29] audit: type=1326 audit(53.691:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4250 comm="syz.2.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 54.158856][ T4270] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 54.165433][ T4270] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 54.173273][ T4270] vhci_hcd vhci_hcd.0: Device attached [ 54.193245][ T4271] vhci_hcd: connection closed [ 54.193593][ T3889] vhci_hcd: stop threads [ 54.202885][ T3889] vhci_hcd: release socket [ 54.207388][ T3889] vhci_hcd: disconnect device [ 54.310587][ T4274] netlink: 256 bytes leftover after parsing attributes in process `syz.3.244'. [ 54.472592][ T4281] loop1: detected capacity change from 0 to 2048 [ 54.502345][ T4281] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.546768][ T4281] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.640864][ T4281] loop1: detected capacity change from 0 to 512 [ 54.653871][ T4281] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 54.663046][ T4281] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 54.694200][ T4281] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 54.733992][ T4281] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 54.764146][ T4281] System zones: 0-2, 18-18, 34-35 [ 54.780316][ T4281] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.029663][ T4295] 9pnet_fd: Insufficient options for proto=fd [ 55.285836][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.463012][ T4324] loop1: detected capacity change from 0 to 512 [ 55.510026][ T4324] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 55.521648][ T4324] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 55.531801][ T4324] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.258: Corrupt directory, running e2fsck is recommended [ 55.572112][ T4328] loop3: detected capacity change from 0 to 8192 [ 55.609009][ T4324] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 55.617897][ T3534] loop3: p2 p3 p4 [ 55.621924][ T3534] loop3: p2 start 4293394690 is beyond EOD, truncated [ 55.628860][ T3534] loop3: p3 size 100663552 extends beyond EOD, truncated [ 55.646273][ T3534] loop3: p4 size 50331648 extends beyond EOD, truncated [ 55.665261][ T4335] rdma_op ffff88811a2eb980 conn xmit_rdma 0000000000000000 [ 55.666990][ T4328] loop3: p2 p3 p4 [ 55.678798][ T4324] EXT4-fs error (device loop1): ext4_iget_extra_inode:5075: inode #15: comm syz.1.258: corrupted in-inode xattr: invalid ea_ino [ 55.692528][ T4328] loop3: p2 start 4293394690 is beyond EOD, truncated [ 55.699399][ T4328] loop3: p3 size 100663552 extends beyond EOD, truncated [ 55.712418][ T4328] loop3: p4 size 50331648 extends beyond EOD, truncated [ 55.722193][ T4339] netlink: 256 bytes leftover after parsing attributes in process `syz.0.265'. [ 55.732331][ T4324] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.258: couldn't read orphan inode 15 (err -117) [ 55.791759][ T4324] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.831433][ T3534] udevd[3534]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 55.844527][ T3301] udevd[3301]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 55.877554][ T3301] udevd[3301]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 55.888378][ T3534] udevd[3534]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 55.901438][ T4324] EXT4-fs: Ignoring sb option on remount [ 55.910387][ T4349] loop3: detected capacity change from 0 to 2048 [ 55.918090][ T3534] udevd[3534]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 55.928630][ T4324] EXT4-fs (loop1): changing journal_checksum during remount not supported; ignoring [ 55.947332][ T4324] EXT4-fs error (device loop1): __ext4_remount:6748: comm syz.1.258: Abort forced by user [ 55.947405][ T4349] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.983283][ T3534] udevd[3534]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 55.999401][ T4324] EXT4-fs (loop1): Remounting filesystem read-only [ 56.006048][ T4324] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 56.330247][ T4359] netlink: 4 bytes leftover after parsing attributes in process `syz.2.270'. [ 56.331416][ T3889] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 56.384786][ T3889] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 672 with error 28 [ 56.397312][ T3889] EXT4-fs (loop3): This should not happen!! Data will be lost [ 56.397312][ T3889] [ 56.406992][ T3889] EXT4-fs (loop3): Total free blocks count 0 [ 56.413006][ T3889] EXT4-fs (loop3): Free/Dirty block details [ 56.418920][ T3889] EXT4-fs (loop3): free_blocks=2415919504 [ 56.424887][ T3889] EXT4-fs (loop3): dirty_blocks=688 [ 56.430107][ T3889] EXT4-fs (loop3): Block reservation details [ 56.436197][ T3889] EXT4-fs (loop3): i_reserved_data_blocks=43 [ 56.635735][ T4368] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 56.680655][ T37] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28 [ 57.228140][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.537377][ T4385] vlan2: left promiscuous mode [ 57.542338][ T4385] bond0: left promiscuous mode [ 57.547180][ T4385] bond_slave_0: left promiscuous mode [ 57.552748][ T4385] bond_slave_1: left promiscuous mode [ 57.749489][ T4387] loop1: detected capacity change from 0 to 2048 [ 58.113260][ T4387] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 58.127008][ T4387] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.251146][ T4405] netlink: 24 bytes leftover after parsing attributes in process `syz.0.286'. [ 58.264078][ T4407] SELinux: policydb version 0 does not match my version range 15-35 [ 58.272765][ T4407] SELinux: failed to load policy [ 58.300845][ T4413] netlink: 5788 bytes leftover after parsing attributes in process `syz.4.291'. [ 58.300908][ T4405] FAULT_INJECTION: forcing a failure. [ 58.300908][ T4405] name failslab, interval 1, probability 0, space 0, times 0 [ 58.300933][ T4405] CPU: 1 UID: 0 PID: 4405 Comm: syz.0.286 Not tainted syzkaller #0 PREEMPT(voluntary) [ 58.300957][ T4405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 58.300970][ T4405] Call Trace: [ 58.300976][ T4405] [ 58.300985][ T4405] __dump_stack+0x1d/0x30 [ 58.301012][ T4405] dump_stack_lvl+0xe8/0x140 [ 58.301090][ T4405] dump_stack+0x15/0x1b [ 58.301112][ T4405] should_fail_ex+0x265/0x280 [ 58.301233][ T4405] should_failslab+0x8c/0xb0 [ 58.301266][ T4405] kmem_cache_alloc_noprof+0x50/0x480 [ 58.301302][ T4405] ? audit_log_start+0x342/0x720 [ 58.301434][ T4405] audit_log_start+0x342/0x720 [ 58.301460][ T4405] ? kstrtouint+0x76/0xc0 [ 58.301531][ T4405] audit_seccomp+0x48/0x100 [ 58.301570][ T4405] ? __seccomp_filter+0x82d/0x1250 [ 58.301655][ T4405] __seccomp_filter+0x83e/0x1250 [ 58.301692][ T4405] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 58.301732][ T4405] ? vfs_write+0x7e8/0x960 [ 58.301920][ T4405] __secure_computing+0x82/0x150 [ 58.301955][ T4405] syscall_trace_enter+0xcf/0x1e0 [ 58.302011][ T4405] do_syscall_64+0xac/0x200 [ 58.302042][ T4405] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 58.302182][ T4405] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 58.302300][ T4405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.302328][ T4405] RIP: 0033:0x7f7df515eec9 [ 58.302348][ T4405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.302450][ T4405] RSP: 002b:00007f7df3bbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000138 [ 58.302476][ T4405] RAX: ffffffffffffffda RBX: 00007f7df53b5fa0 RCX: 00007f7df515eec9 [ 58.302501][ T4405] RDX: de6c8001d5ed5ea6 RSI: 000000000000009e RDI: 000000000000009f [ 58.302520][ T4405] RBP: 00007f7df3bbf090 R08: ffffffffffffffff R09: 0000000000000000 [ 58.302537][ T4405] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 58.302554][ T4405] R13: 00007f7df53b6038 R14: 00007f7df53b5fa0 R15: 00007ffec8438238 [ 58.302582][ T4405] [ 58.440179][ T4415] FAULT_INJECTION: forcing a failure. [ 58.440179][ T4415] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 58.538034][ T4415] CPU: 1 UID: 0 PID: 4415 Comm: syz.0.292 Not tainted syzkaller #0 PREEMPT(voluntary) [ 58.538061][ T4415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 58.538076][ T4415] Call Trace: [ 58.538081][ T4415] [ 58.538088][ T4415] __dump_stack+0x1d/0x30 [ 58.538110][ T4415] dump_stack_lvl+0xe8/0x140 [ 58.538129][ T4415] dump_stack+0x15/0x1b [ 58.538145][ T4415] should_fail_ex+0x265/0x280 [ 58.538201][ T4415] should_fail+0xb/0x20 [ 58.538311][ T4415] should_fail_usercopy+0x1a/0x20 [ 58.538355][ T4415] _copy_to_user+0x20/0xa0 [ 58.538386][ T4415] copy_siginfo_to_user+0x22/0xb0 [ 58.538417][ T4415] x64_setup_rt_frame+0x2b5/0x580 [ 58.538446][ T4415] arch_do_signal_or_restart+0x23e/0x440 [ 58.538489][ T4415] exit_to_user_mode_loop+0x77/0x110 [ 58.538517][ T4415] do_syscall_64+0x1d6/0x200 [ 58.538538][ T4415] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 58.538568][ T4415] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 58.538680][ T4415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.538704][ T4415] RIP: 0033:0x7f7df515eec7 [ 58.538731][ T4415] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 58.538753][ T4415] RSP: 002b:00007f7df3bbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 58.538777][ T4415] RAX: 0000000000000116 RBX: 00007f7df53b5fa0 RCX: 00007f7df515eec9 [ 58.538937][ T4415] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000003 [ 58.538951][ T4415] RBP: 00007f7df3bbf090 R08: 0000000000000000 R09: 0000000000000000 [ 58.538963][ T4415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 58.538973][ T4415] R13: 00007f7df53b6038 R14: 00007f7df53b5fa0 R15: 00007ffec8438238 [ 58.539037][ T4415] [ 58.761664][ T29] kauditd_printk_skb: 119 callbacks suppressed [ 58.767964][ T29] audit: type=1326 audit(58.731:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4419 comm="syz.0.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 58.791312][ T29] audit: type=1326 audit(58.771:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4419 comm="syz.0.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 58.814487][ T29] audit: type=1326 audit(58.771:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4419 comm="syz.0.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 58.837473][ T29] audit: type=1326 audit(58.771:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4419 comm="syz.0.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 58.860243][ T29] audit: type=1326 audit(58.771:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4419 comm="syz.0.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 58.883102][ T29] audit: type=1326 audit(58.771:1139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4419 comm="syz.0.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 58.905853][ T29] audit: type=1326 audit(58.771:1140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4419 comm="syz.0.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 58.928494][ T29] audit: type=1326 audit(58.771:1141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4419 comm="syz.0.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 58.951181][ T29] audit: type=1326 audit(58.771:1142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4419 comm="syz.0.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 58.973860][ T29] audit: type=1326 audit(58.771:1143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4419 comm="syz.0.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 59.028136][ T4433] netlink: 256 bytes leftover after parsing attributes in process `syz.0.298'. [ 59.242586][ T4447] netlink: 4 bytes leftover after parsing attributes in process `syz.3.304'. [ 59.257339][ T4451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.306'. [ 59.355736][ T4464] loop3: detected capacity change from 0 to 2048 [ 59.362712][ T4466] SELinux: policydb version 0 does not match my version range 15-35 [ 59.375297][ T4468] netlink: 24 bytes leftover after parsing attributes in process `syz.1.313'. [ 59.392869][ T4466] SELinux: failed to load policy [ 59.407529][ T4468] netlink: 4 bytes leftover after parsing attributes in process `syz.1.313'. [ 59.446186][ T4464] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 59.469329][ T4464] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.491179][ T4464] loop3: detected capacity change from 0 to 512 [ 59.499541][ T4464] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 59.508834][ T4464] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 59.519051][ T4464] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 59.528547][ T4464] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 59.536887][ T4464] System zones: 0-2, 18-18, 34-35 [ 59.543691][ T4464] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 59.567337][ T4475] netlink: 12 bytes leftover after parsing attributes in process `syz.1.314'. [ 59.577679][ T4475] netlink: 4 bytes leftover after parsing attributes in process `syz.1.314'. [ 60.211380][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.391491][ T4502] netlink: 40 bytes leftover after parsing attributes in process `syz.3.323'. [ 60.478101][ T4506] netlink: 24 bytes leftover after parsing attributes in process `syz.4.324'. [ 60.539183][ T4506] netlink: 4 bytes leftover after parsing attributes in process `syz.4.324'. [ 60.573061][ T4513] netlink: 5788 bytes leftover after parsing attributes in process `syz.3.327'. [ 60.653503][ T4519] loop3: detected capacity change from 0 to 2048 [ 60.752067][ T4519] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 60.862224][ T4519] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.895242][ T4519] loop3: detected capacity change from 0 to 512 [ 60.912552][ T4519] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 60.921923][ T4519] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 60.935958][ T4519] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 60.962110][ T4519] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 60.991653][ T4519] System zones: 0-2, 18-18, 34-35 [ 61.085014][ T4519] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 61.258433][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.275255][ T4535] loop1: detected capacity change from 0 to 256 [ 61.295489][ T4535] SELinux: Context Ü is not valid (left unmapped). [ 61.327622][ T4535] FAULT_INJECTION: forcing a failure. [ 61.327622][ T4535] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 61.340778][ T4535] CPU: 0 UID: 0 PID: 4535 Comm: syz.1.332 Not tainted syzkaller #0 PREEMPT(voluntary) [ 61.340812][ T4535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 61.340831][ T4535] Call Trace: [ 61.340840][ T4535] [ 61.340850][ T4535] __dump_stack+0x1d/0x30 [ 61.340914][ T4535] dump_stack_lvl+0xe8/0x140 [ 61.340933][ T4535] dump_stack+0x15/0x1b [ 61.340948][ T4535] should_fail_ex+0x265/0x280 [ 61.340980][ T4535] should_fail+0xb/0x20 [ 61.341097][ T4535] should_fail_usercopy+0x1a/0x20 [ 61.341120][ T4535] strncpy_from_user+0x25/0x230 [ 61.341145][ T4535] ? kmem_cache_alloc_noprof+0x242/0x480 [ 61.341218][ T4535] ? getname_flags+0x80/0x3b0 [ 61.341253][ T4535] getname_flags+0xae/0x3b0 [ 61.341345][ T4535] __x64_sys_symlinkat+0x40/0x70 [ 61.341374][ T4535] x64_sys_call+0x2941/0x3000 [ 61.341401][ T4535] do_syscall_64+0xd2/0x200 [ 61.341429][ T4535] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 61.341468][ T4535] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 61.341504][ T4535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.341555][ T4535] RIP: 0033:0x7ffac119eec9 [ 61.341579][ T4535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.341601][ T4535] RSP: 002b:00007ffabfbff038 EFLAGS: 00000246 ORIG_RAX: 000000000000010a [ 61.341625][ T4535] RAX: ffffffffffffffda RBX: 00007ffac13f5fa0 RCX: 00007ffac119eec9 [ 61.341638][ T4535] RDX: 0000200000000140 RSI: 0000000000000006 RDI: 0000200000000000 [ 61.341669][ T4535] RBP: 00007ffabfbff090 R08: 0000000000000000 R09: 0000000000000000 [ 61.341680][ T4535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 61.341691][ T4535] R13: 00007ffac13f6038 R14: 00007ffac13f5fa0 R15: 00007fff00f72098 [ 61.341709][ T4535] [ 61.650888][ T4556] netlink: 24 bytes leftover after parsing attributes in process `syz.1.339'. [ 