last executing test programs: 4.255081535s ago: executing program 2 (id=1421): personality(0x4000009) socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYRES8=r2, @ANYRES32, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x94) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000340)='./bus/file0\x00', 0x800714, &(0x7f0000000180)={[{@dioread_nolock}, {@jqfmt_vfsv0}]}, 0xff, 0x4a9, &(0x7f0000000580)="$eJzs3M9rXNUeAPDvnUnS301eX1/fa1+r0SoWfyRNWrULFyoKLhQEXdRlTNJaO22kiWBLsFGkLqXgXlwK/gXu3Ii6EMGtgkspFA1CUxcSub+aZDKZ5menzXw+MJlz5p6Zc773njNz5p7cCaBt9aZ/koidEfFzRHTn2YUFevO7menJ4ZvTk8NJzM6+9nuSlbsxPTlcFi2ft6PIHKlEVD5K4tlkcb3jFy+dHarVRi8U+f6Jc+/0j1+89MSZc0OnR0+Pnh88ceL4sYGnnxp8cl3iTOO6ceD9sYP7X3rj6ivDJ6+++d2XabP2Hcq3z4/jtm42CKiB3nSv/TGbqd/28Arafi/YNS+ddLSwIaxINSLSw9WZjf/uqMbcweuOFz9saeOADZV+Nm1ZevPULLCJJdHqFgCtUX7Qp99/y9sdmnrcFa4/F9EV+fmKmenJ4Zlb8XdEpSjTuYH190bEyam/PktvsdLzEAAAq5DNbR5vNP+rxL7sPl/r2F2sofRExL8iYk9E/Dsi9kbEfyKysv+NiP/lT57tXmb9vXX5xfOfyrWGbV4n6fzvmZib+83Mi7+466kWuV1Z/J3JqTO10aPFPjkSnVvS/ECTOr5+4adPlto2f/6X3tL6y7lg0YBrHXUn6EaGJobWaydc/yDiQEej+JNbKwFpD9gfEQdi8TpWE7vLxJlHvzi4VKHbx9/EOqwzzX4e8Uh+/KeiLv5S0nx9sn9r1EaP9pe9YrHvf7zy6oIHqnPJNcW/DtLjv31h/68r0f1nkq/XdkatNnphfOV1XPnl4yW/06yk/5ddPu3/Xcnr2Zr1D2/lB+q9oYmJCwMRXcnLWZmuomz2+ODcq5X5snwa/5HDjcf/nuI5aQX/j4i0Ex+KiPsi4v6i7Q9ExIMRcbhJ/N8+/9DbTeJPIomWHv+Rhu9/t/p/TzJ/vX4VierZb75aasV8ecf/eExl77W57P3vNpbbwDXuPgAAALgnVCJiZySVvjzduzMqlb6+/H/498b2Sm1sfOKxU2Pvnh/JrxHoic5Keaare9750IFkqnjFPD9YnCsutx8rzht/Wt2W5fuGx2ojLY4d2t2OheM/yvGf+q3a6tYBG871WtC+6sd/pUXtAO685Xz++y4Am1OD8b+tFe0A7jzf/6F9NRr/l+vy5v+wOXUsSvza4CfrgM3I/B/al/EP7cv4h7a0luv6V58oLxZY/etsXfYV/psmcbl5mfIXLzayGdti7pGo3B27pWHi7+LnLe+W9qw5kY6YBY9EJLGhlc79hgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC97J8AAAD//wHu668=") r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000f00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01dfffffff9a26000000210000000c00018008000100", @ANYRES32], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0) r6 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x1, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) 2.374357007s ago: executing program 2 (id=1439): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x4) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f0000000080)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) syz_mount_image$iso9660(&(0x7f0000000540), &(0x7f00000001c0)='./file1\x00', 0x14004, &(0x7f00000005c0)=ANY=[@ANYRES32=0x0], 0x4, 0x70a, &(0x7f00000232c0)="$eJzs3V+P21gZBvDnJJkkk0JVAapWVbdzOmWlqRhSJ7NNFRUkjHOSMSRxZHtgRkJaFTqDRs0UaItEc9PODX+k5Qtwtzdc8CFW4oKr/RZwBdIKhIR2BUJGPraTTOJkJm3a2aXPb7Qb5/j18etjr896xj4GERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERQVgNw6gItO3uzq6czWq4Tif5ksXU/Ki2FdyMJm7OW+dKuF5AhP+gWMRbUfFbXxmFXA7/tY6r0berKIYfRQwuXL5098u5TLL8nIRfBBat8PHTwYN7/f7+ozPEZrFw9ecJmTMEtVTX9hy7Y7aUtD1H1ms149Z205NNu628Pc9XHWm5KuM7rtywbspKvb4lVXnP2em2GmZbJYV3vl41jJr8TiHa0QDKnrVtt9t2t6VjwtlhzB35/g+iAGV2pDw47O9vjeXzLK2Nw6BKSvKZ8eAwqHra5laNarVSqVYrtdv123cMIzdVYISEMYSpiKUftHSeMvHxusAiyzt5E72kjNX4j/FnAbRRRBc72IVM/bHQgAsHnRnzY0n//84tNXe94/1/0suvjGZfge7/r0Xfrs3q/2fkIiH1AmlzxIzyxX5WdEYSj/EUAzzAPfTRxz4eLaFuCbn20jXkjbgll5LPzJ8WFLqw4cGBjQ5MtPBFyLhEoo4aajDwHrbRhAeJJmy0oeBhDx58qPCIyoeZKpjw4cCFxAYs3IREBXXUsQUJhTL24GAHXbTQgIlPgiA4wKFu9604n+cpW40kqDJjIwrIJcfdPqpztnZW///DZ9HScf9vsP9/U0XHQSH6+GheDNFnQBBf/y9o7dVkQ0RERERERESvgtC/fRf6r/JvAwjQtNvKOBFTOLfsiIiIiIiIiGgZBIICrkJEd+XjbYjp638iIiIiIiIi+nwT+hk7AaCkb+oXo8elzvJLgOxrSJGIiIiIiIiIXpJ+8v9aHgj0Xf5rEAtd/xMRERERERHR58Cvx8bYz2XjMXaD5M/6GQBrfymID/9egLsijnu7XxVHZjjHPIpjpu4A8JtXxMV4oF79kQegv1nqqojXJoF/Jb99CH18kD7W//MgIoRwJxLIZ8crmJGACNdcy8Xf8D6uR4tcj8eZvz/IQM+JRhQuNe22KltO+24Fpnkx46td/+cPD38BuMPtPDjs75d/9JP+fZ3LcVh0fBRW+uxEOpn0xhjl8kSPt6CfuUgb3XgVzWSVv+l2SkKv10i2PwvzKDO+onk7oLYKRFv5S6xH+2w9iGJLg+GI+wJY04M/VMp6l53YendFjLKoTG552o6YseVFncWNKObGxo3oI2mTsJ6MKH4tC1TLk/sgTHQsi+p4Fqe3hfjHRPvPzwKiGLbFVpjFH8OKJtri+x9GC2/1dpPhMc6SxdRRQER0Xg5GvZAexHxqjP2ke0hOamfvd5AD4rPcjN59tJYg7j+S3v3J74Koh8oCufhvE+lrSfoVhGf0DaHryUcDuueupJzRjfKnQRCYF4sYP6P/NwiSDTIW6N2OgyCYPKP/YfQOpDjtqSz+HQTB3YruSX470at+EC7wwcz1eu1qFkUU8OTop/gkmb3/4/2H1epWzXjXMG5XsaL/VyH+yIJ9DxERTTn9HTs6IjMnQryL61Ed1+//7Z1o6kSP96X4lgLtFtDHfWwmrxBYS6+1hAN885/RbQib0VUrsF6KPksDefnS3fCqdhh7KHL6DS+bM6/qdGcZxerbG6rD2OS9Q5NXgKPYrVe8F4iIiF6v9Rn9MHCi/8fJ/r94ov/fxEYUsXEl9bq7NHZL4WZydTy8pB9cOE6NrZye/LeW3BhERERvCOV+LEr+r4Tr2r33KvV6xfS3lXQd67vStRstJe2ur1xr2+y2lOy5ju9YTlv2XBTsVeVJb6fXc1xfNh1X9hzP3tVvfpfxq9891TG7vm15vbYyPSUtp+ubli8btmfJ3s6327a3rVy9sNdTlt20LdO3na70nB3XUmUpPaXGAu2G6vp20w4nu7Ln2h3T3ZPfc9o7HSUbyrNcu+c7UYXJuuxu03E7utoygoVfdEhERPT/6PHTwYN7/f7+o8mJ1fDSPCo5xoyY6Yl8SoUcI4iIiOgzZtRdL7BQ8RUmREREREREREREREREREREREREREREREREU05/pG/BiZW0hwWBYcnPLsYleI7RI4ZT9Qi8bD6fun/SA/u9yOKZYYkAcIalkkciBg8+mhO8OixJmn885niRDHEJeOH2+esXgAu6BFFJbokHwPTzo0s/xtImvnEQteisGD0zdVZhuC9yy//PIZx4+PvpWSJs+SAIgvmLF062Yf7sx3MOwKP8nF2wesrx87rPRET0uv0vAAD//ySOL9Y=") chown(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) 2.30392972s ago: executing program 1 (id=1440): bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e24, 0xfffffffa, @loopback}, 0x1c) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1b, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000080000007b8af0ff00000000bfa100000000000007010000f8ffd4436bef00000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70400000800000085000000950000009500000000000000"], 0x0, 0xc, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet6(0xa, 0x80003, 0xff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = dup(r2) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r5}, 0x18) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240"], 0x64}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4) 2.260000612s ago: executing program 1 (id=1443): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000005c0)='sched_switch\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdir(&(0x7f0000000040)='./control\x00', 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x8, 0x0, 0x7ffc0002}]}) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r3}, 0x18) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02}) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {0x0, 0x1328}], 0x2, 0x0, 0x0, 0x41}, 0x0) readv(r4, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x1c}], 0x4) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 2.140305827s ago: executing program 2 (id=1445): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2a080, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) unshare(0x2040400) inotify_rm_watch(0xffffffffffffffff, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) getpid() r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4040010}, 0x30) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r1 