last executing test programs: 5.513761555s ago: executing program 3 (id=2404): ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vxcan1\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$caif_stream(0x25, 0x1, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) mkdir(0x0, 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$peekuser(0x3, r0, 0x128) 5.513174576s ago: executing program 3 (id=2406): syz_open_dev$usbmon(&(0x7f0000001980), 0x1, 0x10280) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], 0x0, 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xc2354000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000580)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000005c0)={0xffffffffffffffff}, 0x13f, 0xa}}, 0x6b) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r3, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r4, 0xfffffffd, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x40000007, @loopback={0x700}}, @ib={0x1b, 0x0, 0x0, {"7d0300"}, 0x0, 0x0, 0x2}}}, 0x118) close(r3) setregid(0xffffffffffffffff, 0x0) syz_io_uring_setup(0x109, 0x0, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x74, 0x1, 0x7, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x5}, @NFACCT_FILTER={0x3c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x9}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x688}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x7}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x2df3}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x7fff}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xfff}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x7}]}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x9}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x1}]}, 0x74}, 0x1, 0x0, 0x0, 0x800}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x33, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) 4.396659183s ago: executing program 3 (id=2410): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000580)) ioctl$PPPIOCSACTIVE(r1, 0x40107446, &(0x7f00000001c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfe}]}) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x10000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x3fff, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10suse\x00\x00\x00\x00\x00\x00\x00dn\x00\x00\x00', 0x0) 4.037697738s ago: executing program 2 (id=2417): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() socket$inet_tcp(0x2, 0x1, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4e30, 0x80000001, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xe03}, 0x1c) r6 = syz_open_procfs(0x0, &(0x7f0000000280)='net/tcp\x00') preadv(r6, &(0x7f0000000380)=[{&(0x7f00000014c0)=""/223, 0xdf}], 0x1, 0x5, 0x0) 2.987375714s ago: executing program 2 (id=2419): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) syz_emit_ethernet(0x0, 0x0, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000400)={0xa}) syz_usb_connect(0x4, 0x24, 0x0, 0x0) epoll_pwait(r0, &(0x7f0000000080)=[{}], 0x1, 0x4c6, 0x0, 0x0) 2.422743563s ago: executing program 3 (id=2436): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) mlock2(&(0x7f0000247000/0x1000)=nil, 0x1000, 0x0) munlockall() socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setfsgid(0xee00) setresgid(0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 2.172502757s ago: executing program 3 (id=2441): r0 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000c00)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a00000008241c00000008000905810300020000000904010000020d000009040101"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000007c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x80, 0x1c, {0x0, 0x4000, 0x8000000b, 0x0, 0x1, 0x4, 0x10, 0x40, 0x6, 0xe, 0x0, 0x1000}}, 0x0, 0x0, 0x0, 0x0}) 1.916775371s ago: executing program 0 (id=2444): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) shutdown(r0, 0x1) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e24, @local}}, 0x4, 0x31, 0xffff1896, 0x3, 0xb4, 0x0, 0x1b}, 0x9c) 872.143497ms ago: executing program 3 (id=2447): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r3}, &(0x7f0000001c00)=0x8000000, &(0x7f0000001c40)=r4}, 0x20) rt_sigaction(0x40, 0x0, 0x0, 0x0, 0x0) unshare(0x64000600) 871.482707ms ago: executing program 0 (id=2448): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000f6ffffff0000000a50000000060a090400000000000000000200fffe0900020073797a3200000000090007000000000000000000240004802000018007000114727400001400028008000106000000020800024000000002140000001100010000000000000000000000000a"], 0x78}, 0x1, 0x0, 0x0, 0x20000801}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="020000000400000008"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYRES32=r2], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x7, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r4}, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10) r6 = socket$inet6_udp(0xa, 0x2, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x80) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000210000000000000000000000000a6c000000160a3f360000000000000000020000000900010073797a30000000004000038008000240000000002c0003801400010076657468305f746f5f626f6e64000000140001007665746830000000000000000000000008000140000000000900020073797a300000000014000000110001"], 0x94}}, 0x8000) close_range(r6, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000c40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00') openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/partitions\x00', 0x0, 0x0) ioctl$PPPIOCSPASS(r3, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f00000000c0)=[{0x6, 0x80, 0x4f, 0xffffffff}]}) socket(0x200000000000011, 0x2, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 854.847028ms ago: executing program 4 (id=2449): unshare(0x40400) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010c25bd7000ffdbdf251400000008001d00", @ANYRES32, @ANYBLOB="08000300", @ANYRES32=r3], 0x24}, 0x1, 0x0, 0x0, 0x20040801}, 0x20000004) 713.57295ms ago: executing program 1 (id=2450): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r2, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="71050501ea020606847efd0930ea56ccf61cab1d033e089901eb"], 0x1a) close(0x3) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0) 700.50442ms ago: executing program 0 (id=2451): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x2c}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r0, r2}, 0x3c) syz_emit_ethernet(0xeff, &(0x7f00000011c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0008004500ffffff"], 0x0) 682.80773ms ago: executing program 0 (id=2452): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x109200, 0x0) ioctl$TUNSETIFF(r2, 0x400454da, &(0x7f0000000140)={'bond0\x00'}) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'nicvf0\x00', 0x1432}) 638.272171ms ago: executing program 4 (id=2453): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x20008810) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x9200}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4044841}, 0x20000000) 611.469841ms ago: executing program 1 (id=2454): socket$nl_route(0x10, 0x3, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, 0x0, 0x15) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x7}, 0x18) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc2}, &(0x7f00000002c0)={0x0, "de442bfc7910e10ac69ac014b0fa6d78b11d2c99ed1f40d47a6edb3367b5cc888e1fd5102ae2d3d05f5c008d49025ceab4152b6e6d87cd6088e97a9d06d29143"}, 0x48, 0xffffffffffffffff) 601.387802ms ago: executing program 0 (id=2455): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}}) 556.015702ms ago: executing program 0 (id=2456): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='writeback_bdi_register\x00', r0, 0x0, 0x3fd}, 0x18) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_usbip_server_init(0x1) accept$inet6(r1, &(0x7f0000000700)={0xa, 0x0, 0x0, @remote}, &(0x7f00000006c0)=0x1c) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000680)='.\x00', 0x0, 0xc6) getdents64(r2, &(0x7f0000004040)=""/4112, 0x1010) 555.368002ms ago: executing program 4 (id=2457): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x41100}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, @perf_bp={0x0}, 0x67a, 0x1, 0xfffffffe, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x2) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r5}, 0x10) r6 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[], [], 0x6b}}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)=r3}, 0x20) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x1a, &(0x7f00000004c0)=@raw=[@printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4a5d}}, @ldst={0x1, 0x1, 0x4, 0x1, 0xa, 0x0, 0x4}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x9}, @exit, @map_idx={0x18, 0x8, 0x5, 0x0, 0xd}, @ldst={0x3, 0x0, 0x3, 0x7, 0x5, 0x100}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @jmp={0x5, 0x1, 0xb, 0x8, 0x0, 0x3c, 0xfffffffffffffff0}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x4}], &(0x7f0000000240)='syzkaller\x00', 0x7, 0x1000, &(0x7f0000001140)=""/4096, 0x0, 0x10, '\x00', 0x0, 0x0, r2, 0x8, &(0x7f0000000300)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000600)={0x0, 0xf, 0xffff, 0xfffffff8}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000680)=[r2, r7], &(0x7f0000000780)=[{0x0, 0x4, 0x10, 0x4}, {0x1, 0x4, 0x8, 0x1}, {0x5, 0x1, 0x6, 0x1}, {0x4, 0x9, 0x8, 0x6}, {0x0, 0x1, 0xb}], 0x10, 0x1a}, 0x94) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000002140)={@ifindex, 0x35, 0x0, 0x9, &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f0000000840)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000a00)=[0x0, 0x0], 0x0}, 0x40) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r10 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r11 = fcntl$dupfd(r10, 0x0, r10) ioctl$USBDEVFS_SUBMITURB(r11, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000bc0)={@fallback=r0, r8, 0x33, 0x7, r2, @void, @value=r1, @void, @void, r9}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) 539.981902ms ago: executing program 1 (id=2458): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r1, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) 511.362923ms ago: executing program 4 (id=2459): socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000080)=0x654a, 0x4) bind$inet(r2, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) 429.645374ms ago: executing program 1 (id=2460): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7}, 0x18) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x8, 0x3, 0x248, 0xd8, 0x43, 0xa0, 0xd8, 0x98, 0x200, 0x178, 0x178, 0x200, 0x178, 0x49, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'veth1_macvtap\x00', 'bridge_slave_0\x00', {0xff}, {}, 0x11, 0x2, 0x65}, 0x12a, 0x70, 0xd8, 0x0, {0x0, 0x7a010000}}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x7fff, 0x0, '\x00', 'syz1\x00'}}}, {{@ip={@local, @empty, 0xff000000, 0xff, 'pim6reg0\x00', 'macsec0\x00', {0xff}, {0xff}, 0x0, 0x0, 0x68}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x18, 0x800, 0xd, 0x7, 'syz0\x00', 'syz0\x00', {0x1}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2a8) 395.058125ms ago: executing program 2 (id=2461): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000f6ffffff0000000a50000000060a090400000000000000000200fffe0900020073797a3200000000090007000000000000000000240004802000018007000114727400001400028008000106000000020800024000000002140000001100010000000000000000000000000a"], 0x78}, 0x1, 0x0, 0x0, 0x20000801}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="020000000400000008"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYRES32=r2], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x7, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r4}, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10) r6 = socket$inet6_udp(0xa, 0x2, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x80) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000210000000000000000000000000a6c000000160a3f360000000000000000020000000900010073797a30000000004000038008000240000000002c0003801400010076657468305f746f5f626f6e64000000140001007665746830000000000000000000000008000140000000000900020073797a300000000014000000110001"], 0x94}}, 0x8000) close_range(r6, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000c40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00') openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/partitions\x00', 0x0, 0x0) ioctl$PPPIOCSPASS(r3, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f00000000c0)=[{0x6, 0x80, 0x4f, 0xffffffff}]}) socket(0x200000000000011, 0x2, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 354.906305ms ago: executing program 1 (id=2462): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000180), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f00000000c0)=ANY=[], 0x361, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file1\x00', &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f00000002c0)={{}, {0x1, 0x2}, [{0x2, 0x5}, {0x2, 0x2}, {0x2, 0x6}], {}, [], {0x10, 0x5}}, 0x3c, 0x2) 275.284927ms ago: executing program 2 (id=2463): syz_emit_ethernet(0xeff, &(0x7f00000011c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0008004500ffffff"], 0x0) 181.127268ms ago: executing program 1 (id=2464): unshare(0x40400) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010c25bd7000ffdbdf251400000008001d00", @ANYRES32, @ANYBLOB="08000300", @ANYRES32=r3], 0x24}, 0x1, 0x0, 0x0, 0x20040801}, 0x20000004) 180.686798ms ago: executing program 2 (id=2465): getdents64(0xffffffffffffff9c, &(0x7f0000000380)=""/219, 0xdb) socket$packet(0x11, 0x2, 0x300) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x40, 0x4, &(0x7f0000006680)) semop(0x0, 0x0, 0x0) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x80000000, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000240)=ANY=[@ANYBLOB="d8010000", @ANYRES16=r3, @ANYBLOB="010000000000fbdbdf25010000000800050001000000060006004e220000140002007767320000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5427c010880"], 0x1d8}}, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'geneve0\x00', 0x1}, 0x18) syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f00000006c0)='./file1\x00', 0x40, &(0x7f00000000c0)={[{@user_xattr}, {@nodioread_nolock}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP") syz_io_uring_setup(0x2cdb, &(0x7f0000000300)={0x0, 0x900f, 0x10100}, 0x0, 0x0) memfd_create(0x0, 0x5) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) finit_module(0xffffffffffffffff, 0x0, 0x2) 180.355418ms ago: executing program 4 (id=2466): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}}) 125.970728ms ago: executing program 4 (id=2467): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x109200, 0x0) ioctl$TUNSETIFF(r2, 0x400454da, &(0x7f0000000140)={'bond0\x00'}) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'nicvf0\x00', 0x1432}) 0s ago: executing program 2 (id=2468): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) kernel console output (not intermixed with test programs): ystem_u:object_r:dbusd_etc_t:s0' [ 125.544535][ T7982] loop1: detected capacity change from 0 to 512 [ 125.804512][ T29] audit: type=1326 audit(1752727875.117:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7992 comm="syz.4.1666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd4655e929 code=0x7ffc0000 [ 125.873997][ T29] audit: type=1326 audit(1752727875.137:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7992 comm="syz.4.1666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fdd4655e929 code=0x7ffc0000 [ 125.897671][ T29] audit: type=1326 audit(1752727875.137:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7992 comm="syz.4.1666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd4655e929 code=0x7ffc0000 [ 125.981690][ T8006] __nla_validate_parse: 13 callbacks suppressed [ 125.981708][ T8006] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1671'. [ 126.010705][ T8006] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1671'. [ 126.013720][ T8006] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.097000][ T7999] loop1: detected capacity change from 0 to 2048 [ 126.241677][ T8006] bridge_slave_1 (unregistering): left allmulticast mode [ 126.248813][ T8006] bridge_slave_1 (unregistering): left promiscuous mode [ 126.255882][ T8006] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.383077][ T8014] netlink: 'syz.4.1673': attribute type 1 has an invalid length. [ 126.390959][ T8014] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1673'. [ 126.434684][ T8001] lo speed is unknown, defaulting to 1000 [ 126.459233][ T8020] loop1: detected capacity change from 0 to 512 [ 126.510595][ T8014] loop4: detected capacity change from 0 to 512 [ 126.670631][ T29] audit: type=1400 audit(1752727875.977:1526): avc: denied { create } for pid=8028 comm="syz.3.1679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 126.843874][ T8035] lo speed is unknown, defaulting to 1000 [ 126.920888][ T8041] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 126.928208][ T8041] IPv6: NLM_F_CREATE should be set