61.685187][ T4556] netlink: 4 bytes leftover after parsing attributes in process `syz.1.339'. [ 61.918304][ T4571] loop2: detected capacity change from 0 to 512 [ 61.946666][ T4571] EXT4-fs: Ignoring removed mblk_io_submit option [ 61.982449][ T4571] EXT4-fs: Mount option(s) incompatible with ext3 [ 62.023004][ T4571] loop2: detected capacity change from 0 to 512 [ 62.041005][ T4571] EXT4-fs: Ignoring removed nomblk_io_submit option [ 62.206677][ T4571] EXT4-fs error (device loop2): ext4_iget_extra_inode:5075: inode #15: comm syz.2.346: corrupted in-inode xattr: invalid ea_ino [ 62.280228][ T4571] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.346: couldn't read orphan inode 15 (err -117) [ 62.306605][ T4571] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 62.340457][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.645779][ T4580] loop2: detected capacity change from 0 to 512 [ 62.652822][ T4580] ext4: Unknown parameter 'obj_user' [ 63.071865][ T4625] loop3: detected capacity change from 0 to 512 [ 63.078609][ T4625] ext4: Unknown parameter 'fowner>00000000000000000000' [ 63.213082][ T4634] A link change request failed with some changes committed already. Interface veth0_to_batadv may have been left with an inconsistent configuration, please check. [ 63.286806][ T4634] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4634 comm=syz.3.367 [ 63.302686][ T4627] loop1: detected capacity change from 0 to 512 [ 63.309181][ T4627] ext4: Unknown parameter 'obj_user' [ 63.390601][ T4651] loop1: detected capacity change from 0 to 1024 [ 63.402773][ T4651] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 63.421742][ T4655] SELinux: policydb version 0 does not match my version range 15-35 [ 63.430665][ T4655] SELinux: failed to load policy [ 63.876253][ T29] kauditd_printk_skb: 312 callbacks suppressed [ 63.876268][ T29] audit: type=1326 audit(63.852:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4661 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 63.932573][ T29] audit: type=1326 audit(63.892:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4661 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 63.955302][ T29] audit: type=1326 audit(63.892:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4661 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 63.978297][ T29] audit: type=1326 audit(63.892:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4661 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 64.001032][ T29] audit: type=1326 audit(63.892:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4661 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 64.023788][ T29] audit: type=1326 audit(63.892:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4661 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 64.046507][ T29] audit: type=1326 audit(63.892:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4661 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 64.069158][ T29] audit: type=1326 audit(63.892:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4661 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 64.091908][ T29] audit: type=1326 audit(63.892:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4661 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 64.114718][ T29] audit: type=1326 audit(63.892:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4661 comm="syz.0.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 64.179727][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.324435][ T4693] loop3: detected capacity change from 0 to 128 [ 64.398511][ T4684] loop1: detected capacity change from 0 to 512 [ 64.405750][ T4684] ext4: Unknown parameter 'obj_user' [ 64.466366][ T4708] FAULT_INJECTION: forcing a failure. [ 64.466366][ T4708] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 64.479526][ T4708] CPU: 1 UID: 0 PID: 4708 Comm: syz.3.392 Not tainted syzkaller #0 PREEMPT(voluntary) [ 64.479560][ T4708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 64.479576][ T4708] Call Trace: [ 64.479582][ T4708] [ 64.479590][ T4708] __dump_stack+0x1d/0x30 [ 64.479641][ T4708] dump_stack_lvl+0xe8/0x140 [ 64.479659][ T4708] dump_stack+0x15/0x1b [ 64.479675][ T4708] should_fail_ex+0x265/0x280 [ 64.479709][ T4708] should_fail+0xb/0x20 [ 64.479794][ T4708] should_fail_usercopy+0x1a/0x20 [ 64.479820][ T4708] _copy_from_user+0x1c/0xb0 [ 64.479871][ T4708] bpf_test_init+0xb9/0x140 [ 64.479896][ T4708] bpf_prog_test_run_xdp+0x392/0x970 [ 64.479926][ T4708] ? __rcu_read_unlock+0x4f/0x70 [ 64.479990][ T4708] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 64.480023][ T4708] bpf_prog_test_run+0x22a/0x390 [ 64.480045][ T4708] __sys_bpf+0x4c0/0x7c0 [ 64.480144][ T4708] __x64_sys_bpf+0x41/0x50 [ 64.480175][ T4708] x64_sys_call+0x2aee/0x3000 [ 64.480196][ T4708] do_syscall_64+0xd2/0x200 [ 64.480216][ T4708] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 64.480275][ T4708] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 64.480310][ T4708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.480330][ T4708] RIP: 0033:0x7fee68e8eec9 [ 64.480344][ T4708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.480429][ T4708] RSP: 002b:00007fee678ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 64.480452][ T4708] RAX: ffffffffffffffda RBX: 00007fee690e5fa0 RCX: 00007fee68e8eec9 [ 64.480464][ T4708] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a [ 64.480546][ T4708] RBP: 00007fee678ef090 R08: 0000000000000000 R09: 0000000000000000 [ 64.480561][ T4708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 64.480576][ T4708] R13: 00007fee690e6038 R14: 00007fee690e5fa0 R15: 00007fff53c58fe8 [ 64.480599][ T4708] [ 64.763853][ T4713] SELinux: policydb version 0 does not match my version range 15-35 [ 64.782068][ T4713] SELinux: failed to load policy [ 64.953039][ T4725] __nla_validate_parse: 13 callbacks suppressed [ 64.953059][ T4725] netlink: 5788 bytes leftover after parsing attributes in process `syz.3.399'. [ 122.821972][ T4754] netlink: 256 bytes leftover after parsing attributes in process `syz.1.410'. [ 122.870524][ T29] kauditd_printk_skb: 82 callbacks suppressed [ 122.870542][ T29] audit: type=1326 audit(122.845:1548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 122.899946][ T29] audit: type=1326 audit(122.845:1549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 122.922787][ T29] audit: type=1326 audit(122.845:1550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 122.945722][ T29] audit: type=1326 audit(122.845:1551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 122.968892][ T29] audit: type=1326 audit(122.845:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 122.991793][ T29] audit: type=1326 audit(122.855:1553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 122.998877][ T4771] netlink: 28 bytes leftover after parsing attributes in process `syz.3.412'. [ 123.014649][ T29] audit: type=1326 audit(122.855:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 123.023664][ T4771] netlink: 28 bytes leftover after parsing attributes in process `syz.3.412'. [ 123.046254][ T29] audit: type=1326 audit(122.855:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 123.077841][ T29] audit: type=1326 audit(122.855:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 123.103190][ T29] audit: type=1326 audit(122.915:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.0.