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0xfe, 0x0, 0xff, 0x0, 0x0, 0x5022, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) close(r1) 1.484556675s ago: executing program 1 (id=1453): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdir(&(0x7f0000000040)='./control\x00', 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x8, 0x0, 0x7ffc0002}]}) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02}) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {0x0, 0x1328}], 0x2, 0x0, 0x0, 0x41}, 0x0) readv(r2, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x1c}], 0x4) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 1.411161279s ago: executing program 0 (id=1454): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100004, 0x2, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f0000000080)=r1}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r3}, 0x10) io_setup(0x8f0, &(0x7f0000002400)=0x0) io_submit(r4, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x6, 0x0, 0x0, 0x2}]) 1.231579456s ago: executing program 0 (id=1456): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x4) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f0000000080)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) syz_mount_image$iso9660(&(0x7f0000000540), &(0x7f00000001c0)='./file1\x00', 0x14004, &(0x7f00000005c0)=ANY=[@ANYRES32=0x0], 0x4, 0x70a, &(0x7f00000232c0)="$eJzs3V+P21gZBvDnJJkkk0JVAapWVbdzOmWlqRhSJ7NNFRUkjHOSMSRxZHtgRkJaFTqDRs0UaItEc9PODX+k5Qtwtzdc8CFW4oKr/RZwBdIKhIR2BUJGPraTTOJkJm3a2aXPb7Qb5/j18etjr896xj4GERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERQVgNw6gItO3uzq6czWq4Tif5ksXU/Ki2FdyMJm7OW+dKuF5AhP+gWMRbUfFbXxmFXA7/tY6r0berKIYfRQwuXL5098u5TLL8nIRfBBat8PHTwYN7/f7+ozPEZrFw9ecJmTMEtVTX9hy7Y7aUtD1H1ms149Z205NNu628Pc9XHWm5KuM7rtywbspKvb4lVXnP2em2GmZbJYV3vl41jJr8TiHa0QDKnrVtt9t2t6VjwtlhzB35/g+iAGV2pDw47O9vjeXzLK2Nw6BKSvKZ8eAwqHra5laNarVSqVYrtdv123cMIzdVYISEMYSpiKUftHSeMvHxusAiyzt5E72kjNX4j/FnAbRRRBc72IVM/bHQgAsHnRnzY0n//84tNXe94/1/0suvjGZfge7/r0Xfrs3q/2fkIiH1AmlzxIzyxX5WdEYSj/EUAzzAPfTRxz4eLaFuCbn20jXkjbgll5LPzJ8WFLqw4cGBjQ5MtPBFyLhEoo4aajDwHrbRhAeJJmy0oeBhDx58qPCIyoeZKpjw4cCFxAYs3IREBXXUsQUJhTL24GAHXbTQgIlPgiA4wKFu9604n+cpW40kqDJjIwrIJcfdPqpztnZW///DZ9HScf9vsP9/U0XHQSH6+GheDNFnQBBf/y9o7dVkQ0RERERERESvgtC/fRf6r/JvAwjQtNvKOBFTOLfsiIiIiIiIiGgZBIICrkJEd+XjbYjp638iIiIiIiIi+nwT+hk7AaCkb+oXo8elzvJLgOxrSJGIiIiIiIiIXpJ+8v9aHgj0Xf5rEAtd/xMRERERERHR58Cvx8bYz2XjMXaD5M/6GQBrfymID/9egLsijnu7XxVHZjjHPIpjpu4A8JtXxMV4oF79kQegv1nqqojXJoF/Jb99CH18kD7W//MgIoRwJxLIZ8crmJGACNdcy8Xf8D6uR4tcj8eZvz/IQM+JRhQuNe22KltO+24Fpnkx46td/+cPD38BuMPtPDjs75d/9JP+fZ3LcVh0fBRW+uxEOpn0xhjl8kSPt6CfuUgb3XgVzWSVv+l2SkKv10i2PwvzKDO+onk7oLYKRFv5S6xH+2w9iGJLg+GI+wJY04M/VMp6l53YendFjLKoTG552o6YseVFncWNKObGxo3oI2mTsJ6MKH4tC1TLk/sgTHQsi+p4Fqe3hfjHRPvPzwKiGLbFVpjFH8OKJtri+x9GC2/1dpPhMc6SxdRRQER0Xg5GvZAexHxqjP2ke0hOamfvd5AD4rPcjN59tJYg7j+S3v3J74Koh8oCufhvE+lrSfoVhGf0DaHryUcDuueupJzRjfKnQRCYF4sYP6P/NwiSDTIW6N2OgyCYPKP/YfQOpDjtqSz+HQTB3YruSX470at+EC7wwcz1eu1qFkUU8OTop/gkmb3/4/2H1epWzXjXMG5XsaL/VyH+yIJ9DxERTTn9HTs6IjMnQryL61Ed1+//7Z1o6kSP96X4lgLtFtDHfWwmrxBYS6+1hAN885/RbQib0VUrsF6KPksDefnS3fCqdhh7KHL6DS+bM6/qdGcZxerbG6rD2OS9Q5NXgKPYrVe8F4iIiF6v9Rn9MHCi/8fJ/r94ov/fxEYUsXEl9bq7NHZL4WZydTy8pB9cOE6NrZye/LeW3BhERERvCOV+LEr+r4Tr2r33KvV6xfS3lXQd67vStRstJe2ur1xr2+y2lOy5ju9YTlv2XBTsVeVJb6fXc1xfNh1X9hzP3