when creating new route [ 126.985359][ T8046] loop1: detected capacity change from 0 to 512 [ 127.095515][ T8051] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1686'. [ 127.529716][ T8071] SELinux: Context system_u:object_r:selinux_config_t:s0 is not valid (left unmapped). [ 127.539973][ T29] audit: type=1400 audit(1752727876.837:1527): avc: denied { relabelfrom } for pid=8067 comm="syz.1.1690" name="NETLINK" dev="sockfs" ino=21226 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 127.564080][ T29] audit: type=1400 audit(1752727876.847:1528): avc: denied { relabelto } for pid=8067 comm="syz.1.1690" name="NETLINK" dev="sockfs" ino=21226 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_xfrm_socket permissive=1 trawcon="system_u:object_r:selinux_config_t:s0" [ 127.745867][ T8087] FAULT_INJECTION: forcing a failure. [ 127.745867][ T8087] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 127.759274][ T8087] CPU: 1 UID: 0 PID: 8087 Comm: syz.2.1699 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 127.759302][ T8087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 127.759317][ T8087] Call Trace: [ 127.759325][ T8087] [ 127.759384][ T8087] __dump_stack+0x1d/0x30 [ 127.759405][ T8087] dump_stack_lvl+0xe8/0x140 [ 127.759423][ T8087] dump_stack+0x15/0x1b [ 127.759441][ T8087] should_fail_ex+0x265/0x280 [ 127.759479][ T8087] should_fail_alloc_page+0xf2/0x100 [ 127.759522][ T8087] alloc_pages_bulk_noprof+0xef/0x540 [ 127.759555][ T8087] copy_splice_read+0xf3/0x5f0 [ 127.759595][ T8087] ? __pfx_copy_splice_read+0x10/0x10 [ 127.759660][ T8087] splice_direct_to_actor+0x26c/0x680 [ 127.759720][ T8087] ? __pfx_direct_splice_actor+0x10/0x10 [ 127.759894][ T8087] do_splice_direct+0xda/0x150 [ 127.759929][ T8087] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 127.760026][ T8087] do_sendfile+0x380/0x650 [ 127.760067][ T8087] __x64_sys_sendfile64+0x105/0x150 [ 127.760095][ T8087] x64_sys_call+0xb39/0x2fb0 [ 127.760116][ T8087] do_syscall_64+0xd2/0x200 [ 127.760132][ T8087] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 127.760200][ T8087] ? clear_bhb_loop+0x40/0x90 [ 127.760291][ T8087] ? clear_bhb_loop+0x40/0x90 [ 127.760323][ T8087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.760349][ T8087] RIP: 0033:0x7f66ad4ce929 [ 127.760369][ T8087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.760393][ T8087] RSP: 002b:00007f66abb2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 127.760495][ T8087] RAX: ffffffffffffffda RBX: 00007f66ad6f5fa0 RCX: 00007f66ad4ce929 [ 127.760511][ T8087] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 127.760522][ T8087] RBP: 00007f66abb2f090 R08: 0000000000000000 R09: 0000000000000000 [ 127.760534][ T8087] R10: 7fffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 127.760545][ T8087] R13: 0000000000000000 R14: 00007f66ad6f5fa0 R15: 00007ffc5ad58538 [ 127.760565][ T8087] [ 127.967588][ T8087] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 128.038545][ T8098] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 128.045933][ T8098] IPv6: NLM_F_CREATE should be set when creating new route [ 128.142153][ T8106] netlink: 'syz.4.1707': attribute type 4 has an invalid length. [ 128.183447][ T3366] lo speed is unknown, defaulting to 1000 [ 128.189326][ T3366] syz0: Port: 1 Link DOWN [ 128.196276][ T8114] netlink: 'syz.4.1707': attribute type 4 has an invalid length. [ 128.214748][ T10] lo speed is unknown, defaulting to 1000 [ 128.220656][ T10] syz0: Port: 1 Link ACTIVE [ 128.243191][ T8113] loop3: detected capacity change from 0 to 512 [ 128.261382][ T8106] loop4: detected capacity change from 0 to 512 [ 128.268173][ T8106] EXT4-fs: test_dummy_encryption option not supported [ 128.282309][ T8118] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1710'. [ 128.282482][ T8106] SELinux: Context system_u:object_r:inetd_var_run_t:s0 is not valid (left unmapped). [ 128.299258][ T8118] 8021q: adding VLAN 0 to HW filter on device bond4 [ 128.318591][ T8118] vlan3: entered allmulticast mode [ 128.323846][ T8118] bond4: entered allmulticast mode [ 128.365258][ T8113] ext4 filesystem being mounted at /332/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 128.382378][ T8123] loop0: detected capacity change from 0 to 1024 [ 128.388613][ T8113] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.1708: corrupted inode contents [ 128.451468][ T8113] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.1708: mark_inode_dirty error [ 128.488070][ T8113] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.1708: corrupted inode contents [ 128.500942][ T8113] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.1708: mark_inode_dirty error [ 128.529321][ T8127] loop0: detected capacity change from 0 to 512 [ 128.670601][ T8138] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 128.677953][ T8138] IPv6: NLM_F_CREATE should be set when creating new route [ 128.739565][ T8148] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 128.746197][ T8148] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 128.753995][ T8148] vhci_hcd vhci_hcd.0: Device attached [ 128.770655][ T8148] loop3: detected capacity change from 0 to 164 [ 128.836479][ T8154] netlink: 'syz.0.1723': attribute type 1 has an invalid length. [ 128.844326][ T8154] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1723'. [ 128.869679][ T8154] loop0: detected capacity change from 0 to 512 [ 128.957314][ T8166] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1728'. [ 129.010555][ T9] usb 7-1: new low-speed USB device number 3 using vhci_hcd [ 129.010590][ T8148] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 129.046687][ T8149] vhci_hcd: connection closed [ 129.047100][ T3550] vhci_hcd: stop threads [ 129.056219][ T3550] vhci_hcd: release socket [ 129.060745][ T3550] vhci_hcd: disconnect device [ 129.218789][ T8181] netlink: 'syz.0.1734': attribute type 1 has an invalid length. [ 129.226648][ T8181] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1734'. [ 129.249994][ T8181] loop0: detected capacity change from 0 to 512 [ 129.365339][ T8187] 9pnet_fd: Insufficient options for proto=fd [ 129.385165][ T8185] loop4: detected capacity change from 0 to 2048 [ 129.421829][ T3483] loop4: p1 < > p4 [ 129.426548][ T3483] loop4: p4 size 8388608 extends beyond EOD, truncated [ 129.438760][ T8185] loop4: p1 < > p4 [ 129.446350][ T8185] loop4: p4 size 8388608 extends beyond EOD, truncated [ 129.516059][ T8185] SELinux: failed to load policy [ 129.574717][ T3484] udevd[3484]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 129.598692][ T3483] udevd[3483]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 129.877105][ T8217] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1749'. [ 129.957808][ T8216] lo speed is unknown, defaulting to 1000 [ 130.147274][ T8220] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 130.152954][ T8224] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1750'. [ 130.153856][ T8220] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 130.170611][ T8220] vhci_hcd vhci_hcd.0: Device attached [ 130.198392][ T8227] loop0: detected capacity change from 0 to 164 [ 130.240109][ T8224] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8224 comm=syz.1.1750 [ 130.321451][ T8220] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 130.329815][ T8222] vhci_hcd: connection closed [ 130.329918][ T3509] vhci_hcd: stop threads [ 130.338957][ T3509] vhci_hcd: release socket [ 130.343444][ T3509] vhci_hcd: disconnect device [ 130.350449][ T36] vhci_hcd: vhci_device speed not set [ 130.376925][ T8229] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 130.551409][ T8235] 9pnet_fd: Insufficient options for proto=fd [ 130.676106][ T29] kauditd_printk_skb: 32 callbacks suppressed [ 130.676125][ T29] audit: type=1326 audit(1752727879.987:1561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8237 comm="syz.3.1756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09c0e5e929 code=0x7ffc0000 [ 130.705852][ T29] audit: type=1326 audit(1752727879.987:1562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8237 comm="syz.3.1756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09c0e5e929 code=0x7ffc0000 [ 130.732552][ T29] audit: type=1326 audit(1752727879.987:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8237 comm="syz.3.1756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f09c0e5e929 code=0x7ffc0000 [ 130.756139][ T29] audit: type=1326 audit(1752727879.987:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8237 comm="syz.3.1756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09c0e5e929 code=0x7ffc0000 [ 130.788097][ T8240] 8021q: adding VLAN 0 to HW filter on device bond7 [ 130.799030][ T8244] vlan2: entered allmulticast mode [ 130.804272][ T8244] bond7: entered allmulticast mode [ 130.842808][ T8240] loop3: detected capacity change from 0 to 1024 [ 130.856002][ T8240] EXT4-fs mount: 78 callbacks suppressed [ 130.856030][ T8240] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 130.905279][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.922652][ T8255] loop0: detected capacity change from 0 to 128 [ 130.931988][ T8255] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 130.945262][ T8255] ext4 filesystem being mounted at /375/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.990379][ T8258] loop3: detected capacity change from 0 to 512 [ 130.997888][ T3308] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 131.016283][ T8258] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.033947][ T8262] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 131.041240][ T8262] IPv6: NLM_F_CREATE should be set when creating new route [ 131.050114][ T8258] ext4 filesystem being mounted at /341/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 131.071332][ T8258] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.1763: corrupted inode contents [ 131.083768][ T8258] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.1763: mark_inode_dirty error [ 131.103041][ T8265] loop0: detected capacity change from 0 to 128 [ 131.109970][ T8258] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.1763: corrupted inode contents [ 131.125225][ T8265] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 131.139313][ T8267] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.1763: corrupted inode contents [ 131.151768][ T8265] ext4 filesystem being mounted at /377/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 131.165988][ T8267] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.1763: mark_inode_dirty error [ 131.200926][ T8267] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.1763: corrupted inode contents [ 131.230222][ T8267] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.1763: mark_inode_dirty error [ 131.241416][ T3308] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 131.251238][ T8267] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.1763: corrupted inode contents [ 131.264318][ T8267] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.1763: mark_inode_dirty error [ 131.311444][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.333674][ T8269] netlink: 'syz.0.1766': attribute type 1 has an invalid length. [ 131.341643][ T8269] __nla_validate_parse: 2 callbacks suppressed [ 131.341657][ T8269] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1766'. [ 131.366260][ T8269] loop0: detected capacity change from 0 to 512 [ 131.523158][ T8274] netlink: 'syz.3.1767': attribute type 1 has an invalid length. [ 131.530995][ T8274] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1767'. [ 131.551449][ T8274] loop3: detected capacity change from 0 to 512 [ 131.597105][ T8279] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1771'. [ 131.639352][ T29] audit: type=1326 audit(1752727880.947:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8281 comm="syz.3.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09c0e5e929 code=0x7ffc0000 [ 131.662865][ T29] audit: type=1326 audit(1752727880.947:1566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8281 comm="syz.3.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09c0e5e929 code=0x7ffc0000 [ 131.686370][ T29] audit: type=1326 audit(1752727880.947:1567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8281 comm="syz.3.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=303 compat=0 ip=0x7f09c0e5e929 code=0x7ffc0000 [ 131.701428][ T8284] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1773'. [ 131.709818][ T29] audit: type=1326 audit(1752727880.947:1568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8281 comm="syz.3.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09c0e5e929 code=0x7ffc0000 [ 131.810929][ T29] audit: type=1326 audit(1752727881.087:1569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8287 comm="syz.3.1774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09c0e5e929 code=0x7ffc0000 [ 131.811839][ T8284] 8021q: adding VLAN 0 to HW filter on device bond12 [ 131.834414][ T29] audit: type=1326 audit(1752727881.087:1570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8287 comm="syz.3.1774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09c0e5e929 code=0x7ffc0000 [ 131.841403][ T8290] loop4: detected capacity change from 0 to 1024 [ 131.893351][ T8285] vlan5: entered allmulticast mode [ 131.898546][ T8285] bond12: entered allmulticast mode [ 131.913781][ T8290] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 131.937977][ T8289] lo speed is unknown, defaulting to 1000 [ 131.981688][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.205160][ T8298] lo speed is unknown, defaulting to 1000 [ 132.428299][ T8300] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 132.434877][ T8300] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 132.442576][ T8300] vhci_hcd vhci_hcd.0: Device attached [ 132.450128][ T8300] loop0: detected capacity change from 0 to 164 [ 132.593356][ T8300] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 132.601809][ T8301] vhci_hcd: connection closed [ 132.601998][ T3519] vhci_hcd: stop threads [ 132.611023][ T3519] vhci_hcd: release socket [ 132.615467][ T3519] vhci_hcd: disconnect device [ 132.620476][ T3386] vhci_hcd: vhci_device speed not set [ 132.723978][ T8305] qrtr: Invalid version 203 [ 132.895219][ T8311] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1781'. [ 132.916891][ T8311] 8021q: adding VLAN 0 to HW filter on device bond13 [ 132.931591][ T8313] netlink: 'syz.3.1782': attribute type 1 has an invalid length. [ 132.935483][ T8311] vlan5: entered allmulticast mode [ 132.939378][ T8313] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1782'. [ 132.944533][ T8311] bond13: entered allmulticast mode [ 132.967763][ T8313] loop3: detected capacity change from 0 to 512 [ 132.990189][ T8315] loop4: detected capacity change from 0 to 1024 [ 133.000870][ T8317] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1783'. [ 133.033364][ T8315] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 133.079085][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.104040][ T8327] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 133.110739][ T8327] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 133.118352][ T8327] vhci_hcd vhci_hcd.0: Device attached [ 133.129229][ T8327] loop3: detected capacity change from 0 to 164 [ 133.192409][ T8333] qrtr: Invalid version 203 [ 133.308401][ T8339] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1791'. [ 133.335691][ T8327] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 133.344383][ T8330] vhci_hcd: connection closed [ 133.344581][ T3526] vhci_hcd: stop threads [ 133.353618][ T3526] vhci_hcd: release socket [ 133.358212][ T3526] vhci_hcd: disconnect device [ 133.403178][ T8345] netlink: 'syz.0.1794': attribute type 1 has an invalid length. [ 133.406954][ T8338] lo speed is unknown, defaulting to 1000 [ 133.411015][ T8345] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1794'. [ 133.441498][ T8345] loop0: detected capacity change from 0 to 512 [ 133.925190][ T8369] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1805'. [ 133.932295][ T8363] lo speed is unknown, defaulting to 1000 [ 133.941625][ T8369] 8021q: adding VLAN 0 to HW filter on device bond8 [ 133.959739][ T8369] vlan2: entered allmulticast mode [ 133.965069][ T8369] bond8: entered allmulticast mode [ 134.007858][ T8372] loop3: detected capacity change from 0 to 1024 [ 134.020388][ T9] usb 7-1: enqueue for inactive port 0 [ 134.026159][ T9] usb 7-1: enqueue for inactive port 0 [ 134.032599][ T8372] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 134.098475][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.107901][ T9] vhci_hcd: vhci_device speed not set [ 134.124288][ T8379] qrtr: Invalid version 203 [ 134.493805][ T8405] loop4: detected capacity change from 0 to 512 [ 134.512682][ T8405] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.525441][ T8405] ext4 filesystem being mounted at /378/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 134.537464][ T8405] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1818: corrupted inode contents [ 134.549785][ T8405] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.1818: mark_inode_dirty error [ 134.561502][ T8405] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1818: corrupted inode contents [ 134.575678][ T8405] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1818: corrupted inode contents [ 134.587878][ T8405] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.1818: mark_inode_dirty error [ 134.600533][ T8405] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1818: corrupted inode contents [ 134.636559][ T8405] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.1818: mark_inode_dirty error [ 134.660279][ T8405] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1818: corrupted inode contents [ 134.672592][ T8405] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.1818: mark_inode_dirty error [ 134.701367][ T8409] lo speed is unknown, defaulting to 1000 [ 134.708401][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.895416][ T8425] loop0: detected capacity change from 0 to 2048 [ 134.932730][ T8425] loop0: p1 < > p4 [ 134.937723][ T8425] loop0: p4 size 8388608 extends beyond EOD, truncated [ 135.012358][ T8429] loop4: detected capacity change from 0 to 128 [ 135.066743][ T8429] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 135.075719][ T3484] udevd[3484]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 135.101335][ T8435] netlink: 'syz.1.1831': attribute type 1 has an invalid length. [ 135.116438][ T8435] loop1: detected capacity change from 0 to 512 [ 135.123726][ T8429] ext4 filesystem being mounted at /383/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 135.141202][ T3483] udevd[3483]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 135.314341][ T8429] EXT4-fs (loop4): shut down requested (0) [ 135.325683][ T8448] netlink: 'syz.2.1837': attribute type 1 has an invalid length. [ 135.347580][ T8448] loop2: detected capacity change from 0 to 512 [ 135.389949][ T3304] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 135.419393][ T8457] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 135.426111][ T8457] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 135.433823][ T8457] vhci_hcd vhci_hcd.0: Device attached [ 135.468985][ T8457] loop0: detected capacity change from 0 to 164 [ 135.486336][ T8463] loop4: detected capacity change from 0 to 512 [ 135.523009][ T8463] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.616959][ T8463] ext4 filesystem being mounted at /385/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 135.664779][ T8463] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1843: corrupted inode contents [ 135.680560][ T9] usb 1-1: new low-speed USB device number 4 using vhci_hcd [ 135.693627][ T8463] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.1843: mark_inode_dirty error [ 135.723241][ T8463] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1843: corrupted inode contents [ 135.737132][ T8457] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 135.747465][ T8458] vhci_hcd: connection closed [ 135.747829][ T3550] vhci_hcd: stop threads [ 135.756839][ T3550] vhci_hcd: release socket [ 135.761362][ T3550] vhci_hcd: disconnect device [ 135.766860][ T8469] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1843: corrupted inode contents [ 135.779986][ T8469] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.1843: mark_inode_dirty error [ 135.792377][ T8469] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1843: corrupted inode contents [ 135.804608][ T8469] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.1843: mark_inode_dirty error [ 135.816434][ T8469] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1843: corrupted inode contents [ 135.828603][ T8469] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.1843: mark_inode_dirty error [ 135.847982][ T8474] openvswitch: netlink: Message has 6 unknown bytes. [ 135.861690][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.999212][ T8492] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 136.005810][ T8492] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 136.013517][ T8492] vhci_hcd vhci_hcd.0: Device attached [ 136.031353][ T8492] loop4: detected capacity change from 0 to 164 [ 136.091913][ T8504] loop3: detected capacity change from 0 to 512 [ 136.123308][ T8504] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 136.136255][ T8504] ext4 filesystem being mounted at /371/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 136.136493][ T8492] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 136.149851][ T8504] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.1860: corrupted inode contents [ 136.166443][ T8504] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.1860: mark_inode_dirty error [ 136.178425][ T8497] vhci_hcd: connection closed [ 136.179914][ T8509] netlink: 'syz.2.1862': attribute type 1 has an invalid length. [ 136.188528][ T3526] vhci_hcd: stop threads [ 136.196966][ T3526] vhci_hcd: release socket [ 136.201482][ T3526] vhci_hcd: disconnect device [ 136.209257][ T8504] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.1860: corrupted inode contents [ 136.221624][ T8509] loop2: detected capacity change from 0 to 512 [ 136.222174][ T8512] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.1860: corrupted inode contents [ 136.242143][ T8512] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.1860: mark_inode_dirty error [ 136.253592][ T1041] usb 9-1: new low-speed USB device number 2 using vhci_hcd [ 136.260994][ T1041] usb 9-1: enqueue for inactive port 0 [ 136.266717][ T1041] usb 9-1: enqueue for inactive port 0 [ 136.278835][ T1041] usb 9-1: enqueue for inactive port 0 [ 136.289825][ T8512] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.1860: corrupted inode contents [ 136.307708][ T8512] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.1860: mark_inode_dirty error [ 136.320854][ T8512] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.1860: corrupted inode contents [ 136.333179][ T8512] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.1860: mark_inode_dirty error [ 136.355257][ T1041] vhci_hcd: vhci_device speed not set [ 136.381696][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.400152][ T8523] FAULT_INJECTION: forcing a failure. [ 136.400152][ T8523] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 136.413435][ T8523] CPU: 1 UID: 0 PID: 8523 Comm: syz.0.1868 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 136.413473][ T8523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 136.413485][ T8523] Call Trace: [ 136.413492][ T8523] [ 136.413577][ T8523] __dump_stack+0x1d/0x30 [ 136.413599][ T8523] dump_stack_lvl+0xe8/0x140 [ 136.413618][ T8523] dump_stack+0x15/0x1b [ 136.413638][ T8523] should_fail_ex+0x265/0x280 [ 136.413676][ T8523] should_fail+0xb/0x20 [ 136.413733][ T8523] should_fail_usercopy+0x1a/0x20 [ 136.413773][ T8523] _copy_from_user+0x1c/0xb0 [ 136.413798][ T8523] ___sys_sendmsg+0xc1/0x1d0 [ 136.413868][ T8523] __x64_sys_sendmsg+0xd4/0x160 [ 136.413913][ T8523] x64_sys_call+0x2999/0x2fb0 [ 136.413973][ T8523] do_syscall_64+0xd2/0x200 [ 136.414066][ T8523] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 136.414091][ T8523] ? clear_bhb_loop+0x40/0x90 [ 136.414224][ T8523] ? clear_bhb_loop+0x40/0x90 [ 136.414251][ T8523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.414287][ T8523] RIP: 0033:0x7f5265d8e929 [ 136.414335][ T8523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.414358][ T8523] RSP: 002b:00007f52643ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 136.414377][ T8523] RAX: ffffffffffffffda RBX: 00007f5265fb5fa0 RCX: 00007f5265d8e929 [ 136.414389][ T8523] RDX: 000000002000404c RSI: 00002000000000c0 RDI: 0000000000000003 [ 136.414400][ T8523] RBP: 00007f52643ef090 R08: 0000000000000000 R09: 0000000000000000 [ 136.414412][ T8523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.414423][ T8523] R13: 0000000000000000 R14: 00007f5265fb5fa0 R15: 00007ffcb027add8 [ 136.414514][ T8523] [ 136.652108][ T8531] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 136.659411][ T8531] IPv6: NLM_F_CREATE should be set when creating new route [ 136.672184][ T8532] __nla_validate_parse: 11 callbacks suppressed [ 136.672205][ T8532] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1864'. [ 136.786920][ T29] kauditd_printk_skb: 48 callbacks suppressed [ 136.787011][ T29] audit: type=1326 audit(1752727886.097:1619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8533 comm="syz.0.1872" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5265d8e929 code=0x0 [ 136.822256][ T8536] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 136.826552][ T29] audit: type=1326 audit(1752727886.137:1620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8537 comm="syz.3.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09c0e5e929 code=0x7ffc0000 [ 136.828833][ T8536] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 136.890908][ T29] audit: type=1326 audit(1752727886.167:1621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8537 comm="syz.3.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f09c0e5e929 code=0x7ffc0000 [ 136.914529][ T29] audit: type=1326 audit(1752727886.167:1622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8537 comm="syz.3.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09c0e5e929 code=0x7ffc0000 [ 136.943538][ T8541] loop3: detected capacity change from 0 to 512 [ 136.955737][ T8541] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 136.970659][ T8541] EXT4-fs (loop3): orphan cleanup on readonly fs [ 136.977968][ T8541] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5 [ 136.987536][ T8541] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 136.996982][ T8541] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1875: Failed to acquire dquot type 1 [ 137.045179][ T8545] netlink: 'syz.4.1877': attribute type 1 has an invalid length. [ 137.053090][ T8545] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1877'. [ 137.065130][ T8546] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 137.071690][ T8546] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 137.079317][ T8546] vhci_hcd vhci_hcd.0: Device attached [ 137.087555][ T8541] EXT4-fs (loop3): 1 truncate cleaned up [ 137.094842][ T8541] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 137.115810][ T8549] loop2: detected capacity change from 0 to 164 [ 137.137338][ T8545] loop4: detected capacity change from 0 to 512 [ 137.289787][ T8552] netlink: 'syz.4.1878': attribute type 1 has an invalid length. [ 137.297674][ T8552] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1878'. [ 137.318379][ T8546] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 137.326228][ T10] usb 5-1: new low-speed USB device number 2 using vhci_hcd [ 137.343088][ T8552] loop4: detected capacity change from 0 to 512 [ 137.351052][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.382092][ T8547] vhci_hcd: connection closed [ 137.382556][ T3527] vhci_hcd: stop threads [ 137.391777][ T3527] vhci_hcd: release socket [ 137.396431][ T3527] vhci_hcd: disconnect device [ 137.514425][ T8558] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 137.546145][ T8562] loop4: detected capacity change from 0 to 128 [ 137.572167][ T8562] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 137.603457][ T8562] ext4 filesystem being mounted at /393/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.682038][ T29] audit: type=1326 audit(1752727886.997:1623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8570 comm="syz.0.1885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5265d8e929 code=0x7ffc0000 [ 137.755260][ T8576] loop0: detected capacity change from 0 to 512 [ 137.760388][ T29] audit: type=1326 audit(1752727887.027:1624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8570 comm="syz.0.1885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f5265d8e929 code=0x7ffc0000 [ 137.778817][ T8576] loop0: detected capacity change from 0 to 1024 [ 137.785049][ T29] audit: type=1326 audit(1752727887.027:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8570 comm="syz.0.1885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5265d8e929 code=0x7ffc0000 [ 137.814757][ T29] audit: type=1326 audit(1752727887.027:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8570 comm="syz.0.1885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5265d8e929 code=0x7ffc0000 [ 137.820900][ T8576] netlink: 'syz.0.1888': attribute type 10 has an invalid length. [ 137.857299][ T8579] EXT4-fs (loop4): shut down requested (0) [ 137.890201][ T8576] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 137.931374][ T3304] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 137.983782][ T8585] netlink: 'syz.1.1891': attribute type 1 has an invalid length. [ 137.991668][ T8585] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1891'. [ 138.028356][ T8585] loop1: detected capacity change from 0 to 512 [ 138.078848][ T8592] loop4: detected capacity change from 0 to 1024 [ 138.116251][ T8592] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.198751][ T8609] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1899'. [ 138.218686][ T8609] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1899'. [ 138.247857][ T8613] loop1: detected capacity change from 0 to 128 [ 138.258907][ T8613] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 138.271896][ T8613] ext4 filesystem being mounted at /344/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 138.306440][ T8617] loop3: detected capacity change from 0 to 1024 [ 138.327898][ T8613] EXT4-fs (loop1): shut down requested (0) [ 138.328898][ T8619] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1903'. [ 138.335745][ T8617] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.367456][ T3305] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 138.445423][ T8631] loop2: detected capacity change from 0 to 128 [ 138.461238][ T8631] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 138.479975][ T8631] ext4 filesystem being mounted at /374/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 138.515430][ T8638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1910'. [ 138.534656][ T8631] EXT4-fs (loop2): shut down requested (0) [ 138.551161][ T8640] loop1: detected capacity change from 0 to 512 [ 138.559528][ T3310] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 138.578391][ T8640] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 138.592978][ T8640] ext4 filesystem being mounted at /348/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 138.605530][ T8640] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1911: corrupted inode contents [ 138.617894][ T8644] loop2: detected capacity change from 0 to 512 [ 138.617991][ T8640] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.1911: mark_inode_dirty error [ 138.637834][ T8640] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1911: corrupted inode contents [ 138.642044][ T8644] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 138.663266][ T8644] ext4 filesystem being mounted at /375/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 138.665612][ T8647] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1911: corrupted inode contents [ 138.684778][ T8644] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.1912: corrupted inode contents [ 138.685544][ T8647] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.1911: mark_inode_dirty error [ 138.697730][ T8644] EXT4-fs error (device loop2): ext4_dirty_inode:6459: inode #2: comm syz.2.1912: mark_inode_dirty error [ 138.710384][ T8647] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1911: corrupted inode contents [ 138.720507][ T8644] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.1912: corrupted inode contents [ 138.731981][ T8647] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.1911: mark_inode_dirty error [ 138.755027][ T8647] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1911: corrupted inode contents [ 138.760844][ T8644] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.1912: corrupted inode contents [ 138.767186][ T8647] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.1911: mark_inode_dirty error [ 138.779324][ T8644] EXT4-fs error (device loop2): ext4_dirty_inode:6459: inode #2: comm syz.2.1912: mark_inode_dirty error [ 138.801631][ T8644] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.1912: corrupted inode contents [ 138.813779][ T8644] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.1912: mark_inode_dirty error [ 138.825770][ T8644] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.1912: corrupted inode contents [ 138.826527][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.847551][ T8644] EXT4-fs error (device loop2): ext4_dirty_inode:6459: inode #2: comm syz.2.1912: mark_inode_dirty error [ 138.879870][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.913204][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.969919][ T8655] loop0: detected capacity change from 0 to 512 [ 138.988189][ T8655] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.011793][ T8660] loop2: detected capacity change from 0 to 128 [ 