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7df515eec9 code=0x7ffc0000 [ 123.314446][ T4757] loop2: detected capacity change from 0 to 512 [ 123.334875][ T4757] EXT4-fs warning (device loop2): ext4_xattr_inode_get:546: inode #11: comm syz.2.411: ea_inode file size=0 entry size=6 [ 123.357110][ T4757] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 123.408386][ T4757] ------------[ cut here ]------------ [ 123.413925][ T4757] EA inode 11 i_nlink=2 [ 123.414277][ T4757] WARNING: CPU: 0 PID: 4757 at fs/ext4/xattr.c:1058 ext4_xattr_inode_update_ref+0x36a/0x380 [ 123.428638][ T4757] Modules linked in: [ 123.432677][ T4757] CPU: 0 UID: 0 PID: 4757 Comm: syz.2.411 Not tainted syzkaller #0 PREEMPT(voluntary) [ 123.442479][ T4757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 123.452692][ T4757] RIP: 0010:ext4_xattr_inode_update_ref+0x36a/0x380 [ 123.459403][ T4757] Code: 90 49 8d 7e 40 e8 26 03 b9 ff 4d 8b 6e 40 4c 89 e7 e8 3a fe b8 ff 41 8b 56 48 48 c7 c7 70 4b 55 86 4c 89 ee e8 87 15 68 ff 90 <0f> 0b 90 90 e9 ff fe ff ff e8 c8 63 b0 03 0f 1f 84 00 00 00 00 00 [ 123.479065][ T4757] RSP: 0018:ffffc9001275b778 EFLAGS: 00010246 [ 123.485158][ T4757] RAX: 4d6ab84220b7e200 RBX: ffff888119851bb8 RCX: 0000000000080000 [ 123.493212][ T4757] RDX: ffffc900026a9000 RSI: 000000000000511a RDI: 000000000000511b [ 123.501282][ T4757] RBP: 0000000000000002 R08: 0001c9001275b5f7 R09: 0000000000000000 [ 123.509316][ T4757] R10: 00000000ffffffff R11: 0000000000000002 R12: ffff888119851b68 [ 123.517488][ T4757] R13: 000000000000000b R14: ffff888119851b20 R15: 0000000000000001 [ 123.525519][ T4757] FS: 00007f7b7044f6c0(0000) GS:ffff8882aee3a000(0000) knlGS:0000000000000000 [ 123.534959][ T4757] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.541658][ T4757] CR2: 00007fee678ced58 CR3: 0000000119fbe000 CR4: 00000000003506f0 [ 123.549743][ T4757] Call Trace: [ 123.553042][ T4757] [ 123.556026][ T4757] ext4_xattr_inode_dec_ref_all+0x579/0x830 [ 123.562046][ T4757] ? errseq_check+0x2c/0x50 [ 123.566591][ T4757] ext4_xattr_delete_inode+0x6b7/0x790 [ 123.572121][ T4757] ? ext4_truncate+0x92e/0xae0 [ 123.576996][ T4757] ext4_evict_inode+0xa6a/0xd90 [ 123.581944][ T4757] ? __pfx_ext4_evict_inode+0x10/0x10 [ 123.587360][ T4757] evict+0x2e3/0x550 [ 123.591335][ T4757] ? __dquot_initialize+0x146/0x7c0 [ 123.596598][ T4757] iput+0x4ed/0x650 [ 123.600470][ T4757] ext4_process_orphan+0x1a9/0x1c0 [ 123.605617][ T4757] ext4_orphan_cleanup+0x6a8/0xa00 [ 123.610823][ T4757] ext4_fill_super+0x3483/0x3810 [ 123.615830][ T4757] ? snprintf+0x86/0xb0 [ 123.620065][ T4757] ? set_blocksize+0x1a8/0x310 [ 123.624856][ T4757] ? sb_set_blocksize+0xe3/0x100 [ 123.629871][ T4757] ? setup_bdev_super+0x30e/0x370 [ 123.634985][ T4757] ? __pfx_ext4_fill_super+0x10/0x10 [ 123.640356][ T4757] get_tree_bdev_flags+0x291/0x300 [ 123.645840][ T4757] ? __pfx_ext4_fill_super+0x10/0x10 [ 123.651733][ T4757] get_tree_bdev+0x1f/0x30 [ 123.656216][ T4757] ext4_get_tree+0x1c/0x30 [ 123.660787][ T4757] vfs_get_tree+0x54/0x1d0 [ 123.665239][ T4757] do_new_mount+0x24d/0x660 [ 123.669827][ T4757] path_mount+0x4a5/0xb70 [ 123.674189][ T4757] ? user_path_at+0x109/0x130 [ 123.679127][ T4757] __se_sys_mount+0x28c/0x2e0 [ 123.683923][ T4757] __x64_sys_mount+0x67/0x80 [ 123.688601][ T4757] x64_sys_call+0x2b51/0x3000 [ 123.693394][ T4757] do_syscall_64+0xd2/0x200 [ 123.697994][ T4757] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 123.701322][ T4794] loop1: detected capacity change from 0 to 164 [ 123.704147][ T4757] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 123.716203][ T4757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.722323][ T4757] RIP: 0033:0x7f7b719f066a [ 123.723792][ T4794] ISOFS: unable to read i-node block [ 123.726764][ T4757] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.742158][ T4794] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 123.751790][ T4757] RSP: 002b:00007f7b7044ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 123.769524][ T4757] RAX: ffffffffffffffda RBX: 00007f7b7044eef0 RCX: 00007f7b719f066a [ 123.777643][ T4757] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f7b7044eeb0 [ 123.785688][ T4757] RBP: 0000200000000180 R08: 00007f7b7044eef0 R09: 0000000000800700 [ 123.793874][ T4757] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 123.802016][ T4757] R13: 00007f7b7044eeb0 R14: 0000000000000473 R15: 0000200000000680 [ 123.810055][ T4757] [ 123.813087][ T4757] ---[ end trace 0000000000000000 ]--- [ 123.819091][ T4757] EXT4-fs (loop2): 1 orphan inode deleted [ 123.825210][ T4757] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.953281][ T4803] netlink: 'syz.1.423': attribute type 1 has an invalid length. [ 123.961044][ T4803] netlink: 224 bytes leftover after parsing attributes in process `syz.1.423'. [ 123.981165][ T4805] netlink: 20 bytes leftover after parsing attributes in process `syz.4.424'. [ 123.990170][ T4805] netlink: 20 bytes leftover after parsing attributes in process `syz.4.424'. [ 124.000882][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.025366][ T4806] netlink: 52 bytes leftover after parsing attributes in process `syz.1.423'. [ 124.225474][ T4811] netlink: 12 bytes leftover after parsing attributes in process `syz.3.426'. [ 124.582147][ T4825] netlink: 'syz.2.430': attribute type 4 has an invalid length. [ 124.670077][ T4825] loop2: detected capacity change from 0 to 512 [ 124.863058][ T4827] loop1: detected capacity change from 0 to 512 [ 124.920889][ T4829] loop2: detected capacity change from 0 to 512 [ 124.954356][ T4829] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 124.964893][ T4827] EXT4-fs warning (device loop1): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 124.987653][ T4829] EXT4-fs (loop2): 1 truncate cleaned up [ 124.988167][ T4829] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.014206][ T4827] EXT4-fs (loop1): mount failed [ 125.061476][ T4844] loop1: detected capacity change from 0 to 512 [ 125.080473][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.099823][ T4844] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.145092][ T4844] EXT4-fs error (device loop1): ext4_do_update_inode:5624: inode #2: comm syz.1.437: corrupted inode contents [ 125.167636][ T4844] EXT4-fs error (device loop1): ext4_dirty_inode:6509: inode #2: comm syz.1.437: mark_inode_dirty error [ 125.179144][ T4844] EXT4-fs error (device loop1): ext4_do_update_inode:5624: inode #2: comm syz.1.437: corrupted inode contents [ 125.191523][ T4844] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.437: mark_inode_dirty error [ 125.210932][ T4857] netlink: 4 bytes leftover after parsing attributes in process `syz.2.438'. [ 125.249485][ T4844] EXT4-fs error (device loop1): ext4_do_update_inode:5624: inode #2: comm syz.1.437: corrupted inode contents [ 125.264461][ T4844] EXT4-fs error (device loop1): ext4_dirty_inode:6509: inode #2: comm syz.1.437: mark_inode_dirty error [ 125.296475][ T4844] EXT4-fs error (device loop1): ext4_do_update_inode:5624: inode #2: comm syz.1.437: corrupted inode contents [ 125.321928][ T4864] EXT4-fs error (device loop1): ext4_do_update_inode:5624: inode #2: comm syz.1.437: corrupted inode contents [ 125.334278][ T4849] bridge0: port 1(batadv1) entered blocking state [ 125.341719][ T4849] bridge0: port 1(batadv1) entered disabled state [ 125.350642][ T4849] batadv1: entered allmulticast mode [ 125.359022][ T4865] netlink: 156 bytes leftover after parsing attributes in process `},'. [ 125.370690][ T4849] batadv1: entered promiscuous mode [ 125.392695][ T4864] EXT4-fs error (device loop1): ext4_append:88: inode #2: comm syz.1.437: mark_inode_dirty error [ 125.407469][ T4864] EXT4-fs error (device loop1) in ext4_append:100: Corrupt filesystem [ 125.425373][ T4844] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 125.433745][ T4844] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 125.459330][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.505179][ T4875] loop2: detected capacity change from 0 to 1024 [ 125.519404][ T4875] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.698043][ T3889] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 125.707452][ T3889] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 125.720057][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.771206][ T4888] loop2: detected capacity change from 0 to 512 [ 125.788743][ T4888] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 125.809652][ T4888] EXT4-fs (loop2): 1 truncate cleaned up [ 125.816032][ T4888] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.849828][ T4888] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 125.869403][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.971666][ T4898] loop2: detected capacity change from 0 to 2048 [ 126.009589][ T4898] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.022506][ T4898] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.556652][ T4922] loop2: detected capacity change from 0 to 2048 [ 126.569791][ T4922] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.582453][ T4922] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.222844][ T4931] loop1: detected capacity change from 0 to 512 [ 127.239990][ T4931] EXT4-fs warning (device loop1): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 127.255683][ T4931] EXT4-fs (loop1): mount failed [ 127.614789][ T4962] loop3: detected capacity change from 0 to 128 [ 127.622939][ T4962] journal_path: Non-blockdev passed as './mnt' [ 127.629256][ T4962] EXT4-fs: error: could not find journal device path [ 127.727993][ T4959] bridge0: port 3(batadv1) entered blocking state [ 127.736793][ T4959] bridge0: port 3(batadv1) entered disabled state [ 127.747809][ T4959] batadv1: entered allmulticast mode [ 127.784534][ T4959] batadv1: entered promiscuous mode [ 127.845761][ T4973] netlink: 'syz.1.473': attribute type 2 has an invalid length. [ 127.886444][ T29] kauditd_printk_skb: 385 callbacks suppressed [ 127.886464][ T29] audit: type=1400 audit(127.865:1941): avc: denied { ioctl } for pid=4972 comm="syz.1.473" path="socket:[9533]" dev="sockfs" ino=9533 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 127.922968][ T4973] __nla_validate_parse: 5 callbacks suppressed [ 127.922988][ T4973] netlink: 28 bytes leftover after parsing attributes in process `syz.1.473'. [ 127.998261][ T4979] netlink: 4 bytes leftover after parsing attributes in process `syz.2.475'. [ 128.008391][ T4982] netlink: 4 bytes leftover after parsing attributes in process `syz.1.476'. [ 128.031722][ T29] audit: type=1326 audit(128.015:1942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4961 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 128.055068][ T29] audit: type=1326 audit(128.045:1943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4961 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 128.148818][ T37] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 128.158412][ T37] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 128.216073][ T29] audit: type=1326 audit(128.185:1944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4961 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 128.239024][ T29] audit: type=1326 audit(128.185:1945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4961 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 128.340270][ T29] audit: type=1326 audit(128.255:1946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4961 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 128.363307][ T29] audit: type=1326 audit(128.255:1947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4961 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 128.386200][ T29] audit: type=1326 audit(128.255:1948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4961 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 128.409232][ T29] audit: type=1326 audit(128.315:1949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4961 comm="syz.3.471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fee68e8eec9 code=0x7ffc0000 [ 128.490112][ T4999] loop2: detected capacity change from 0 to 512 [ 128.548508][ T29] audit: type=1400 audit(128.455:1950): avc: denied { write } for pid=4993 comm="syz.2.479" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 128.569171][ T4999] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 128.577328][ T4999] EXT4-fs (loop2): orphan cleanup on readonly fs [ 128.640057][ T4999] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.479: corrupted inode contents [ 128.697925][ T4999] EXT4-fs (loop2): Remounting filesystem read-only [ 128.704642][ T4999] EXT4-fs (loop2): 1 truncate cleaned up [ 128.710549][ T3889] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 128.721162][ T3889] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 128.778631][ T3889] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 128.809318][ T4999] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 128.894675][ T5012] netlink: 20 bytes leftover after parsing attributes in process `syz.3.486'. [ 128.934549][ T5014] netlink: 'syz.1.487': attribute type 2 has an invalid length. [ 128.943141][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.059197][ T5023] SELinux: policydb version 0 does not match my version range 15-35 [ 129.069718][ T5014] netlink: 28 bytes leftover after parsing attributes in process `syz.1.487'. [ 129.097782][ T5023] SELinux: failed to load policy [ 129.161493][ T5031] netlink: 28 bytes leftover after parsing attributes in process `syz.3.493'. [ 129.170447][ T5031] netlink: 28 bytes leftover after parsing attributes in process `syz.3.493'. [ 129.485723][ T5048] serio: Serial port ptm0 [ 129.799438][ T5062] netlink: 'syz.3.506': attribute type 2 has an invalid length. [ 129.868091][ T5062] netlink: 28 bytes leftover after parsing attributes in process `syz.3.506'. [ 129.960329][ T5069] loop3: detected capacity change from 0 to 128 [ 129.967131][ T5069] journal_path: Non-blockdev passed as './mnt' [ 129.973428][ T5069] EXT4-fs: error: could not find journal device path [ 130.081961][ T5074] SELinux: policydb version 0 does not match my version range 15-35 [ 130.105994][ T5074] SELinux: failed to load policy [ 130.307647][ T5078] netlink: 4 bytes leftover after parsing attributes in process `syz.0.511'. [ 130.375802][ T5083] netlink: 12 bytes leftover after parsing attributes in process `syz.1.512'. [ 130.548358][ T5102] SELinux: policydb version 0 does not match my version range 15-35 [ 130.570952][ T5102] SELinux: failed to load policy [ 130.832188][ T5102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 130.859961][ T5102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.965699][ T3889] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.979883][ T3889] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.017363][ T3889] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.037873][ T3889] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.053099][ T5121] loop2: detected capacity change from 0 to 512 [ 131.200229][ T5121] EXT4-fs warning (device loop2): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 131.212054][ T5121] EXT4-fs warning (device loop2): dx_probe:849: Enable large directory feature to access it [ 131.222431][ T5121] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.522: Corrupt directory, running e2fsck is recommended [ 131.300886][ T5135] netlink: 'syz.1.531': attribute type 2 has an invalid length. [ 131.324160][ T5121] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 131.382451][ T5121] EXT4-fs error (device loop2): ext4_iget_extra_inode:5075: inode #15: comm syz.2.522: corrupted in-inode xattr: invalid ea_ino [ 131.429749][ T5121] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.522: couldn't read orphan inode 15 (err -117) [ 131.571502][ T5121] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.727716][ T5121] EXT4-fs: Ignoring sb option on remount [ 131.759607][ T5121] EXT4-fs (loop2): changing journal_checksum during remount not supported; ignoring [ 131.760981][ T5154] bridge0: port 3(batadv1) entered blocking state [ 131.775563][ T5154] bridge0: port 3(batadv1) entered disabled state [ 131.798654][ T5121] EXT4-fs error (device loop2): __ext4_remount:6748: comm syz.2.522: Abort forced by user [ 131.836234][ T5154] batadv1: entered allmulticast mode [ 131.868163][ T5154] batadv1: entered promiscuous mode [ 131.877184][ T5165] loop3: detected capacity change from 0 to 2048 [ 131.889968][ T5121] EXT4-fs (loop2): Remounting filesystem read-only [ 131.896545][ T5121] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 131.918109][ T5165] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 131.967306][ T5165] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.035998][ T5181] SELinux: policydb version 0 does not match my version range 15-35 [ 