tVvfpfxq9891TG7vm15vbYyPSUtp+ubli8btmfJ3s6327a3rVy9sNdTlt20LdO3na70nB3XUmUpPaXGAu2G6vp20w4nu7Ln2h3T3ZPfc9o7HSUbyrNcu+c7UYXJuuxu03E7utoygoVfdEhERPT/6PHTwYN7/f7+o8mJ1fDSPCo5xoyY6Yl8SoUcI4iIiOgzZtRdL7BQ8RUmREREREREREREREREREREREREREREREREU05/pG/BiZW0hwWBYcnPLsYleI7RI4ZT9Qi8bD6fun/SA/u9yOKZYYkAcIalkkciBg8+mhO8OixJmn885niRDHEJeOH2+esXgAu6BFFJbokHwPTzo0s/xtImvnEQteisGD0zdVZhuC9yy//PIZx4+PvpWSJs+SAIgvmLF062Yf7sx3MOwKP8nF2wesrx87rPRET0uv0vAAD//ySOL9Y=") chown(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) 1.193547838s ago: executing program 2 (id=1457): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYRESHEX], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000000100)={'macvtap0\x00', @link_local}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x200000, @empty, 0x1}, 0x1c) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x7fe2, 0x1}, 0x50) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x4, 0x7ffc0002}]}) semtimedop(0x0, &(0x7f0000000280)=[{0x0, 0x1000, 0x1000}], 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x18) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0) readv(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x4}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x8, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x54}, 0x20) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000280)={0x77359400}, 0xfffffffffffffffe) listen(r3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r8, @ANYBLOB], 0x84}}, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)='%pS \x00'}, 0x20) 1.192880078s ago: executing program 0 (id=1458): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100004, 0x2, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f0000000080)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]}) openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x474283, 0x0, 0x14}, 0x20) 1.173120159s ago: executing program 0 (id=1459): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]}) openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x474283, 0x0, 0x14}, 0x20) 1.130326121s ago: executing program 0 (id=1461): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x200000000006, 0xbc, 0x0, 0x7ffc0002}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r2, &(0x7f0000005f80)=[{{&(0x7f00000004c0)=@caif=@util, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000600)=""/163, 0xa3}], 0x1, &(0x7f0000000700)=""/38, 0x26}, 0x6}, {{&(0x7f0000000740)=@nfc, 0x80, &(0x7f0000001a40)=[{&(0x7f00000007c0)=""/23, 0x17}, {&(0x7f0000000800)=""/113, 0x71}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000001880)=""/210, 0xd2}], 0x4, &(0x7f0000001ac0)=""/68, 0x44}, 0x3}, {{0x0, 0x0, &(0x7f0000001bc0)=[{&(0x7f0000001b40)=""/101, 0x65}, {&(0x7f0000002b00)=""/114, 0x72}], 0x2, &(0x7f0000001cc0)=""/3, 0x3}, 0x1ff}, {{&(0x7f0000002b80)=@phonet, 0x80, &(0x7f0000002fc0)=[{&(0x7f0000002c00)=""/46, 0x2e}, {&(0x7f0000002c40)=""/67, 0x43}, {&(0x7f0000002cc0)=""/238, 0xee}, {&(0x7f0000002dc0)=""/192, 0xc0}, {&(0x7f0000002e80)=""/218, 0xda}, {&(0x7f0000002f80)=""/18, 0x12}], 0x6, &(0x7f0000003040)=""/226, 0xe2}, 0x4}, {{&(0x7f0000003140)=@hci, 0x80, &(0x7f00000034c0)=[{&(0x7f00000031c0)=""/95, 0x5f}, {&(0x7f0000003240)=""/141, 0x8d}, {&(0x7f0000003300)=""/248, 0xf8}, {&(0x7f0000003400)=""/172, 0xac}], 0x4, &(0x7f0000003500)}, 0x9}, {{&(0x7f0000003540)=@alg, 