139.042008][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.043663][ T8663] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1920'. [ 139.051499][ T8660] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 139.089212][ T8660] ext4 filesystem being mounted at /376/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.108542][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.183661][ T8671] pim6reg: entered allmulticast mode [ 139.191618][ T8671] pim6reg: left allmulticast mode [ 139.232782][ T8676] EXT4-fs (loop2): shut down requested (0) [ 139.240714][ T8671] loop4: detected capacity change from 0 to 512 [ 139.259695][ T8671] EXT4-fs: Ignoring removed bh option [ 139.290458][ T8671] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 139.310993][ T3310] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 139.312805][ T8680] loop0: detected capacity change from 0 to 2048 [ 139.355779][ T8671] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 139.363283][ T8671] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 139.374448][ T8671] vhci_hcd: USB_PORT_FEAT_LINK_STATE req not supported for USB 2.0 roothub [ 139.387431][ T8689] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 139.413150][ T8689] xt_l2tp: invalid flags combination: 8 [ 139.433851][ T3484] loop0: p1 < > p4 [ 139.438939][ T3484] loop0: p4 size 8388608 extends beyond EOD, truncated [ 139.454843][ T8680] loop0: p1 < > p4 [ 139.463126][ T8680] loop0: p4 size 8388608 extends beyond EOD, truncated [ 139.477775][ T8692] loop4: detected capacity change from 0 to 512 [ 139.489628][ T8688] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 139.543047][ T3298] udevd[3298]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 139.558323][ T8702] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1932'. [ 139.560272][ T3483] udevd[3483]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 139.586043][ T8692] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.607247][ T3483] udevd[3483]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 139.624875][ T3484] udevd[3484]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 139.635706][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.691438][ T8713] loop0: detected capacity change from 0 to 128 [ 139.726813][ T8713] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 139.745523][ T8717] FAULT_INJECTION: forcing a failure. [ 139.745523][ T8717] name failslab, interval 1, probability 0, space 0, times 0 [ 139.758349][ T8717] CPU: 1 UID: 0 PID: 8717 Comm: syz.2.1939 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 139.758432][ T8717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 139.758444][ T8717] Call Trace: [ 139.758450][ T8717] [ 139.758458][ T8717] __dump_stack+0x1d/0x30 [ 139.758477][ T8717] dump_stack_lvl+0xe8/0x140 [ 139.758507][ T8717] dump_stack+0x15/0x1b [ 139.758558][ T8717] should_fail_ex+0x265/0x280 [ 139.758594][ T8717] should_failslab+0x8c/0xb0 [ 139.758620][ T8717] kmem_cache_alloc_noprof+0x50/0x310 [ 139.758649][ T8717] ? alloc_empty_file+0x76/0x200 [ 139.758675][ T8717] alloc_empty_file+0x76/0x200 [ 139.758703][ T8717] alloc_file_pseudo+0xc6/0x160 [ 139.758808][ T8717] __shmem_file_setup+0x1de/0x210 [ 139.758863][ T8717] shmem_file_setup+0x3b/0x50 [ 139.758955][ T8717] __se_sys_memfd_create+0x2c3/0x590 [ 139.758993][ T8717] __x64_sys_memfd_create+0x31/0x40 [ 139.759095][ T8717] x64_sys_call+0x122f/0x2fb0 [ 139.759120][ T8717] do_syscall_64+0xd2/0x200 [ 139.759213][ T8717] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 139.759244][ T8717] ? clear_bhb_loop+0x40/0x90 [ 139.759269][ T8717] ? clear_bhb_loop+0x40/0x90 [ 139.759295][ T8717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.759319][ T8717] RIP: 0033:0x7f66ad4ce929 [ 139.759384][ T8717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.759401][ T8717] RSP: 002b:00007f66abb2ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 139.759444][ T8717] RAX: ffffffffffffffda RBX: 000000000000050d RCX: 00007f66ad4ce929 [ 139.759459][ T8717] RDX: 00007f66abb2eef0 RSI: 0000000000000000 RDI: 00007f66ad551634 [ 139.759474][ T8717] RBP: 0000200000000200 R08: 00007f66abb2ebb7 R09: 00007f66abb2ee40 [ 139.759489][ T8717] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000001c0 [ 139.759502][ T8717] R13: 00007f66abb2eef0 R14: 00007f66abb2eeb0 R15: 0000200000000a00 [ 139.759526][ T8717] [ 139.960187][ T8713] ext4 filesystem being mounted at /418/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.988396][ T8718] loop1: detected capacity change from 0 to 256 [ 139.991627][ T8712] loop4: detected capacity change from 0 to 512 [ 140.031409][ T8720] EXT4-fs (loop0): shut down requested (0) [ 140.040107][ T8721] loop2: detected capacity change from 0 to 512 [ 140.101298][ T3308] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 140.152090][ T8721] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 140.169820][ T8727] loop1: detected capacity change from 0 to 512 [ 140.192776][ T8721] ext4 filesystem being mounted at /383/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.216106][ T8731] loop0: detected capacity change from 0 to 512 [ 140.226821][ T8733] loop4: detected capacity change from 0 to 512 [ 140.257353][ T8727] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 140.274442][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.298432][ T8731] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 140.311976][ T8733] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.334139][ T8727] ext4 filesystem being mounted at /357/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 140.354176][ T8731] ext4 filesystem being mounted at /419/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 140.399756][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.412833][ T8727] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1945: corrupted inode contents [ 140.427389][ T8731] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.1944: corrupted inode contents [ 140.449988][ T8727] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.1945: mark_inode_dirty error [ 140.470548][ T8731] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.1944: mark_inode_dirty error [ 140.490848][ T8727] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1945: corrupted inode contents [ 140.504573][ T8731] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.1944: corrupted inode contents [ 140.532351][ T8749] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1945: corrupted inode contents [ 140.545656][ T8748] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.1944: corrupted inode contents [ 140.563466][ T8749] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.1945: mark_inode_dirty error [ 140.577059][ T8748] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.1944: mark_inode_dirty error [ 140.598759][ T8748] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.1944: corrupted inode contents [ 140.613214][ T8749] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1945: corrupted inode contents [ 140.626852][ T8748] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm syz.0.1944: mark_inode_dirty error [ 140.642639][ T8749] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.1945: mark_inode_dirty error [ 140.654391][ T8749] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1945: corrupted inode contents [ 140.667285][ T8749] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.1945: mark_inode_dirty error [ 140.683714][ T8748] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.1944: corrupted inode contents [ 140.696101][ T8748] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.1944: mark_inode_dirty error [ 140.723499][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.742610][ T9] usb 1-1: enqueue for inactive port 0 [ 140.748598][ T9] usb 1-1: enqueue for inactive port 0 [ 140.785077][ T8766] loop0: detected capacity change from 0 to 128 [ 140.786223][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.826260][ T8766] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 140.839736][ T9] vhci_hcd: vhci_device speed not set [ 140.847674][ T8766] ext4 filesystem being mounted at /420/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.915196][ T8774] loop4: detected capacity change from 0 to 512 [ 140.968012][ T8774] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.008790][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.019283][ T3308] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 141.124298][ T8787] lo speed is unknown, defaulting to 1000 [ 141.184567][ T8794] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 141.191868][ T8794] IPv6: NLM_F_CREATE should be set when creating new route [ 141.273571][ T8796] loop3: detected capacity change from 0 to 512 [ 141.405408][ T8805] loop4: detected capacity change from 0 to 512 [ 141.428942][ T8805] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.561126][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.822563][ T8830] loop2: detected capacity change from 0 to 512 [ 141.868919][ T8830] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.926614][ T8835] FAULT_INJECTION: forcing a failure. [ 141.926614][ T8835] name failslab, interval 1, probability 0, space 0, times 0 [ 141.939601][ T8835] CPU: 1 UID: 0 PID: 8835 Comm: syz.3.1985 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 141.939635][ T8835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 141.939650][ T8835] Call Trace: [ 141.939675][ T8835] [ 141.939684][ T8835] __dump_stack+0x1d/0x30 [ 141.939709][ T8835] dump_stack_lvl+0xe8/0x140 [ 141.939728][ T8835] dump_stack+0x15/0x1b [ 141.939805][ T8835] should_fail_ex+0x265/0x280 [ 141.939913][ T8835] should_failslab+0x8c/0xb0 [ 141.939941][ T8835] kmem_cache_alloc_node_noprof+0x57/0x320 [ 141.940039][ T8835] ? __alloc_skb+0x101/0x320 [ 141.940174][ T8835] __alloc_skb+0x101/0x320 [ 141.940231][ T8835] netlink_alloc_large_skb+0xba/0xf0 [ 141.940270][ T8835] netlink_sendmsg+0x3cf/0x6b0 [ 141.940296][ T8835] ? __pfx_netlink_sendmsg+0x10/0x10 [ 141.940324][ T8835] __sock_sendmsg+0x145/0x180 [ 141.940433][ T8835] ____sys_sendmsg+0x31e/0x4e0 [ 141.940483][ T8835] ___sys_sendmsg+0x17b/0x1d0 [ 141.940655][ T8835] __x64_sys_sendmsg+0xd4/0x160 [ 141.940698][ T8835] x64_sys_call+0x2999/0x2fb0 [ 141.940723][ T8835] do_syscall_64+0xd2/0x200 [ 141.940742][ T8835] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 141.940774][ T8835] ? clear_bhb_loop+0x40/0x90 [ 141.940806][ T8835] ? clear_bhb_loop+0x40/0x90 [ 141.940889][ T8835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.940943][ T8835] RIP: 0033:0x7f09c0e5e929 [ 141.940963][ T8835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.940986][ T8835] RSP: 002b:00007f09bf4c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 141.941010][ T8835] RAX: ffffffffffffffda RBX: 00007f09c1085fa0 RCX: 00007f09c0e5e929 [ 141.941024][ T8835] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000005 [ 141.941035][ T8835] RBP: 00007f09bf4c7090 R08: 0000000000000000 R09: 0000000000000000 [ 141.941101][ T8835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.941117][ T8835] R13: 0000000000000000 R14: 00007f09c1085fa0 R15: 00007ffd43d23038 [ 141.941141][ T8835] [ 142.161773][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.305496][ T8847] __nla_validate_parse: 6 callbacks suppressed [ 142.305515][ T8847] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1991'. [ 142.390593][ T8847] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1991'. [ 142.421582][ T10] usb 5-1: enqueue for inactive port 0 [ 142.427150][ T10] usb 5-1: enqueue for inactive port 0 [ 142.498962][ T8862] 9pnet_fd: Insufficient options for proto=fd [ 142.556910][ T29] kauditd_printk_skb: 143 callbacks suppressed [ 142.556924][ T29] audit: type=1326 audit(1752727891.867:1770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8863 comm="syz.2.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ad4ce929 code=0x7ffc0000 [ 142.586821][ T29] audit: type=1326 audit(1752727891.867:1771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8863 comm="syz.2.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ad4ce929 code=0x7ffc0000 [ 142.616304][ T29] audit: type=1326 audit(1752727891.927:1772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8863 comm="syz.2.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f66ad4ce929 code=0x7ffc0000 [ 142.624544][ T8864] pim6reg: entered allmulticast mode [ 142.641041][ T29] audit: type=1326 audit(1752727891.927:1773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8863 comm="syz.2.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ad4ce929 code=0x7ffc0000 [ 142.668588][ T29] audit: type=1326 audit(1752727891.927:1774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8863 comm="syz.2.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ad4ce929 code=0x7ffc0000 [ 142.692119][ T29] audit: type=1326 audit(1752727891.927:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8863 comm="syz.2.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f66ad4ce929 code=0x7ffc0000 [ 142.715699][ T29] audit: type=1326 audit(1752727891.927:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8863 comm="syz.2.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ad4ce929 code=0x7ffc0000 [ 142.723037][ T8873] pim6reg: left allmulticast mode [ 142.739235][ T29] audit: type=1326 audit(1752727891.927:1777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8863 comm="syz.2.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f66ad4ce929 code=0x7ffc0000 [ 142.767540][ T8876] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 142.767816][ T29] audit: type=1326 audit(1752727891.927:1778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8863 comm="syz.2.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ad4ce929 code=0x7ffc0000 [ 142.798929][ T10] vhci_hcd: vhci_device speed not set [ 142.802312][ T8864] loop2: detected capacity change from 0 to 512 [ 142.804446][ T29] audit: type=1326 audit(1752727891.927:1779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8863 comm="syz.2.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f66ad4ce929 code=0x7ffc0000 [ 142.839946][ T8864] EXT4-fs: Ignoring removed bh option [ 142.848639][ T8864] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 142.879079][ T8864] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 142.886557][ T8864] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 142.895102][ T8864] vhci_hcd: USB_PORT_FEAT_LINK_STATE req not supported for USB 2.0 roothub [ 143.049296][ T8893] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2011'. [ 143.058906][ T8893] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2011'. [ 143.196752][ T8904] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 143.203306][ T8904] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 143.210888][ T8904] vhci_hcd vhci_hcd.0: Device attached [ 143.218348][ T8904] loop1: detected capacity change from 0 to 164 [ 143.240364][ T8904] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 143.255861][ T8905] vhci_hcd: connection closed [ 143.256103][ T3527] vhci_hcd: stop threads [ 143.265140][ T3527] vhci_hcd: release socket [ 143.269616][ T3527] vhci_hcd: disconnect device [ 143.296600][ T8907] lo speed is unknown, defaulting to 1000 [ 143.530837][ T8913] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2019'. [ 143.794774][ T8922] loop0: detected capacity change from 0 to 128 [ 143.818172][ T8922] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 143.840630][ T8922] ext4 filesystem being mounted at /435/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.866930][ T8927] loop1: detected capacity change from 0 to 128 [ 143.882049][ T8927] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 143.924331][ T8927] ext4 filesystem being mounted at /366/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.026237][ T8937] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 144.086510][ T8943] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2030'. [ 144.157527][ T8939] FAULT_INJECTION: forcing a failure. [ 144.157527][ T8939] name failslab, interval 1, probability 0, space 0, times 0 [ 144.182205][ T8939] CPU: 0 UID: 0 PID: 8939 Comm: syz.3.2031 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 144.182316][ T8939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 144.182332][ T8939] Call Trace: [ 144.182341][ T8939] [ 144.182350][ T8939] __dump_stack+0x1d/0x30 [ 144.182375][ T8939] dump_stack_lvl+0xe8/0x140 [ 144.182450][ T8939] dump_stack+0x15/0x1b [ 144.182471][ T8939] should_fail_ex+0x265/0x280 [ 144.182510][ T8939] should_failslab+0x8c/0xb0 [ 144.182534][ T8939] __kmalloc_noprof+0xa5/0x3e0 [ 144.182618][ T8939] ? memcg_list_lru_alloc+0x195/0x490 [ 144.182714][ T8939] memcg_list_lru_alloc+0x195/0x490 [ 144.182752][ T8939] ? xas_create+0xb89/0xbe0 [ 144.182870][ T8939] __memcg_slab_post_alloc_hook+0x1a7/0x580 [ 144.182910][ T8939] ? __pfx_bpf_fill_super+0x10/0x10 [ 144.182981][ T8939] kmem_cache_alloc_lru_noprof+0x229/0x310 [ 144.183006][ T8939] ? alloc_inode+0x9a/0x170 [ 144.183078][ T8939] ? __pfx_bpf_fill_super+0x10/0x10 [ 144.183104][ T8939] alloc_inode+0x9a/0x170 [ 144.183197][ T8939] new_inode+0x1d/0xe0 [ 144.183213][ T8939] ? __pfx_bpf_fill_super+0x10/0x10 [ 144.183239][ T8939] simple_fill_super+0x7c/0x330 [ 144.183275][ T8939] ? __pfx_bpf_fill_super+0x10/0x10 [ 144.183345][ T8939] bpf_fill_super+0x85/0x5c0 [ 144.183415][ T8939] ? shrinker_register+0x106/0x130 [ 144.183510][ T8939] ? sget_fc+0x68a/0x6e0 [ 144.183541][ T8939] ? __pfx_set_anon_super_fc+0x10/0x10 [ 144.183569][ T8939] ? __pfx_bpf_fill_super+0x10/0x10 [ 144.183648][ T8939] get_tree_nodev+0x80/0x100 [ 144.183680][ T8939] bpf_get_tree+0x1c/0x30 [ 144.183808][ T8939] vfs_get_tree+0x57/0x1d0 [ 144.183839][ T8939] vfs_cmd_create+0x8a/0x140 [ 144.183858][ T8939] vfs_fsconfig_locked+0x6f/0x210 [ 144.183927][ T8939] __se_sys_fsconfig+0x648/0x770 [ 144.183955][ T8939] __x64_sys_fsconfig+0x67/0x80 [ 144.183979][ T8939] x64_sys_call+0x3b8/0x2fb0 [ 144.184000][ T8939] do_syscall_64+0xd2/0x200 [ 144.184015][ T8939] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 144.184103][ T8939] ? clear_bhb_loop+0x40/0x90 [ 144.184122][ T8939] ? clear_bhb_loop+0x40/0x90 [ 144.184141][ T8939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.184160][ T8939] RIP: 0033:0x7f09c0e5e929 [ 144.184173][ T8939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.184224][ T8939] RSP: 002b:00007f09bf4c7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 144.184240][ T8939] RAX: ffffffffffffffda RBX: 00007f09c1085fa0 RCX: 00007f09c0e5e929 [ 144.184251][ T8939] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000009 [ 144.184303][ T8939] RBP: 00007f09bf4c7090 R08: 0000000000000000 R09: 0000000000000000 [ 144.184313][ T8939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.184324][ T8939] R13: 0000000000000000 R14: 00007f09c1085fa0 R15: 00007ffd43d23038 [ 144.184341][ T8939] [ 144.272913][ T8957] loop0: detected capacity change from 0 to 512 [ 144.503480][ T8957] ext4 filesystem being mounted at /440/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 144.515177][ T8956] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.2038: corrupted inode contents [ 144.527417][ T8956] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.2038: mark_inode_dirty error [ 144.539888][ T8956] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.2038: corrupted inode contents [ 144.561394][ T8956] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.2038: corrupted inode contents [ 144.579771][ T8971] xt_TPROXY: Can be used only with -p tcp or -p udp [ 144.582017][ T8956] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.2038: mark_inode_dirty error [ 144.598856][ T8956] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.2038: corrupted inode contents [ 144.612278][ T8956] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm syz.0.2038: mark_inode_dirty error [ 144.615412][ T8973] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 144.623987][ T8956] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.2038: corrupted inode contents [ 144.643071][ T8956] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.2038: mark_inode_dirty error [ 144.679180][ T8975] netlink: 'syz.3.2044': attribute type 1 has an invalid length. [ 144.687081][ T8975] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2044'. [ 144.710102][ T8975] loop3: detected capacity change from 0 to 512 [ 144.728317][ T8979] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2046'. [ 144.774318][ T8983] qrtr: Invalid version 203 [ 145.034837][ T8999] FAULT_INJECTION: forcing a failure. [ 145.034837][ T8999] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 145.048060][ T8999] CPU: 0 UID: 0 PID: 8999 Comm: syz.0.2055 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 145.048092][ T8999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 145.048106][ T8999] Call Trace: [ 145.048113][ T8999] [ 145.048122][ T8999] __dump_stack+0x1d/0x30 [ 145.048197][ T8999] dump_stack_lvl+0xe8/0x140 [ 145.048219][ T8999] dump_stack+0x15/0x1b [ 145.048269][ T8999] should_fail_ex+0x265/0x280 [ 145.048302][ T8999] should_fail+0xb/0x20 [ 145.048388][ T8999] should_fail_usercopy+0x1a/0x20 [ 145.048421][ T8999] _copy_to_user+0x20/0xa0 [ 145.048442][ T8999] simple_read_from_buffer+0xb5/0x130 [ 145.048519][ T8999] proc_fail_nth_read+0x100/0x140 [ 145.048556][ T8999] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 145.048590][ T8999] vfs_read+0x19d/0x6f0 [ 145.048677][ T8999] ? __rcu_read_unlock+0x4f/0x70 [ 145.048771][ T8999] ? __fget_files+0x184/0x1c0 [ 145.048802][ T8999] ksys_read+0xda/0x1a0 [ 145.048835][ T8999] __x64_sys_read+0x40/0x50 [ 145.048920][ T8999] x64_sys_call+0x2d77/0x2fb0 [ 145.048943][ T8999] do_syscall_64+0xd2/0x200 [ 145.048963][ T8999] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 145.048990][ T8999] ? clear_bhb_loop+0x40/0x90 [ 145.049046][ T8999] ? clear_bhb_loop+0x40/0x90 [ 145.049069][ T8999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.049092][ T8999] RIP: 0033:0x7f5265d8d33c [ 145.049109][ T8999] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 145.049209][ T8999] RSP: 002b:00007f52643ef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 145.049230][ T8999] RAX: ffffffffffffffda RBX: 00007f5265fb5fa0 RCX: 00007f5265d8d33c [ 145.049243][ T8999] RDX: 000000000000000f RSI: 00007f52643ef0a0 RDI: 0000000000000003 [ 145.049256][ T8999] RBP: 00007f52643ef090 R08: 0000000000000000 R09: 0000000000000000 [ 145.049269][ T8999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 145.049282][ T8999] R13: 0000000000000000 R14: 00007f5265fb5fa0 R15: 00007ffcb027add8 [ 145.049303][ T8999] [ 145.329659][ T9002] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2057'. [ 145.391351][ T9006] netlink: 'syz.0.2058': attribute type 1 has an invalid length. [ 145.399267][ T9006] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2058'. [ 145.439949][ T9011] pim6reg: entered allmulticast mode [ 145.446342][ T9011] pim6reg: left allmulticast mode [ 145.465741][ T8985] loop3: detected capacity change from 0 to 1024 [ 145.478298][ T9006] loop0: detected capacity change from 0 to 512 [ 145.485241][ T9011] loop2: detected capacity change from 0 to 512 [ 145.492382][ T9011] EXT4-fs: Ignoring removed bh option [ 145.521462][ T9011] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 145.611540][ T9026] loop4: detected capacity change from 0 to 128 [ 145.624153][ T9028] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 145.629909][ T9030] qrtr: Invalid version 203 [ 145.631792][ T9028] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 145.646752][ T9026] ext4 filesystem being mounted at /424/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 145.649513][ T9028] vhci_hcd: USB_PORT_FEAT_LINK_STATE req not supported for USB 2.0 roothub [ 145.721658][ T9026] EXT4-fs (loop4): shut down requested (0) [ 145.753767][ T9038] qrtr: Invalid version 203 [ 145.848347][ T9045] netlink: 'syz.1.2076': attribute type 1 has an invalid length. [ 145.864814][ T9045] loop1: detected capacity change from 0 to 512 [ 145.898916][ T9052] pim6reg: entered allmulticast mode [ 145.912964][ T9052] loop4: detected capacity change from 0 to 512 [ 145.921748][ T9052] EXT4-fs: Ignoring removed bh option [ 145.933423][ T9052] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 146.023924][ T9064] loop1: detected capacity change from 0 to 128 [ 146.054569][ T9064] ext4 filesystem being mounted at /377/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.099857][ T9074] qrtr: Invalid version 203 [ 146.123009][ T9064] EXT4-fs (loop1): shut down requested (0) [ 146.234745][ T9088] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 146.242038][ T9088] IPv6: NLM_F_CREATE should be set when creating new route [ 146.279268][ T9077] loop3: detected capacity change from 0 to 512 [ 146.290896][ T9077] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 146.312978][ T9077] geneve1: entered promiscuous mode [ 146.421651][ T9100] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 146.429001][ T9100] IPv6: NLM_F_CREATE should be set when creating new route [ 146.447898][ T9102] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 146.454649][ T9102] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 146.462341][ T9102] vhci_hcd vhci_hcd.0: Device attached [ 146.472946][ T9102] loop0: detected capacity change from 0 to 164 [ 146.519691][ T9106] qrtr: Invalid version 203 [ 146.625189][ T9107] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 146.637385][ T9103] vhci_hcd: connection closed [ 146.637635][ T3527] vhci_hcd: stop threads [ 146.646705][ T3527] vhci_hcd: release socket [ 146.651237][ T3527] vhci_hcd: disconnect device [ 146.675310][ T9111] FAULT_INJECTION: forcing a failure. [ 146.675310][ T9111] name failslab, interval 1, probability 0, space 0, times 0 [ 146.688140][ T9111] CPU: 1 UID: 0 PID: 9111 Comm: syz.2.2104 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 146.688174][ T9111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 146.688189][ T9111] Call Trace: [ 146.688197][ T9111] [ 146.688242][ T9111] __dump_stack+0x1d/0x30 [ 146.688269][ T9111] dump_stack_lvl+0xe8/0x140 [ 146.688290][ T9111] dump_stack+0x15/0x1b [ 146.688312][ T9111] should_fail_ex+0x265/0x280 [ 146.688389][ T9111] should_failslab+0x8c/0xb0 [ 146.688470][ T9111] __kmalloc_cache_node_noprof+0x54/0x320 [ 146.688508][ T9111] ? __get_vm_area_node+0x106/0x1d0 [ 146.688539][ T9111] ? __rcu_read_unlock+0x4f/0x70 [ 146.688566][ T9111] __get_vm_area_node+0x106/0x1d0 [ 146.688639][ T9111] __vmalloc_node_range_noprof+0x273/0xe00 [ 146.688734][ T9111] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 146.688774][ T9111] ? mntput+0x4b/0x80 [ 146.688802][ T9111] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 146.688839][ T9111] __vmalloc_noprof+0x83/0xc0 [ 146.688940][ T9111] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 146.688979][ T9111] bpf_prog_alloc_no_stats+0x47/0x390 [ 146.689051][ T9111] ? bpf_prog_alloc+0x2a/0x150 [ 146.689165][ T9111] bpf_prog_alloc+0x3c/0x150 [ 146.689206][ T9111] __get_filter+0x92/0x230 [ 146.689244][ T9111] sk_reuseport_attach_filter+0x20/0x140 [ 146.689285][ T9111] sk_setsockopt+0x1b2f/0x2140 [ 146.689369][ T9111] udp_lib_setsockopt+0x93/0x640 [ 146.689404][ T9111] udpv6_setsockopt+0x77/0xb0 [ 146.689437][ T9111] ? __pfx_udp_v6_push_pending_frames+0x10/0x10 [ 146.689514][ T9111] sock_common_setsockopt+0x69/0x80 [ 146.689544][ T9111] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 146.689574][ T9111] __sys_setsockopt+0x184/0x200 [ 146.689652][ T9111] __x64_sys_setsockopt+0x64/0x80 [ 146.689767][ T9111] x64_sys_call+0x2bd5/0x2fb0 [ 146.689825][ T9111] do_syscall_64+0xd2/0x200 [ 146.689841][ T9111] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 146.689865][ T9111] ? clear_bhb_loop+0x40/0x90 [ 146.690004][ T9111] ? clear_bhb_loop+0x40/0x90 [ 146.690030][ T9111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.690051][ T9111] RIP: 0033:0x7f66ad4ce929 [ 146.690065][ T9111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.690082][ T9111] RSP: 002b:00007f66abb2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 146.690110][ T9111] RAX: ffffffffffffffda RBX: 00007f66ad6f5fa0 RCX: 00007f66ad4ce929 [ 146.690125][ T9111] RDX: 0000000000000033 RSI: 0000000000000001 RDI: 0000000000000003 [ 146.690192][ T9111] RBP: 00007f66abb2f090 R08: 0000000000000010 R09: 0000000000000000 [ 146.690209][ T9111] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.690225][ T9111] R13: 0000000000000000 R14: 00007f66ad6f5fa0 R15: 00007ffc5ad58538 [ 146.690248][ T9111] [ 146.913250][ T9071] geneve1: left promiscuous mode [ 146.916015][ T9111] syz.2.2104: vmalloc error: size 4096, vm_struct allocation failed, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 146.989090][ T9111] CPU: 1 UID: 0 PID: 9111 Comm: syz.2.2104 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 146.989184][ T9111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 146.989195][ T9111] Call Trace: [ 146.989202][ T9111] [ 146.989209][ T9111] __dump_stack+0x1d/0x30 [ 146.989234][ T9111] dump_stack_lvl+0xe8/0x140 [ 146.989259][ T9111] dump_stack+0x15/0x1b [ 146.989319][ T9111] warn_alloc+0x12b/0x1a0 [ 146.989413][ T9111] ? __rcu_read_unlock+0x4f/0x70 [ 146.989447][ T9111] __vmalloc_node_range_noprof+0x297/0xe00 [ 146.989495][ T9111] ? mntput+0x4b/0x80 [ 146.989524][ T9111] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 146.989627][ T9111] __vmalloc_noprof+0x83/0xc0 [ 146.989662][ T9111] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 146.989700][ T9111] bpf_prog_alloc_no_stats+0x47/0x390 [ 146.989774][ T9111] ? bpf_prog_alloc+0x2a/0x150 [ 146.989856][ T9111] bpf_prog_alloc+0x3c/0x150 [ 146.989891][ T9111] __get_filter+0x92/0x230 [ 146.989926][ T9111] sk_reuseport_attach_filter+0x20/0x140 [ 146.989965][ T9111] sk_setsockopt+0x1b2f/0x2140 [ 146.990010][ T9111] udp_lib_setsockopt+0x93/0x640 [ 146.990045][ T9111] udpv6_setsockopt+0x77/0xb0 [ 146.990144][ T9111] ? __pfx_udp_v6_push_pending_frames+0x10/0x10 [ 146.990190][ T9111] sock_common_setsockopt+0x69/0x80 [ 146.990220][ T9111] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 146.990308][ T9111] __sys_setsockopt+0x184/0x200 [ 146.990386][ T9111] __x64_sys_setsockopt+0x64/0x80 [ 146.990466][ T9111] x64_sys_call+0x2bd5/0x2fb0 [ 146.990530][ T9111] do_syscall_64+0xd2/0x200 [ 146.990559][ T9111] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 146.990620][ T9111] ? clear_bhb_loop+0x40/0x90 [ 146.990646][ T9111] ? clear_bhb_loop+0x40/0x90 [ 146.990673][ T9111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.990696][ T9111] RIP: 0033:0x7f66ad4ce929 [ 146.990714][ T9111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.990736][ T9111] RSP: 002b:00007f66abb2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 146.990809][ T9111] RAX: ffffffffffffffda RBX: 00007f66ad6f5fa0 RCX: 00007f66ad4ce929 [ 146.990820][ T9111] RDX: 0000000000000033 RSI: 0000000000000001 RDI: 0000000000000003 [ 146.990832][ T9111] RBP: 00007f66abb2f090 R08: 0000000000000010 R09: 0000000000000000 [ 146.990843][ T9111] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.990854][ T9111] R13: 0000000000000000 R14: 00007f66ad6f5fa0 R15: 00007ffc5ad58538 [ 146.990877][ T9111] [ 147.240433][ T9111] Mem-Info: [ 147.244017][ T9111] active_anon:7045 inactive_anon:0 isolated_anon:0 [ 147.244017][ T9111] active_file:25342 inactive_file:2258 isolated_file:0 [ 147.244017][ T9111] unevictable:1183 dirty:520 writeback:0 [ 147.244017][ T9111] slab_reclaimable:3139 slab_unreclaimable:20704 [ 147.244017][ T9111] mapped:30848 shmem:200 pagetables:1154 [ 147.244017][ T9111] sec_pagetables:0 bounce:0 [ 147.244017][ T9111] kernel_misc_reclaimable:0 [ 147.244017][ T9111] free:1843691 free_pcp:1624 free_cma:0 [ 147.289225][ T9111] Node 0 active_anon:28180kB inactive_anon:0kB active_file:101368kB inactive_file:9032kB unevictable:4732kB isolated(anon):0kB isolated(file):0kB mapped:123392kB dirty:2080kB writeback:0kB shmem:800kB writeback_tmp:0kB kernel_stack:4928kB pagetables:4616kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 147.318491][ T9111] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 147.347270][ T9111] lowmem_reserve[]: 0 2882 7860 7860 [ 147.352769][ T9111] Node 0 DMA32 free:2947828kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951356kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:0kB free_cma:0kB [ 147.383099][ T9111] lowmem_reserve[]: 0 0 4978 4978 [ 147.388271][ T9111] Node 0 Normal free:4405796kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28180kB inactive_anon:0kB active_file:101368kB inactive_file:9032kB unevictable:4732kB writepending:2080kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:924kB local_pcp:600kB free_cma:0kB [ 147.420535][ T9111] lowmem_reserve[]: 0 0 0 0 [ 147.425119][ T9111] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 147.438265][ T9111] Node 0 DMA32: 3*4kB (M) 1*8kB (M) 4*16kB (M) 3*32kB (M) 5*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947828kB [ 147.454829][ T9111] Node 0 Normal: 1483*4kB (UME) 1159*8kB (ME) 819*16kB (UME) 494*32kB (UME) 336*64kB (UME) 62*128kB (UME) 28*256kB (M) 48*512kB (UME) 21*1024kB (UM) 10*2048kB (ME) 1036*4096kB (M) = 4390740kB [ 147.474144][ T9111] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 147.483581][ T9111] 28956 total pagecache pages [ 147.488373][ T9111] 0 pages in swap cache [ 147.492650][ T9111] Free swap = 124996kB [ 147.496960][ T9111] Total swap = 124996kB [ 147.501233][ T9111] 2097051 pages RAM [ 147.505058][ T9111] 0 pages HighMem/MovableOnly [ 147.509838][ T9111] 80812 pages reserved [ 147.623082][ T9119] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 147.630469][ T9119] IPv6: NLM_F_CREATE should be set when creating new route [ 147.680830][ T9124] __nla_validate_parse: 5 callbacks suppressed [ 147.680850][ T9124] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2109'. [ 147.717442][ T9130] qrtr: Invalid version 203 [ 147.749880][ T9128] loop0: detected capacity change from 0 to 8192 [ 147.775097][ T9128] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2111'. [ 147.786009][ T9128] syz.0.2111: attempt to access beyond end of device [ 147.786009][ T9128] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 147.799525][ T9128] Buffer I/O error on dev loop0, logical block 57847, async page read [ 147.836567][ T9137] atomic_op ffff888133d70128 conn xmit_atomic 0000000000000000 [ 147.846071][ T9137] loop2: detected capacity change from 0 to 128 [ 147.889146][ T29] kauditd_printk_skb: 241 callbacks suppressed [ 147.889162][ T29] audit: type=1400 audit(1752727897.197:2021): avc: denied { read } for pid=9140 comm="syz.2.2118" name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 147.893679][ T9139] loop1: detected capacity change from 0 to 8192 [ 147.999770][ T9139] loop1: p1 < > p2 p4 [ 148.004018][ T9139] loop1: partition table partially beyond EOD, truncated [ 148.012026][ T9139] loop1: p1 start 408832 is beyond EOD, truncated [ 148.018529][ T9139] loop1: p2 size 8388352 extends beyond EOD, truncated [ 148.066255][ T9147] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 148.073737][ T9147] IPv6: NLM_F_CREATE should be set when creating new route [ 148.089110][ T3483] udevd[3483]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 148.089187][ T3484] udevd[3484]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 148.146016][ T9152] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2124'. [ 148.179826][ T9153] lo speed is unknown, defaulting to 1000 [ 148.338765][ T9157] loop2: detected capacity change from 0 to 512 [ 148.406201][ T9157] EXT4-fs: Ignoring removed mblk_io_submit option [ 148.412853][ T9157] EXT4-fs: Ignoring removed bh option [ 148.446210][ T9157] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 148.506109][ T9157] EXT4-fs (loop2): 1 truncate cleaned up [ 148.656062][ T9170] qrtr: Invalid version 203 [ 148.973911][ T9174] loop3: detected capacity change from 0 to 512 [ 148.996541][ T9178] lo speed is unknown, defaulting to 1000 [ 149.157474][ T9180] loop4: detected capacity change from 0 to 512 [ 149.288033][ T9191] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2137'. [ 149.314050][ T9189] loop1: detected capacity change from 0 to 512 [ 149.365336][ T9189] ext4 filesystem being mounted at /387/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 149.396805][ T9189] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.2136: corrupted inode contents [ 149.452709][ T9189] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.2136: mark_inode_dirty error [ 149.489484][ T9189] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.2136: corrupted inode contents [ 149.518148][ T9196] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.2136: corrupted inode contents [ 149.543265][ T9196] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.2136: mark_inode_dirty error [ 149.569080][ T9196] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.2136: corrupted inode contents [ 149.591176][ T9196] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.2136: mark_inode_dirty error [ 149.634552][ T9196] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.2136: corrupted inode contents [ 149.647140][ T9196] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.2136: mark_inode_dirty error [ 149.780470][ T9206] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 149.787057][ T9206] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 149.794697][ T9206] vhci_hcd vhci_hcd.0: Device attached [ 149.802934][ T9206] loop1: detected capacity change from 0 to 164 [ 149.821065][ T9206] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 149.825464][ T9210] loop0: detected capacity change from 0 to 2048 [ 149.834959][ T9207] vhci_hcd: connection closed [ 149.835760][ T3532] vhci_hcd: stop threads [ 149.844876][ T3532] vhci_hcd: release socket [ 149.848245][ T29] audit: type=1400 audit(1752727899.157:2022): avc: denied { read write } for pid=9197 comm="syz.2.2139" name="rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 149.849370][ T3532] vhci_hcd: disconnect device [ 149.872980][ T29] audit: type=1400 audit(1752727899.157:2023): avc: denied { open } for pid=9197 comm="syz.2.2139" path="/dev/rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 149.902516][ T9210] loop0: p1 < > p4 [ 149.907213][ T9210] loop0: p4 size 8388608 extends beyond EOD, truncated [ 149.923199][ T9212] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 149.933751][ T2997] loop0: p1 < > p4 [ 149.941021][ T2997] loop0: p4 size 8388608 extends beyond EOD, truncated [ 150.076056][ T9220] veth1_to_bond: entered allmulticast mode [ 150.082829][ T9220] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2149'. [ 150.094635][ T9220] bond0: (slave bond_slave_1): Releasing backup interface [ 150.105770][ T9220] veth1_to_bond (unregistering): left allmulticast mode [ 150.402871][ T9238] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 150.570581][ T9250] loop2: detected capacity change from 0 to 2048 [ 150.585378][ T9245] lo speed is unknown, defaulting to 1000 [ 150.616223][ T3484] loop2: p1 < > p4 [ 150.625626][ T3484] loop2: p4 size 8388608 extends beyond EOD, truncated [ 150.646564][ T9253] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2161'. [ 151.019116][ T9256] loop1: detected capacity change from 0 to 2048 [ 151.050947][ T9250] loop2: p1 < > p4 [ 151.078952][ T9250] loop2: p4 size 8388608 extends beyond EOD, truncated [ 151.092932][ T3483] loop1: p1 < > p4 [ 151.097753][ T3483] loop1: p4 size 8388608 extends beyond EOD, truncated [ 151.112545][ T9256] loop1: p1 < > p4 [ 151.124461][ T9256] loop1: p4 size 8388608 extends beyond EOD, truncated [ 151.161042][ T29] audit: type=1400 audit(1752727900.467:2024): avc: denied { read write } for pid=9255 comm="syz.1.2162" name="loop1p4" dev="devtmpfs" ino=1716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 151.184574][ T29] audit: type=1400 audit(1752727900.477:2025): avc: denied { open } for pid=9255 comm="syz.1.2162" path="/dev/loop1p4" dev="devtmpfs" ino=1716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 151.361007][ T9263] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2165'. [ 151.393671][ T9265] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 151.400391][ T9265] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 151.402316][ T3484] udevd[3484]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 151.407982][ T9265] vhci_hcd vhci_hcd.0: Device attached [ 151.422162][ T3483] udevd[3483]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 151.439050][ T9265] loop4: detected capacity change from 0 to 164 [ 151.478995][ T9265] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 151.493172][ T9271] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 151.504684][ T9266] vhci_hcd: connection closed [ 151.506463][ T5078] vhci_hcd: stop threads [ 151.515622][ T5078] vhci_hcd: release socket [ 151.520201][ T5078] vhci_hcd: disconnect device [ 151.593310][ T9279] loop1: detected capacity change from 0 to 1024 [ 151.628718][ T9279] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: comm syz.1.2172: inode #327696: comm syz.1.2172: iget: illegal inode # [ 151.650121][ T9286] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2173'. [ 151.675600][ T9279] EXT4-fs error (device loop1): ext4_xattr_inode_iget:442: comm syz.1.2172: error while reading EA inode 327696 err=-117 [ 151.713422][ T9291] FAULT_INJECTION: forcing a failure. [ 151.713422][ T9291] name failslab, interval 1, probability 0, space 0, times 0 [ 151.726140][ T9291] CPU: 0 UID: 0 PID: 9291 Comm: syz.2.2175 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 151.726223][ T9291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 151.726235][ T9291] Call Trace: [ 151.726242][ T9291] [ 151.726252][ T9291] __dump_stack+0x1d/0x30 [ 151.726278][ T9291] dump_stack_lvl+0xe8/0x140 [ 151.726302][ T9291] dump_stack+0x15/0x1b [ 151.726323][ T9291] should_fail_ex+0x265/0x280 [ 151.726431][ T9291] should_failslab+0x8c/0xb0 [ 151.726458][ T9291] kmem_cache_alloc_node_noprof+0x57/0x320 [ 151.726547][ T9291] ? __alloc_skb+0x101/0x320 [ 151.726582][ T9291] __alloc_skb+0x101/0x320 [ 151.726634][ T9291] netlink_alloc_large_skb+0xba/0xf0 [ 151.726692][ T9291] netlink_sendmsg+0x3cf/0x6b0 [ 151.726717][ T9291] ? __pfx_netlink_sendmsg+0x10/0x10 [ 151.726741][ T9291] __sock_sendmsg+0x145/0x180 [ 151.726771][ T9291] ____sys_sendmsg+0x31e/0x4e0 [ 151.726858][ T9291] ___sys_sendmsg+0x17b/0x1d0 [ 151.726976][ T9291] __x64_sys_sendmsg+0xd4/0x160 [ 151.727024][ T9291] x64_sys_call+0x2999/0x2fb0 [ 151.727050][ T9291] do_syscall_64+0xd2/0x200 [ 151.727125][ T9291] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 151.727159][ T9291] ? clear_bhb_loop+0x40/0x90 [ 151.727180][ T9291] ? clear_bhb_loop+0x40/0x90 [ 151.727213][ T9291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.727315][ T9291] RIP: 0033:0x7f66ad4ce929 [ 151.727330][ T9291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.727350][ T9291] RSP: 002b:00007f66abb2f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 151.727367][ T9291] RAX: ffffffffffffffda RBX: 00007f66ad6f5fa0 RCX: 00007f66ad4ce929 [ 151.727382][ T9291] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 151.727397][ T9291] RBP: 00007f66abb2f090 R08: 0000000000000000 R09: 0000000000000000 [ 151.727437][ T9291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.727452][ T9291] R13: 0000000000000000 R14: 00007f66ad6f5fa0 R15: 00007ffc5ad58538 [ 151.727475][ T9291] [ 151.962553][ T9294] 9pnet_fd: Insufficient options for proto=fd [ 152.018018][ T9296] pim6reg: entered allmulticast mode [ 152.025604][ T29] audit: type=1326 audit(1752727901.327:2026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9295 comm="syz.1.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1076e929 code=0x7ffc0000 [ 152.049149][ T29] audit: type=1326 audit(1752727901.327:2027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9295 comm="syz.1.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1076e929 code=0x7ffc0000 [ 152.072713][ T29] audit: type=1326 audit(1752727901.327:2028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9295 comm="syz.1.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffb1076e929 code=0x7ffc0000 [ 152.096349][ T29] audit: type=1326 audit(1752727901.327:2029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9295 comm="syz.1.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1076e929 code=0x7ffc0000 [ 152.119915][ T29] audit: type=1326 audit(1752727901.327:2030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9295 comm="syz.1.2177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1076e929 code=0x7ffc0000 [ 152.121880][ T9296] pim6reg: left allmulticast mode [ 152.237701][ T9296] loop1: detected capacity change from 0 to 512 [ 152.252476][ T9296] EXT4-fs: Ignoring removed bh option [ 152.268529][ T9296] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 152.408294][ T9296] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 152.415855][ T9296] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 152.434017][ T9317] loop2: detected capacity change from 0 to 128 [ 152.440803][ T9296] vhci_hcd: USB_PORT_FEAT_LINK_STATE req not supported for USB 2.0 roothub [ 152.459099][ T9318] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 152.465752][ T9318] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 152.473368][ T9318] vhci_hcd vhci_hcd.0: Device attached [ 152.474397][ T9317] ext4 filesystem being mounted at /433/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.519349][ T9318] loop0: detected capacity change from 0 to 164 [ 152.555545][ T9325] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2187'. [ 152.584948][ T9317] EXT4-fs (loop2): shut down requested (0) [ 152.594974][ T9323] lo speed is unknown, defaulting to 1000 [ 152.634571][ T9328] netlink: 108 bytes leftover after parsing attributes in process `syz.3.2188'. [ 152.652687][ T9330] 9pnet_fd: Insufficient options for proto=fd [ 152.687124][ T9332] qrtr: Invalid version 203 [ 152.705015][ T9328] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2188'. [ 152.714151][ T36] usb 1-1: new low-speed USB device number 5 using vhci_hcd [ 152.842210][ T9335] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2191'. [ 152.984936][ T9338] loop3: detected capacity change from 0 to 512 [ 153.062981][ T9318] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 153.115316][ T9338] ext4 filesystem being mounted at /432/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 153.127903][ T9342] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2192'. [ 153.137721][ T9319] vhci_hcd: connection closed [ 153.146200][ T5078] vhci_hcd: stop threads [ 153.150451][ T9338] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.2193: corrupted inode contents [ 153.151044][ T5078] vhci_hcd: release socket [ 153.170963][ T9338] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.2193: mark_inode_dirty error [ 153.171455][ T5078] vhci_hcd: disconnect device [ 153.241624][ T9338] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.2193: corrupted inode contents [ 153.272514][ T9343] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.2193: corrupted inode contents [ 153.294631][ T9343] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.2193: mark_inode_dirty error [ 153.325717][ T9343] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.2193: corrupted inode contents [ 153.355837][ T9354] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 153.363207][ T9354] IPv6: NLM_F_CREATE should be set when creating new route [ 153.370714][ T9358] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2198'. [ 153.379962][ T9356] loop2: detected capacity change from 0 to 1024 [ 153.381060][ T9343] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.2193: mark_inode_dirty error [ 153.423664][ T9343] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.2193: corrupted inode contents [ 153.453840][ T9356] EXT4-fs error (device loop2): ext4_xattr_inode_iget:437: comm syz.2.2200: inode #327696: comm syz.2.2200: iget: illegal inode # [ 153.456147][ T9343] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.2193: mark_inode_dirty error [ 153.503886][ T9356] EXT4-fs error (device loop2): ext4_xattr_inode_iget:442: comm syz.2.2200: error while reading EA inode 327696 err=-117 [ 153.571555][ T9366] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2202'. [ 153.594759][ T9367] qrtr: Invalid version 203 [ 153.865170][ T9383] qrtr: Invalid version 203 [ 153.885510][ T9387] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 1, id = 0 [ 153.891221][ T9385] loop2: detected capacity change from 0 to 1024 [ 153.918624][ T9385] ext4 filesystem being mounted at /441/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 153.984883][ T29] kauditd_printk_skb: 68 callbacks suppressed [ 153.984901][ T29] audit: type=1326 audit(1752727903.297:2099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9390 comm="syz.0.2212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5265d858e7 code=0x7ffc0000 [ 154.024826][ T9391] pim6reg: entered allmulticast mode [ 154.033856][ T9391] pim6reg: left allmulticast mode [ 154.039899][ T29] audit: type=1326 audit(1752727903.327:2100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9390 comm="syz.0.2212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5265d2ab19 code=0x7ffc0000 [ 154.063473][ T29] audit: type=1326 audit(1752727903.327:2101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9390 comm="syz.0.2212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5265d858e7 code=0x7ffc0000 [ 154.087084][ T29] audit: type=1326 audit(1752727903.327:2102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9390 comm="syz.0.2212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5265d2ab19 code=0x7ffc0000 [ 154.110536][ T29] audit: type=1326 audit(1752727903.327:2103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9390 comm="syz.0.2212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5265d8e929 code=0x7ffc0000 [ 154.134393][ T29] audit: type=1326 audit(1752727903.327:2104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9390 comm="syz.0.2212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5265d8e929 code=0x7ffc0000 [ 154.134845][ T9392] loop0: detected capacity change from 0 to 512 [ 154.157895][ T29] audit: type=1326 audit(1752727903.327:2105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9390 comm="syz.0.2212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5265d8e929 code=0x7ffc0000 [ 154.165539][ T9392] EXT4-fs: Ignoring removed bh option [ 154.187695][ T29] audit: type=1326 audit(1752727903.327:2106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9390 comm="syz.0.2212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5265d8e929 code=0x7ffc0000 [ 154.187786][ T29] audit: type=1326 audit(1752727903.327:2107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9390 comm="syz.0.2212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5265d8e929 code=0x7ffc0000 [ 154.187820][ T29] audit: type=1326 audit(1752727903.327:2108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9390 comm="syz.0.2212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5265d858e7 code=0x7ffc0000 [ 154.283295][ T9394] loop3: detected capacity change from 0 to 512 [ 154.291262][ T9392] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 154.367838][ T9394] ext4 filesystem being mounted at /435/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 154.395442][ T9394] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.2213: corrupted inode contents [ 154.411099][ T9402] qrtr: Invalid version 203 [ 154.417827][ T9394] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.2213: mark_inode_dirty error [ 154.427398][ T9391] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 154.436676][ T9391] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 154.453049][ T9394] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.2213: corrupted inode contents [ 154.473707][ T9391] vhci_hcd: USB_PORT_FEAT_LINK_STATE req not supported for USB 2.0 roothub [ 154.484073][ T9395] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.2213: corrupted inode contents [ 154.507904][ T9395] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.2213: mark_inode_dirty error [ 154.533462][ T9395] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.2213: corrupted inode contents [ 154.585890][ T9395] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.2213: mark_inode_dirty error [ 154.614197][ T9395] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.2213: corrupted inode contents [ 154.643388][ T9395] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.2213: mark_inode_dirty error [ 154.666618][ T9416] loop0: detected capacity change from 0 to 1024 [ 154.705589][ T9416] EXT4-fs error (device loop0): ext4_xattr_inode_iget:437: comm syz.0.2221: inode #327696: comm syz.0.2221: iget: illegal inode # [ 154.724258][ T9416] EXT4-fs error (device loop0): ext4_xattr_inode_iget:442: comm syz.0.2221: error while reading EA inode 327696 err=-117 [ 154.743756][ T9423] loop1: detected capacity change from 0 to 128 [ 154.787056][ T9423] ext4 filesystem being mounted at /407/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.869264][ T9423] EXT4-fs (loop1): shut down requested (0) [ 154.882694][ T9436] qrtr: Invalid version 203 [ 154.906736][ T9438] veth1_to_bond: entered allmulticast mode [ 154.913569][ T9438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2228'. [ 154.927331][ T9438] veth1_to_bond (unregistering): left allmulticast mode [ 155.066239][ T9450] loop4: detected capacity change from 0 to 512 [ 155.083981][ T9450] ext4 filesystem being mounted at /461/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 155.105580][ T9454] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2235'. [ 155.119253][ T9454] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2235'. [ 155.131835][ T9450] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.2234: corrupted inode contents [ 155.154852][ T9450] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.2234: mark_inode_dirty error [ 155.172014][ T9450] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.2234: corrupted inode contents [ 155.185501][ T9460] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.2234: corrupted inode contents [ 155.198472][ T9460] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.2234: mark_inode_dirty error [ 155.225714][ T9460] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.2234: corrupted inode contents [ 155.267581][ T9460] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.2234: mark_inode_dirty error [ 155.292853][ T9460] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.2234: corrupted inode contents [ 155.321151][ T9460] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.2234: mark_inode_dirty error [ 155.364081][ T9471] qrtr: Invalid version 203 [ 155.432775][ T9477] lo speed is unknown, defaulting to 1000 [ 155.459192][ T9479] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 1, id = 0 [ 155.469219][ T9478] loop1: detected capacity change from 0 to 1024 [ 155.499768][ T9478] ext4 filesystem being mounted at /414/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 155.645856][ T9485] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 155.751967][ T9495] loop2: detected capacity change from 0 to 128 [ 155.776474][ T9497] 9pnet_fd: Insufficient options for proto=fd [ 155.818028][ T9495] ext4 filesystem being mounted at /446/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 155.856731][ T9504] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2254'. [ 156.016858][ T9495] EXT4-fs (loop2): shut down requested (0) [ 156.051709][ T9508] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2255'. [ 156.177816][ T9519] loop3: detected capacity change from 0 to 2048 [ 156.226517][ T9519] loop3: p1 < > p4 [ 156.233587][ T9519] loop3: p4 size 8388608 extends beyond EOD, truncated [ 156.240949][ T9522] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 156.247506][ T9522] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 156.255207][ T9522] vhci_hcd vhci_hcd.0: Device attached [ 156.294468][ T9525] loop4: detected capacity change from 0 to 164 [ 156.474720][ T9529] 9pnet_fd: Insufficient options for proto=fd [ 156.500696][ T23] usb 9-1: new low-speed USB device number 3 using vhci_hcd [ 156.509364][ T9522] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 156.539198][ T9523] vhci_hcd: connection closed [ 156.539637][ T134] vhci_hcd: stop threads [ 156.548696][ T134] vhci_hcd: release socket [ 156.553239][ T134] vhci_hcd: disconnect device [ 156.600419][ T9535] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 156.607082][ T9535] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 156.614951][ T9535] vhci_hcd vhci_hcd.0: Device attached [ 156.657500][ T9535] program syz.2.2264 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 156.694069][ T9537] vhci_hcd: connection closed [ 156.694415][ T51] vhci_hcd: stop threads [ 156.703615][ T51] vhci_hcd: release socket [ 156.708085][ T51] vhci_hcd: disconnect device [ 156.777953][ T9554] pim6reg: entered allmulticast mode [ 156.785241][ T9554] pim6reg: left allmulticast mode [ 156.829374][ T9556] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 156.836697][ T9556] IPv6: NLM_F_CREATE should be set when creating new route [ 156.844880][ T9557] loop3: detected capacity change from 0 to 512 [ 156.854056][ T9557] EXT4-fs: Ignoring removed bh option [ 156.875108][ T9557] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 157.088643][ T9565] loop4: detected capacity change from 0 to 2048 [ 157.120952][ T3483] loop4: p1 < > p4 [ 157.125406][ T3483] loop4: p4 size 8388608 extends beyond EOD, truncated [ 157.134822][ T9565] loop4: p1 < > p4 [ 157.139341][ T9565] loop4: p4 size 8388608 extends beyond EOD, truncated [ 157.183673][ T3483] udevd[3483]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 157.194129][ T3484] udevd[3484]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 157.306842][ T9578] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 157.313430][ T9578] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 157.321013][ T9578] vhci_hcd vhci_hcd.0: Device attached [ 157.329227][ T9578] loop4: detected capacity change from 0 to 164 [ 157.431199][ T9589] loop2: detected capacity change from 0 to 1024 [ 157.510057][ T9578] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 157.519266][ T9581] vhci_hcd: connection closed [ 157.519564][ T51] vhci_hcd: stop threads [ 157.527658][ T9596] loop2: detected capacity change from 0 to 2048 [ 157.528565][ T51] vhci_hcd: release socket [ 157.528585][ T51] vhci_hcd: disconnect device [ 157.571209][ T3483] loop2: p1 < > p4 [ 157.575709][ T3483] loop2: p4 size 8388608 extends beyond EOD, truncated [ 157.585692][ T9596] loop2: p1 < > p4 [ 157.590263][ T9596] loop2: p4 size 8388608 extends beyond EOD, truncated [ 157.632131][ T3484] udevd[3484]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 157.643432][ T3483] udevd[3483]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 157.686191][ T9602] loop2: detected capacity change from 0 to 2048 [ 157.734612][ T9602] loop2: p1 < > p4 [ 157.739621][ T9602] loop2: p4 size 8388608 extends beyond EOD, truncated [ 157.764648][ T9606] __nla_validate_parse: 8 callbacks suppressed [ 157.764663][ T9606] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2295'. [ 157.781879][ T36] usb 1-1: enqueue for inactive port 0 [ 157.787472][ T36] usb 1-1: enqueue for inactive port 0 [ 157.818515][ T9609] loop2: detected capacity change from 0 to 164 [ 157.834544][ T9609] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 157.840089][ T3483] udevd[3483]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 157.844601][ T3484] udevd[3484]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 157.863898][ T9609] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 157.872271][ T9609] Symlink component flag not implemented [ 157.877974][ T9609] Symlink component flag not implemented [ 157.884530][ T36] vhci_hcd: vhci_device speed not set [ 157.890231][ T9609] Symlink component flag not implemented (7) [ 157.896323][ T9609] Symlink component flag not implemented (116) [ 158.063868][ T9631] netlink: 'syz.1.2307': attribute type 1 has an invalid length. [ 158.071788][ T9631] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2307'. [ 158.089954][ T9631] loop1: detected capacity change from 0 to 512 [ 158.188626][ T9635] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2309'. [ 158.218313][ T9647] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2313'. [ 158.241357][ T9647] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2313'. [ 158.341235][ T9661] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 158.347828][ T9661] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 158.355418][ T9661] vhci_hcd vhci_hcd.0: Device attached [ 158.366785][ T9659] netlink: 'syz.2.2320': attribute type 1 has an invalid length. [ 158.368015][ T9661] loop1: detected capacity change from 0 to 164 [ 158.374698][ T9659] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2320'. [ 158.423884][ T9659] loop2: detected capacity change from 0 to 512 [ 158.486045][ T9661] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 158.503276][ T9662] vhci_hcd: connection closed [ 158.503428][ T3554] vhci_hcd: stop threads [ 158.512490][ T3554] vhci_hcd: release socket [ 158.517042][ T3554] vhci_hcd: disconnect device [ 158.540447][ T3386] vhci_hcd: vhci_device speed not set [ 158.625052][ T9674] FAULT_INJECTION: forcing a failure. [ 158.625052][ T9674] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.638275][ T9674] CPU: 1 UID: 0 PID: 9674 Comm: Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 158.638310][ T9674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 158.638326][ T9674] Call Trace: [ 158.638334][ T9674] [ 158.638343][ T9674] __dump_stack+0x1d/0x30 [ 158.638378][ T9674] dump_stack_lvl+0xe8/0x140 [ 158.638403][ T9674] dump_stack+0x15/0x1b [ 158.638437][ T9674] should_fail_ex+0x265/0x280 [ 158.638475][ T9674] should_fail+0xb/0x20 [ 158.638500][ T9674] should_fail_usercopy+0x1a/0x20 [ 158.638559][ T9674] _copy_from_user+0x1c/0xb0 [ 158.638582][ T9674] __sys_bind+0x106/0x2a0 [ 158.638648][ T9674] __x64_sys_bind+0x3f/0x50 [ 158.638676][ T9674] x64_sys_call+0x2086/0x2fb0 [ 158.638696][ T9674] do_syscall_64+0xd2/0x200 [ 158.638768][ T9674] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 158.638794][ T9674] ? clear_bhb_loop+0x40/0x90 [ 158.638816][ T9674] ? clear_bhb_loop+0x40/0x90 [ 158.638843][ T9674] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.638911][ T9674] RIP: 0033:0x7fdd4655e929 [ 158.638930][ T9674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.638953][ T9674] RSP: 002b:00007fdd44bbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 158.638976][ T9674] RAX: ffffffffffffffda RBX: 00007fdd46785fa0 RCX: 00007fdd4655e929 [ 158.638990][ T9674] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000006 [ 158.639005][ T9674] RBP: 00007fdd44bbf090 R08: 0000000000000000 R09: 0000000000000000 [ 158.639020][ T9674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.639115][ T9674] R13: 0000000000000000 R14: 00007fdd46785fa0 R15: 00007ffd74c486a8 [ 158.639210][ T9674] [ 158.841601][ T9676] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2327'. [ 158.851781][ T9676] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2327'. [ 158.941260][ T9686] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 158.948566][ T9686] IPv6: NLM_F_CREATE should be set when creating new route [ 158.999991][ T9694] loop4: detected capacity change from 0 to 128 [ 159.010992][ T9694] ext4 filesystem being mounted at /482/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 159.041164][ T9694] EXT4-fs (loop4): shut down requested (0) [ 159.078515][ T9699] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2337'. [ 159.163690][ T9701] loop4: detected capacity change from 0 to 512 [ 159.174963][ T9703] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=9703 comm=syz.4.2338 [ 159.192416][ T9701] EXT4-fs: Ignoring removed bh option [ 159.198689][ T9701] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 159.207870][ T9701] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 159.225388][ T9701] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 159.241219][ T9701] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 159.301404][ T9715] loop1: detected capacity change from 0 to 1024 [ 159.398829][ T9722] veth1_to_bond: entered allmulticast mode [ 159.431383][ T9722] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2344'. [ 159.451946][ T9722] bond0: (slave bond_slave_1): Releasing backup interface [ 159.462115][ T9722] bond_slave_1 (unregistering): left promiscuous mode [ 159.472507][ T9722] veth1_to_bond (unregistering): left allmulticast mode [ 159.493138][ T9730] loop1: detected capacity change from 0 to 512 [ 159.513436][ T9730] ext4 filesystem being mounted at /442/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 159.525884][ T9730] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.2348: corrupted inode contents [ 159.538723][ T9730] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.2348: mark_inode_dirty error [ 159.550789][ T9730] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.2348: corrupted inode contents [ 159.569387][ T9730] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.2348: corrupted inode contents [ 159.571006][ T9734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 159.581390][ T29] kauditd_printk_skb: 187 callbacks suppressed [ 159.581408][ T29] audit: type=1400 audit(1752727908.877:2294): avc: denied { ioctl } for pid=9733 comm="syz.2.2349" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 159.593460][ T9734] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.598710][ T9730] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.2348: mark_inode_dirty error [ 159.640456][ T9730] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.2348: corrupted inode contents [ 159.652619][ T9730] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.2348: mark_inode_dirty error [ 159.664079][ T9730] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.2348: corrupted inode contents [ 159.676213][ T9730] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.2348: mark_inode_dirty error [ 160.177412][ T29] audit: type=1400 audit(1752727909.487:2295): avc: denied { create } for pid=9755 comm="syz.2.2359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1 [ 160.250516][ T29] audit: type=1400 audit(1752727909.537:2296): avc: denied { connect } for pid=9755 comm="syz.2.2359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 160.790031][ T9774] loop1: detected capacity change from 0 to 2048 [ 160.841356][ T9776] loop2: detected capacity change from 0 to 128 [ 160.850189][ T3483] loop1: p1 < > p4 [ 160.873152][ T3483] loop1: p4 size 8388608 extends beyond EOD, truncated [ 160.952112][ T9776] EXT4-fs mount: 46 callbacks suppressed [ 160.952128][ T9776] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 160.979955][ T9774] loop1: p1 < > p4 [ 160.989285][ T9774] loop1: p4 size 8388608 extends beyond EOD, truncated [ 160.998097][ T9781] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 161.004671][ T9781] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 161.012487][ T9781] vhci_hcd vhci_hcd.0: Device attached [ 161.021160][ T9776] ext4 filesystem being mounted at /487/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 161.064725][ T9784] loop4: detected capacity change from 0 to 164 [ 161.105771][ T9788] loop1: detected capacity change from 0 to 128 [ 161.108850][ T9782] vhci_hcd: connection closed [ 161.116863][ T37] vhci_hcd: stop threads [ 161.126100][ T37] vhci_hcd: release socket [ 161.130620][ T37] vhci_hcd: disconnect device [ 161.136587][ T9788] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 161.151463][ T9790] EXT4-fs (loop2): shut down requested (0) [ 161.166778][ T9788] ext4 filesystem being mounted at /447/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 161.171821][ T3483] udevd[3483]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 161.178706][ T3298] udevd[3298]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 161.220661][ T3310] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 161.348896][ T9788] EXT4-fs (loop1): shut down requested (0) [ 161.378599][ T3305] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 161.527702][ T9799] lo speed is unknown, defaulting to 1000 [ 161.540973][ T23] usb 9-1: enqueue for inactive port 0 [ 161.547697][ T23] usb 9-1: enqueue for inactive port 0 [ 161.616501][ T9805] loop1: detected capacity change from 0 to 1024 [ 161.630359][ T23] vhci_hcd: vhci_device speed not set [ 161.641887][ T9803] netlink: 'syz.0.2374': attribute type 1 has an invalid length. [ 161.686310][ T9807] loop4: detected capacity change from 0 to 2048 [ 161.701547][ T9803] loop0: detected capacity change from 0 to 512 [ 161.713238][ T9805] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 161.740819][ T3484] loop4: p1 < > p4 [ 161.745637][ T3484] loop4: p4 size 8388608 extends beyond EOD, truncated [ 161.749636][ T9805] ext4 filesystem being mounted at /450/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 161.778388][ T9807] loop4: p1 < > p4 [ 161.788469][ T9807] loop4: p4 size 8388608 extends beyond EOD, truncated [ 161.826734][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.863661][ T3298] udevd[3298]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 161.875564][ T3483] udevd[3483]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 161.942450][ T9819] loop1: detected capacity change from 0 to 2048 [ 161.974304][ T9820] loop4: detected capacity change from 0 to 2048 [ 161.991038][ T9819] loop1: p1 < > p4 [ 161.995751][ T9819] loop1: p4 size 8388608 extends beyond EOD, truncated [ 162.004514][ T9820] loop4: p1 < > p4 [ 162.023834][ T9820] loop4: p4 size 8388608 extends beyond EOD, truncated [ 162.161029][ T9831] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 162.167630][ T9831] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 162.175285][ T9831] vhci_hcd vhci_hcd.0: Device attached [ 162.197030][ T9831] loop4: detected capacity change from 0 to 164 [ 162.424927][ T9837] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 162.484042][ T9832] vhci_hcd: connection closed [ 162.502479][ T3552] vhci_hcd: stop threads [ 162.512018][ T3552] vhci_hcd: release socket [ 162.516474][ T3552] vhci_hcd: disconnect device [ 162.540365][ T23] vhci_hcd: vhci_device speed not set [ 162.839593][ T9839] 9pnet_fd: Insufficient options for proto=fd [ 162.886970][ T9841] __nla_validate_parse: 5 callbacks suppressed [ 162.886986][ T9841] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2389'. [ 162.969924][ T9847] qrtr: Invalid version 203 [ 163.087699][ T9850] loop2: detected capacity change from 0 to 2048 [ 163.111874][ T9850] loop2: p1 < > p4 [ 163.116980][ T9850] loop2: p4 size 8388608 extends beyond EOD, truncated [ 163.229679][ T3483] udevd[3483]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 163.230238][ T3298] udevd[3298]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 163.351316][ T9868] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2399'. [ 163.432934][ T9868] infiniband syz1: set down [ 163.437663][ T9868] infiniband syz1: added bond0 [ 163.552271][ T9868] RDS/IB: syz1: added [ 163.559627][ T9868] smc: adding ib device syz1 with port count 1 [ 163.567280][ T9868] smc: ib device syz1 port 1 has pnetid [ 164.670719][ T29] audit: type=1400 audit(1752727913.967:2297): avc: denied { connect } for pid=9896 comm="syz.4.2411" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 165.881800][ T29] audit: type=1400 audit(1752727914.337:2298): avc: denied { write } for pid=9913 comm="syz.1.2416" name="event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 165.905245][ T29] audit: type=1400 audit(1752727914.337:2299): avc: denied { open } for pid=9913 comm="syz.1.2416" path="/dev/input/event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 165.929501][ T29] audit: type=1400 audit(1752727914.337:2300): avc: denied { ioctl } for pid=9913 comm="syz.1.2416" path="/dev/input/event2" dev="devtmpfs" ino=245 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 166.209737][ T9948] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.231982][ T9948] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.489084][ T9957] bond0: (slave netdevsim1): Releasing backup interface [ 166.529140][ T9960] team0: Failed to send options change via netlink (err -105) [ 166.537058][ T9960] team0: Mode changed to "activebackup" [ 166.642008][ T9973] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2438'. [ 166.675362][ T9975] loop1: detected capacity change from 0 to 512 [ 166.684731][ T9975] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 166.735810][ T9975] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 166.750465][ T9975] ext4 filesystem being mounted at /469/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.776368][ T29] audit: type=1400 audit(1752727916.077:2301): avc: denied { setopt } for pid=9974 comm="syz.1.2439" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 166.796043][ T29] audit: type=1400 audit(1752727916.077:2302): avc: denied { getopt } for pid=9974 comm="syz.1.2439" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 166.856339][ T9984] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.885065][ T9984] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.921058][ T29] audit: type=1400 audit(1752727916.137:2303): avc: denied { ioctl } for pid=9974 comm="syz.1.2439" path="socket:[26585]" dev="sockfs" ino=26585 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 166.956535][ T9986] syzkaller1: entered promiscuous mode [ 166.962203][ T9986] syzkaller1: entered allmulticast mode [ 167.531666][ T9995] loop4: detected capacity change from 0 to 512 [ 167.552730][ T9995] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 167.582903][ T9995] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=884ee02c, mo2=0102] [ 167.591091][ T9995] EXT4-fs (loop4): orphan cleanup on readonly fs [ 167.598476][ T9995] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 33619980: comm syz.4.2445: invalid block [ 167.616313][ T9995] EXT4-fs (loop4): Remounting filesystem read-only [ 167.624181][ T9995] EXT4-fs (loop4): 1 truncate cleaned up [ 167.630808][ T9995] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: writeback. [ 167.895331][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 168.087781][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 168.275207][ T3565] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0xea [ 168.345958][T10021] lo speed is unknown, defaulting to 1000 [ 168.404539][T10027] 9pnet_fd: Insufficient options for proto=fd [ 168.434481][T10029] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 168.441075][T10029] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 168.448733][T10029] vhci_hcd vhci_hcd.0: Device attached [ 168.521077][T10032] vhci_hcd: connection closed [ 168.527490][ T3565] vhci_hcd: stop threads [ 168.536564][ T3565] vhci_hcd: release socket [ 168.541086][ T3565] vhci_hcd: disconnect device [ 168.604466][T10042] loop1: detected capacity change from 0 to 1024 [ 168.635619][T10042] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.727282][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.782167][T10050] loop2: detected capacity change from 0 to 1024 [ 168.822484][T10050] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.841426][T10050] ext4 filesystem being mounted at /500/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.898944][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.924947][ T3483] ================================================================== [ 168.933089][ T3483] BUG: KCSAN: data-race in __dentry_kill / fast_dput [ 168.939803][ T3483] [ 168.942151][ T3483] write to 0xffff88811c8e53d0 of 8 bytes by task 2997 on cpu 0: [ 168.949979][ T3483] __dentry_kill+0x142/0x4b0 [ 168.954714][ T3483] dput+0x5e/0xd0 [ 168.958383][ T3483] step_into+0x5b2/0x820 [ 168.962656][ T3483] walk_component+0x162/0x220 [ 168.967462][ T3483] path_lookupat+0xfe/0x2a0 [ 168.972004][ T3483] filename_lookup+0x2d7/0x340 [ 168.976807][ T3483] do_readlinkat+0x7d/0x320 [ 168.981353][ T3483] __x64_sys_readlink+0x47/0x60 [ 168.986247][ T3483] x64_sys_call+0x2cf3/0x2fb0 [ 168.991133][ T3483] do_syscall_64+0xd2/0x200 [ 168.995684][ T3483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.001636][ T3483] [ 169.003993][ T3483] read to 0xffff88811c8e53d0 of 8 bytes by task 3483 on cpu 1: [ 169.011569][ T3483] fast_dput+0x5f/0x2c0 [ 169.015764][ T3483] dput+0x24/0xd0 [ 169.019432][ T3483] do_unlinkat+0x299/0x4c0 [ 169.023902][ T3483] __x64_sys_unlink+0x2e/0x40 [ 169.028617][ T3483] x64_sys_call+0x22a6/0x2fb0 [ 169.033342][ T3483] do_syscall_64+0xd2/0x200 [ 169.037898][ T3483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.043841][ T3483] [ 169.046192][ T3483] value changed: 0xffff888237aec310 -> 0x0000000000000000 [ 169.053330][ T3483] [ 169.055698][ T3483] Reported by Kernel Concurrency Sanitizer on: [ 169.061877][ T3483] CPU: 1 UID: 0 PID: 3483 Comm: udevd Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 169.073889][ T3483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 169.084060][ T3483] ================================================================== SYZFAIL: failed to send rpc fd=3 want=1488 sent=0 n=-1 (errno 32: Broken pipe) [ 169.140534][ T29] audit: type=1400 audit(1752727918.427:2304): avc: denied { write } for pid=3292 comm="syz-executor" path="pipe:[769]" dev="pipefs" ino=769 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 169.604319][ T3547] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.661906][ T3547] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.733378][ T3547] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.792292][ T3547] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.868517][ T3547] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.922991][ T3547] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.962057][ T3547] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.033501][ T3547] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.118763][ T3547] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.173059][ T3547] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.212830][ T3547] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.271870][ T3547] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.348490][ T3547] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.401745][ T3547] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.461967][ T3547] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.511868][ T3547] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.586644][ T3547] bridge_slave_1: left allmulticast mode [ 170.592425][ T3547] bridge_slave_1: left promiscuous mode [ 170.598109][ T3547] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.606193][ T3547] bridge_slave_0: left allmulticast mode [ 170.611918][ T3547] bridge_slave_0: left promiscuous mode [ 170.617706][ T3547] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.626731][ T3547] bridge_slave_1: left allmulticast mode [ 170.632574][ T3547] bridge_slave_1: left promiscuous mode [ 170.638332][ T3547] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.646502][ T3547] bridge_slave_0: left allmulticast mode [ 170.652260][ T3547] bridge_slave_0: left promiscuous mode [ 170.657922][ T3547] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.797716][ T3547] bridge0 (unregistering): left promiscuous mode [ 170.851959][ T3547] bond0 (unregistering): left promiscuous mode [ 170.860399][ T3565] smc: removing ib device syz1 [ 170.860817][ T3547] bond0 (unregistering): Released all slaves [ 170.874242][ T3547] bond1 (unregistering): Released all slaves [ 170.882850][ T3547] bond2 (unregistering): Released all slaves [ 170.892177][ T3547] bond3 (unregistering): Released all slaves [ 170.900970][ T3547] bond4 (unregistering): Released all slaves [ 170.909452][ T3547] bond5 (unregistering): Released all slaves [ 170.918318][ T3547] bond6 (unregistering): Released all slaves [ 170.926772][ T3547] bond7 (unregistering): Released all slaves [ 171.041863][ T3547] bond0 (unregistering): Released all slaves [ 171.052150][ T3547] bond1 (unregistering): Released all slaves [ 171.060563][ T3547] bond2 (unregistering): Released all slaves [ 171.069167][ T3547] bond3 (unregistering): Released all slaves [ 171.078000][ T3547] bond4 (unregistering): Released all slaves [ 171.152593][ T3547] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 171.162217][ T3547] bond0 (unregistering): Released all slaves [ 171.170826][ T3547] bond1 (unregistering): Released all slaves [ 171.179137][ T3547] bond2 (unregistering): Released all slaves [ 171.187716][ T3547] bond3 (unregistering): Released all slaves [ 171.197609][ T3547] bond4 (unregistering): Released all slaves [ 171.207558][ T3547] bond5 (unregistering): Released all slaves [ 171.217430][ T3547] bond6 (unregistering): Released all slaves [ 171.226092][ T3547] bond7 (unregistering): Released all slaves [ 171.234708][ T3547] bond8 (unregistering): Released all slaves [ 171.243247][ T3547] bond9 (unregistering): Released all slaves [ 171.251973][ T3547] bond10 (unregistering): Released all slaves [ 171.260939][ T3547] bond11 (unregistering): Released all slaves [ 171.270081][ T3547] bond12 (unregistering): Released all slaves [ 171.278757][ T3547] bond13 (unregistering): Released all slaves [ 171.304406][ T3547] bond0 (unregistering): Released all slaves [ 171.313786][ T3547] bond1 (unregistering): Released all slaves [ 171.323771][ T3547] bond2 (unregistering): Released all slaves [ 171.332513][ T3547] bond3 (unregistering): Released all slaves [ 171.341422][ T3547] bond4 (unregistering): Released all slaves [ 171.349691][ T3547] bond5 (unregistering): Released all slaves [ 171.455513][ T3547] IPVS: stopping master sync thread 9387 ... [ 171.462388][ T3547] IPVS: stopping master sync thread 9479 ... [ 171.513690][ T3547] hsr_slave_0: left promiscuous mode [ 171.519272][ T3547] hsr_slave_1: left promiscuous mode [ 171.527952][ T3547] hsr_slave_0: left promiscuous mode [ 171.533619][ T3547] hsr_slave_1: left promiscuous mode [ 171.541256][ T3547] hsr_slave_0: left promiscuous mode [ 171.546898][ T3547] hsr_slave_1: left promiscuous mode [ 171.560948][ T3547] veth1_macvtap: left promiscuous mode [ 171.566484][ T3547] veth0_macvtap: left promiscuous mode [ 171.572150][ T3547] veth1_vlan: left promiscuous mode [ 171.577465][ T3547] veth0_vlan: left promiscuous mode [ 171.583224][ T3547] veth0_macvtap: left promiscuous mode [ 171.588750][ T3547] veth1_vlan: left promiscuous mode [ 171.594033][ T3547] veth0_vlan: left promiscuous mode [ 171.600049][ T3547] veth1_macvtap: left promiscuous mode [ 171.605991][ T3547] veth0_macvtap: left promiscuous mode [ 171.611535][ T3547] veth1_vlan: left promiscuous mode [ 171.616783][ T3547] veth0_vlan: left promiscuous mode [ 171.622706][ T3547] veth1_macvtap: left promiscuous mode [ 171.628186][ T3547] veth0_macvtap: left promiscuous mode [ 171.633766][ T3547] veth1_vlan: left promiscuous mode [ 171.639082][ T3547] veth0_vlan: left promiscuous mode [ 171.776301][ T3547] team0 (unregistering): Port device team_slave_1 removed [ 171.787022][ T3547] team0 (unregistering): Port device team_slave_0 removed [ 171.858377][ T3547] pim6reg (unregistering): left allmulticast mode [ 171.891192][ T3547] team0 (unregistering): Port device team_slave_1 removed [ 171.901399][ T3547] team0 (unregistering): Port device team_slave_0 removed [ 171.976362][ T3366] lo speed is unknown, defaulting to 1000 [ 171.982198][ T3366] infiniband syz0: ib_query_port failed (-19) [ 172.804895][ T3547] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.852861][ T3547] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.903148][ T3547] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.963073][ T3547] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.017334][ T3547] bridge_slave_0: left allmulticast mode [ 173.023226][ T3547] bridge_slave_0: left promiscuous mode [ 173.028968][ T3547] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.113111][ T3547] bond0 (unregistering): Released all slaves [ 173.121682][ T3547] bond1 (unregistering): Released all slaves [ 173.130102][ T3547] bond2 (unregistering): Released all slaves [ 173.140088][ T3547] bond3 (unregistering): Released all slaves [ 173.148393][ T3547] bond4 (unregistering): Released all slaves [ 173.156979][ T3547] bond5 (unregistering): Released all slaves [ 173.165353][ T3547] bond6 (unregistering): Released all slaves [ 173.173910][ T3547] bond7 (unregistering): Released all slaves [ 173.182594][ T3547] bond8 (unregistering): Released all slaves [ 173.215935][ T3547] hsr_slave_0: left promiscuous mode [ 173.221688][ T3547] hsr_slave_1: left promiscuous mode [ 173.229410][ T3547] veth1_macvtap: left promiscuous mode [ 173.234995][ T3547] veth0_macvtap: left promiscuous mode [ 173.240911][ T3547] veth1_vlan: left allmulticast mode [ 173.246239][ T3547] veth1_vlan: left promiscuous mode [ 173.251669][ T3547] veth0_vlan: left promiscuous mode [ 173.307187][ T3547] team0 (unregistering): Port device team_slave_1 removed [ 173.317194][ T3547] team0 (unregistering): Port device team_slave_0 removed [ 173.343087][ T1041] infiniband ˆ: ib_query_port failed (-19)