132.045175][ T5181] SELinux: failed to load policy [ 132.089126][ T5165] loop3: detected capacity change from 0 to 512 [ 132.113963][ T5165] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 132.123212][ T5165] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 132.267586][ T3889] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 132.276838][ T3889] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 132.287682][ T5165] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 132.307167][ T5165] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 132.340390][ T5165] System zones: 0-2, 18-18, 34-35 [ 132.356431][ T5165] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.391753][ T5200] loop1: detected capacity change from 0 to 512 [ 132.421788][ T5200] EXT4-fs warning (device loop1): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 132.437986][ T5200] EXT4-fs (loop1): mount failed [ 132.499665][ T5203] bridge0: port 3(batadv1) entered blocking state [ 132.506972][ T5203] bridge0: port 3(batadv1) entered disabled state [ 132.519457][ T5203] batadv1: entered allmulticast mode [ 132.532694][ T5203] batadv1: entered promiscuous mode [ 132.596029][ T5217] lo: left allmulticast mode [ 132.618031][ T5217] tunl0: left allmulticast mode [ 132.628115][ T5217] gre0: left allmulticast mode [ 132.637320][ T5217] gretap0: left allmulticast mode [ 132.649777][ T5217] erspan0: left allmulticast mode [ 132.656795][ T5217] ip_vti0: left allmulticast mode [ 132.669256][ T5217] ip6_vti0: left allmulticast mode [ 132.685841][ T5217] sit0: left allmulticast mode [ 132.691883][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.695411][ T5217] ip6tnl0: left allmulticast mode [ 132.708752][ T5217] ip6gre0: left allmulticast mode [ 132.715827][ T5217] syz_tun: left allmulticast mode [ 132.722680][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.731836][ T5217] ip6gretap0: left allmulticast mode [ 132.740006][ T5217] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.747327][ T5217] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.772481][ T5217] bridge0: left allmulticast mode [ 132.780232][ T5217] vcan0: left allmulticast mode [ 132.786020][ T5217] bond0: left allmulticast mode [ 132.790976][ T5217] bond_slave_0: left allmulticast mode [ 132.796653][ T5217] bond_slave_1: left allmulticast mode [ 132.804381][ T5217] team0: left allmulticast mode [ 132.809845][ T5217] team_slave_0: left allmulticast mode [ 132.815361][ T5217] team_slave_1: left allmulticast mode [ 132.828533][ T5217] dummy0: left allmulticast mode [ 132.836839][ T5217] nlmon0: left allmulticast mode [ 132.843788][ T5217] caif0: left allmulticast mode [ 132.872558][ T5217] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 132.882624][ T5217] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 132.914554][ T29] kauditd_printk_skb: 246 callbacks suppressed [ 132.914573][ T29] audit: type=1400 audit(132.886:2190): avc: denied { append } for pid=5224 comm="}," name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 132.943375][ T29] audit: type=1400 audit(132.886:2191): avc: denied { open } for pid=5224 comm="}," path="/dev/sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 132.966194][ T29] audit: type=1400 audit(132.886:2192): avc: denied { ioctl } for pid=5224 comm="}," path="/dev/sg0" dev="devtmpfs" ino=137 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 132.993371][ T3883] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 133.002856][ T3883] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 133.029727][ T37] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.040676][ T29] audit: type=1326 audit(133.026:2193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5234 comm="syz.2.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 133.041928][ T37] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.063509][ T29] audit: type=1326 audit(133.026:2194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5234 comm="syz.2.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 133.077546][ T29] audit: type=1326 audit(133.046:2195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5234 comm="syz.2.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 133.118668][ T29] audit: type=1326 audit(133.046:2196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5234 comm="syz.2.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 133.134177][ T37] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.141832][ T29] audit: type=1326 audit(133.046:2197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5234 comm="syz.2.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 133.152241][ T37] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.184239][ T5226] __nla_validate_parse: 7 callbacks suppressed [ 133.184253][ T5226] netlink: 156 bytes leftover after parsing attributes in process `syz.3.560'. [ 133.200303][ T29] audit: type=1326 audit(133.156:2198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5234 comm="syz.2.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 133.223203][ T29] audit: type=1326 audit(133.156:2199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5234 comm="syz.2.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b719eeec9 code=0x7ffc0000 [ 133.309518][ T5244] netlink: 12 bytes leftover after parsing attributes in process `syz.2.565'. [ 133.435430][ T5260] loop2: detected capacity change from 0 to 512 [ 133.453193][ T5260] EXT4-fs warning (device loop2): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 133.465047][ T5260] EXT4-fs warning (device loop2): dx_probe:849: Enable large directory feature to access it [ 133.475294][ T5260] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.569: Corrupt directory, running e2fsck is recommended [ 133.498217][ T5265] netlink: 4 bytes leftover after parsing attributes in process `syz.3.568'. [ 133.499706][ T5249] bridge0: port 4(batadv2) entered blocking state [ 133.515718][ T5249] bridge0: port 4(batadv2) entered disabled state [ 133.523626][ T5249] batadv2: entered allmulticast mode [ 133.534425][ T5260] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 133.536318][ T5249] batadv2: entered promiscuous mode [ 133.551875][ T5260] EXT4-fs error (device loop2): ext4_iget_extra_inode:5075: inode #15: comm syz.2.569: corrupted in-inode xattr: invalid ea_ino [ 133.601313][ T5260] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.569: couldn't read orphan inode 15 (err -117) [ 133.651859][ T5260] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.712597][ T5260] EXT4-fs: Ignoring sb option on remount [ 133.721027][ T5260] EXT4-fs (loop2): changing journal_checksum during remount not supported; ignoring [ 133.731567][ T5260] EXT4-fs error (device loop2): __ext4_remount:6748: comm syz.2.569: Abort forced by user [ 133.743274][ T5260] EXT4-fs (loop2): Remounting filesystem read-only [ 133.749886][ T5260] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 133.915868][ T5270] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=62992 sclass=netlink_route_socket pid=5270 comm=syz.1.572 [ 133.917485][ T37] batman_adv: batadv2: No IGMP Querier present - multicast optimizations disabled [ 133.937920][ T37] batman_adv: batadv2: No MLD Querier present - multicast optimizations disabled [ 133.957977][ T5270] syz.1.572: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 133.972635][ T5270] CPU: 0 UID: 0 PID: 5270 Comm: syz.1.572 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 133.972668][ T5270] Tainted: [W]=WARN [ 133.972675][ T5270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 133.972689][ T5270] Call Trace: [ 133.972711][ T5270] [ 133.972721][ T5270] __dump_stack+0x1d/0x30 [ 133.972786][ T5270] dump_stack_lvl+0xe8/0x140 [ 133.972812][ T5270] dump_stack+0x15/0x1b [ 133.972831][ T5270] warn_alloc+0x12b/0x1a0 [ 133.972864][ T5270] ? __rcu_read_unlock+0x4f/0x70 [ 133.972915][ T5270] __vmalloc_node_range_noprof+0x9d/0xed0 [ 133.972956][ T5270] ? __futex_wait+0x1fa/0x260 [ 133.972981][ T5270] ? __pfx_futex_wake_mark+0x10/0x10 [ 133.973103][ T5270] ? __rcu_read_unlock+0x4f/0x70 [ 133.973131][ T5270] ? avc_has_perm_noaudit+0x1b1/0x200 [ 133.973221][ T5270] ? should_fail_ex+0x30/0x280 [ 133.973253][ T5270] ? xskq_create+0x36/0xe0 [ 133.973280][ T5270] vmalloc_user_noprof+0x7d/0xb0 [ 133.973401][ T5270] ? xskq_create+0x80/0xe0 [ 133.973449][ T5270] xskq_create+0x80/0xe0 [ 133.973473][ T5270] xsk_init_queue+0x95/0xf0 [ 133.973496][ T5270] xsk_setsockopt+0x477/0x640 [ 133.973519][ T5270] ? __pfx_xsk_setsockopt+0x10/0x10 [ 133.973629][ T5270] __sys_setsockopt+0x181/0x200 [ 133.973725][ T5270] __x64_sys_setsockopt+0x64/0x80 [ 133.973773][ T5270] x64_sys_call+0x20ec/0x3000 [ 133.973802][ T5270] do_syscall_64+0xd2/0x200 [ 133.973827][ T5270] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 133.973858][ T5270] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 133.973979][ T5270] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.974000][ T5270] RIP: 0033:0x7ffac119eec9 [ 133.974015][ T5270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.974094][ T5270] RSP: 002b:00007ffabfbff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 133.974135][ T5270] RAX: ffffffffffffffda RBX: 00007ffac13f5fa0 RCX: 00007ffac119eec9 [ 133.974148][ T5270] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005 [ 133.974164][ T5270] RBP: 00007ffac1221f91 R08: 0000000000000004 R09: 0000000000000000 [ 133.974180][ T5270] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 133.974197][ T5270] R13: 00007ffac13f6038 R14: 00007ffac13f5fa0 R15: 00007fff00f72098 [ 133.974217][ T5270] [ 133.974247][ T5270] Mem-Info: [ 133.984477][ T5286] loop3: detected capacity change from 0 to 512 [ 133.985592][ T5270] active_anon:38294 inactive_anon:2 isolated_anon:25 [ 133.985592][ T5270] active_file:23111 inactive_file:2523 isolated_file:0 [ 133.985592][ T5270] unevictable:2026 dirty:305 writeback:0 [ 133.985592][ T5270] slab_reclaimable:3311 slab_unreclaimable:68970 [ 133.985592][ T5270] mapped:29456 shmem:34049 pagetables:1431 [ 133.985592][ T5270] sec_pagetables:0 bounce:0 [ 133.985592][ T5270] kernel_misc_reclaimable:0 [ 133.985592][ T5270] free:1752173 free_pcp:14907 free_cma:0 [ 134.261342][ T5270] Node 0 active_anon:153176kB inactive_anon:8kB active_file:92444kB inactive_file:10092kB unevictable:8104kB isolated(anon):100kB isolated(file):0kB mapped:117824kB dirty:1220kB writeback:0kB shmem:136196kB kernel_stack:3888kB pagetables:5608kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 134.261446][ T5270] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 134.319424][ T5270] lowmem_reserve[]: 0 2883 7862 7862 [ 134.324780][ T5270] Node 0 DMA32 free:2949164kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2952696kB mlocked:0kB bounce:0kB free_pcp:3532kB local_pcp:3532kB free_cma:0kB [ 134.356324][ T5270] lowmem_reserve[]: 0 0 4978 4978 [ 134.361436][ T5270] Node 0 Normal free:3957980kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:153176kB inactive_anon:8kB active_file:92444kB inactive_file:10092kB unevictable:8104kB writepending:1220kB zspages:0kB present:5242880kB managed:5098240kB mlocked:8244kB bounce:0kB free_pcp:58760kB local_pcp:27320kB free_cma:0kB [ 134.395224][ T5270] lowmem_reserve[]: 0 0 0 0 [ 134.399928][ T5270] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 134.412717][ T5270] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 5*16kB (M) 4*32kB (M) 3*64kB (M) 3*128kB (M) 3*256kB (M) 3*512kB (M) 3*1024kB (M) 3*2048kB (M) 717*4096kB (M) = 2949164kB [ 134.428963][ T5270] Node 0 Normal: 207*4kB (M) 30*8kB (UME) 31*16kB (ME) 42*32kB (UME) 83*64kB (ME) 5*128kB (UME) 56*256kB (UME) 3*512kB (UME) 3*1024kB (UME) 7*2048kB (UM) 956*4096kB (UM) = 3957916kB [ 134.435804][ T5293] netlink: 12 bytes leftover after parsing attributes in process `syz.4.581'. [ 134.447453][ T5270] Node 0 hugepages_total=4 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 134.465656][ T5270] 59679 total pagecache pages [ 134.470395][ T5270] 2 pages in swap cache [ 134.474604][ T5270] Free swap = 124988kB [ 134.478804][ T5270] Total swap = 124996kB [ 134.482973][ T5270] 2097051 pages RAM [ 134.486821][ T5270] 0 pages HighMem/MovableOnly [ 134.488802][ T5291] netlink: 12 bytes leftover after parsing attributes in process `syz.0.580'. [ 134.491566][ T5270] 80477 pages reserved [ 134.508207][ T5286] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 134.541533][ T5286] EXT4-fs (loop3): mount failed [ 134.607908][ T5300] netlink: 'syz.4.584': attribute type 2 has an invalid length. [ 134.765450][ T5318] loop1: detected capacity change from 0 to 512 [ 134.823364][ T5318] EXT4-fs warning (device loop1): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 134.857828][ T5318] EXT4-fs (loop1): mount failed [ 134.910020][ T5328] netlink: 'syz.1.595': attribute type 2 has an invalid length. [ 134.928075][ T5326] netlink: 156 bytes leftover after parsing attributes in process `},'. [ 135.019148][ T5335] netlink: 12 bytes leftover after parsing attributes in process `syz.0.596'. [ 135.085609][ T5346] SELinux: policydb version 0 does not match my version range 15-35 [ 135.094090][ T5346] SELinux: failed to load policy [ 135.523314][ T5360] loop3: detected capacity change from 0 to 512 [ 135.558721][ T5360] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 135.589885][ T5360] EXT4-fs (loop3): mount failed [ 135.623507][ T5364] netlink: 256 bytes leftover after parsing attributes in process `syz.1.607'. [ 135.723153][ T5376] netlink: 'syz.4.611': attribute type 2 has an invalid length. [ 135.731714][ T5378] netlink: 12 bytes leftover after parsing attributes in process `syz.3.610'. [ 135.945586][ T5390] netlink: 'syz.0.615': attribute type 2 has an invalid length. [ 135.956056][ T5386] netlink: 4 bytes leftover after parsing attributes in process `syz.3.614'. [ 136.010054][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.078614][ T5401] netlink: 'syz.0.619': attribute type 2 has an invalid length. [ 136.153885][ T5409] loop3: detected capacity change from 0 to 128 [ 136.161043][ T5409] journal_path: Non-blockdev passed as './mnt' [ 136.167260][ T5409] EXT4-fs: error: could not find journal device path [ 136.220919][ T5418] SELinux: policydb version 0 does not match my version range 15-35 [ 136.229650][ T5418] SELinux: failed to load policy [ 136.866537][ T5458] netlink: 'syz.3.639': attribute type 2 has an invalid length. [ 137.699842][ T5475] loop1: detected capacity change from 0 to 512 [ 137.723837][ T5475] EXT4-fs warning (device loop1): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 137.748085][ T5475] EXT4-fs (loop1): mount failed [ 137.973880][ T5497] SELinux: policydb version 0 does not match my version range 15-35 [ 137.992533][ T5497] SELinux: failed to load policy [ 138.435959][ T29] kauditd_printk_skb: 181 callbacks suppressed [ 138.436004][ T29] audit: type=1326 audit(138.416:2377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5528 comm="syz.1.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffac119eec9 code=0x7ffc0000 [ 138.465639][ T29] audit: type=1326 audit(138.416:2378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5528 comm="syz.1.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffac119eec9 code=0x7ffc0000 [ 138.488730][ T29] audit: type=1326 audit(138.416:2379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5528 comm="syz.1.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7ffac119eec9 code=0x7ffc0000 [ 138.512286][ T29] audit: type=1326 audit(138.416:2380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5528 comm="syz.1.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffac119eec9 code=0x7ffc0000 [ 138.535148][ T29] audit: type=1326 audit(138.416:2381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5528 comm="syz.1.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffac119eec9 code=0x7ffc0000 [ 138.558018][ T29] audit: type=1326 audit(138.416:2382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5528 comm="syz.1.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffac119eec9 code=0x7ffc0000 [ 138.580794][ T29] audit: type=1326 audit(138.416:2383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5528 comm="syz.1.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ffac119eec9 code=0x7ffc0000 [ 138.603548][ T29] audit: type=1326 audit(138.416:2384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5528 comm="syz.1.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffac119eec9 code=0x7ffc0000 [ 138.626472][ T29] audit: type=1326 audit(138.416:2385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5528 comm="syz.1.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ffac119eec9 code=0x7ffc0000 [ 138.649114][ T29] audit: type=1326 audit(138.416:2386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5528 comm="syz.1.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffac119eec9 code=0x7ffc0000 [ 138.694971][ T5542] loop3: detected capacity change from 0 to 512 [ 138.740358][ T5542] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 138.762980][ T5542] EXT4-fs (loop3): mount failed [ 138.764924][ T5555] __nla_validate_parse: 11 callbacks suppressed [ 138.764944][ T5555] netlink: 28 bytes leftover after parsing attributes in process `syz.0.668'. [ 138.783376][ T5555] netlink: 28 bytes leftover after parsing attributes in process `syz.0.668'. [ 138.826345][ T5557] netlink: 12 bytes leftover after parsing attributes in process `syz.0.669'. [ 138.978574][ T5567] netlink: 'syz.3.672': attribute type 2 has an invalid length. [ 139.038609][ T5569] netlink: 12 bytes leftover after parsing attributes in process `syz.3.673'. [ 139.348113][ T3310] ================================================================== [ 139.356349][ T3310] BUG: KCSAN: data-race in __bpf_get_stackid / bcmp [ 139.363102][ T3310] [ 139.365438][ T3310] write to 0xffff888140d13ab0 of 120 bytes by task 5589 on cpu 0: [ 139.373347][ T3310] __bpf_get_stackid+0x761/0x800 [ 139.378319][ T3310] bpf_get_stackid+0xe9/0x120 [ 139.383094][ T3310] bpf_get_stackid_raw_tp+0xf6/0x120 [ 139.388404][ T3310] bpf_prog_53f0063d4d7f65ce+0x2a/0x32 [ 139.393885][ T3310] bpf_trace_run3+0x10f/0x1d0 [ 139.398591][ T3310] kmem_cache_free+0x329/0x3d0 [ 139.403376][ T3310] file_free+0xf6/0x130 [ 139.407560][ T3310] __fput_deferred+0x1df/0x270 [ 139.412358][ T3310] fput_close+0x6e/0x120 [ 139.416622][ T3310] path_openat+0x1e1a/0x2170 [ 139.421317][ T3310] do_filp_open+0x109/0x230 [ 139.425832][ T3310] do_open_execat+0xd8/0x260 [ 139.430440][ T3310] alloc_bprm+0x25/0x350 [ 139.434694][ T3310] kernel_execve+0x85/0x660 [ 139.439228][ T3310] call_usermodehelper_exec_async+0x197/0x250 [ 139.445313][ T3310] ret_from_fork+0x122/0x1b0 [ 139.449916][ T3310] ret_from_fork_asm+0x1a/0x30 [ 139.454699][ T3310] [ 139.457031][ T3310] read to 0xffff888140d13ae0 of 8 bytes by task 3310 on cpu 1: [ 139.464663][ T3310] bcmp+0x23/0x90 [ 139.468313][ T3310] __bpf_get_stackid+0x371/0x800 [ 139.473261][ T3310] bpf_get_stackid+0xe9/0x120 [ 139.477947][ T3310] bpf_get_stackid_raw_tp+0xf6/0x120 [ 139.483287][ T3310] bpf_prog_53f0063d4d7f65ce+0x2a/0x32 [ 139.488759][ T3310] bpf_trace_run3+0x10f/0x1d0 [ 139.493477][ T3310] kmem_cache_free+0x329/0x3d0 [ 139.498414][ T3310] do_unlinkat+0x43e/0x480 [ 139.502854][ T3310] __x64_sys_unlink+0x2e/0x40 [ 139.507559][ T3310] x64_sys_call+0x2dcf/0x3000 [ 139.512288][ T3310] do_syscall_64+0xd2/0x200 [ 139.516817][ T3310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.522724][ T3310] [ 139.525059][ T3310] value changed: 0xffffffff8127714f -> 0xffffffff8191d4fe [ 139.532188][ T3310] [ 139.534521][ T3310] Reported by Kernel Concurrency Sanitizer on: SYZFAIL: failed to send rpc fd=3 want=56 sent=0 n=-1 (errno 32: Broken pipe) [ 139.540676][ T3310] CPU: 1 UID: 0 PID: 3310 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 139.552148][ T3310] Tainted: [W]=WARN [ 139.555953][ T3310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 139.566026][ T3310] ================================================================== [ 139.612175][ T5591] netlink: 4 bytes leftover after parsing attributes in process `syz.3.678'. [ 140.461307][ T3885] batadv1: left allmulticast mode [ 140.466453][ T3885] batadv1: left promiscuous mode [ 140.471586][ T3885] bridge0: port 3(batadv1) entered disabled state [ 140.478789][ T3885] bridge_slave_1: left allmulticast mode [ 140.484515][ T3885] bridge_slave_1: left promiscuous mode [ 140.490216][ T3885] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.498315][ T3885] bridge_slave_0: left allmulticast mode [ 140.503981][ T3885] bridge_slave_0: left promiscuous mode [ 140.509733][ T3885] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.658731][ T3885] bond0 (unregistering): Released all slaves [ 140.666933][ T3885] bond1 (unregistering): Released all slaves [ 140.778906][ T3885] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 140.788235][ T3885] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 140.797403][ T3885] bond0 (unregistering): Released all slaves [ 140.832372][ T3885] hsr_slave_0: left promiscuous mode [ 140.838091][ T3885] hsr_slave_1: left promiscuous mode [ 140.845349][ T3885] hsr_slave_0: left promiscuous mode [ 140.851037][ T3885] hsr_slave_1: left promiscuous mode [ 140.856792][ T3885] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 140.864414][ T3885] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 140.944653][ T3885] team0 (unregistering): Port device team_slave_1 removed [ 140.955253][ T3885] team0 (unregistering): Port device team_slave_0 removed [ 141.950835][ T3885] batadv1: left allmulticast mode [ 141.955935][ T3885] batadv1: left promiscuous mode [ 141.961121][ T3885] bridge0: port 3(batadv1) entered disabled state [ 141.968472][ T3885] bridge_slave_1: left allmulticast mode [ 141.974296][ T3885] bridge_slave_1: left promiscuous mode [ 141.980021][ T3885] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.987935][ T3885] bridge_slave_0: left allmulticast mode [ 141.993586][ T3885] bridge_slave_0: left promiscuous mode [ 141.999387][ T3885] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.008813][ T3885] batadv2: left allmulticast mode [ 142.013863][ T3885] batadv2: left promiscuous mode [ 142.019186][ T3885] bridge0: port 4(batadv2) entered disabled state [ 142.026231][ T3885] batadv1: left allmulticast mode [ 142.031333][ T3885] batadv1: left promiscuous mode [ 142.036584][ T3885] bridge0: port 3(batadv1) entered disabled state [ 142.043697][ T3885] bridge_slave_1: left allmulticast mode [ 142.049406][ T3885] bridge_slave_1: left promiscuous mode [ 142.055263][ T3885] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.063164][ T3885] bridge_slave_0: left allmulticast mode [ 142.068880][ T3885] bridge_slave_0: left promiscuous mode [ 142.074642][ T3885] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.278861][ T3885] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 142.288196][ T3885] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 142.297350][ T3885] bond0 (unregistering): Released all slaves [ 142.305881][ T3885] bond1 (unregistering): Released all slaves [ 142.314351][ T3885] bond2 (unregistering): Released all slaves [ 142.360705][ T3885] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 142.370190][ T3885] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 142.379428][ T3885] bond0 (unregistering): Released all slaves [ 142.412920][ T3885] hsr_slave_0: left promiscuous mode [ 142.418592][ T3885] hsr_slave_1: left promiscuous mode [ 142.424323][ T3885] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 142.432044][ T3885] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 142.440883][ T3885] hsr_slave_0: left promiscuous mode [ 142.446629][ T3885] hsr_slave_1: left promiscuous mode [ 142.452345][ T3885] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 142.460079][ T3885] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 142.485943][ T3885] team0 (unregistering): Port device team_slave_1 removed [ 142.495487][ T3885] team0 (unregistering): Port device team_slave_0 removed [ 142.546713][ T3885] team0 (unregistering): Port device team_slave_1 removed [ 142.556401][ T3885] team0 (unregistering): Port device team_slave_0 removed