0x80, &(0x7f00000037c0)=[{&(0x7f00000035c0)=""/226, 0xe2}, {&(0x7f00000036c0)=""/182, 0xb6}, {&(0x7f0000003780)=""/63, 0x3f}], 0x3, &(0x7f0000003800)=""/34, 0x22}}, {{0x0, 0x0, &(0x7f0000005b40)=[{&(0x7f0000003840)=""/81, 0x51}, {&(0x7f00000038c0)=""/227, 0xe3}, {&(0x7f00000039c0)=""/15, 0xf}, {&(0x7f0000003a00)=""/4096, 0x1000}, {&(0x7f0000004a00)=""/220, 0xdc}, {&(0x7f0000004b00)=""/8, 0x8}, {&(0x7f0000004b40)=""/4096, 0x1000}], 0x7, &(0x7f0000005bc0)=""/107, 0x6b}, 0xffffa74d}, {{&(0x7f0000005c40)=@qipcrtr, 0x80, &(0x7f0000005e40)=[{&(0x7f0000005cc0)=""/71, 0x47}, {&(0x7f0000005d40)=""/231, 0xe7}], 0x2, &(0x7f0000005e80)=""/196, 0xc4}, 0x5}], 0x8, 0x20, &(0x7f0000006180)={0x77359400}) 1.113488521s ago: executing program 1 (id=1462): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) io_setup(0x8f0, &(0x7f0000002400)=0x0) io_submit(r3, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x6, 0x0, 0x0, 0x2}]) 1.022071696s ago: executing program 1 (id=1466): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100004, 0x2, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f0000000080)=r1}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r3}, 0x10) io_setup(0x8f0, &(0x7f0000002400)=0x0) io_submit(r4, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x6, 0x0, 0x0, 0x2}]) 977.315738ms ago: executing program 2 (id=1467): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2a080, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) unshare(0x2040400) inotify_rm_watch(0xffffffffffffffff, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) getpid() r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4040010}, 0x30) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r1 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0xfe, 0x0, 0xff, 0x0, 0x0, 0x5022, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) close(r1) 923.53169ms ago: executing program 1 (id=1468): bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r1}, 0x10) syz_io_uring_setup(0x114, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, 0x0, 0x0) 779.279546ms ago: executing program 4 (id=1471): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f00000017c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40dddb51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42553ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca000000000000000000000509619f5f0cbc72eebc653946d3552236f0dfe485cfa71bd69f4ded6e131128c3875b785875addfcbd5931c12adbef75535e694f3a19f28f9f99fa32e8ff66e7b1ff674434fb63ba0e28aadccf77d387525c98e81476058c958eaccfa7d251d0671222dc9d06485f7f690d3d4227bd21bd7ff8338617705b7faec47c86789a488b43d0fedf1b0ee05d65c677ced1e8214b2f6cb74d73886eb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000240)='timer_start\x00', r1}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff3, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r2}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000010c0)) 727.833199ms ago: executing program 4 (id=1472): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]}) openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x474283, 0x0, 0x14}, 0x20) 692.0009ms ago: executing program 4 (id=1473): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f0000000580)=ANY=[@ANYRES64, @ANYRES16, @ANYRES64], &(0x7f0000000080)='GPL\x00', 0xfffffffc, 0xfa1d45b35cf714cd, 0x0, 0x40f00, 0x14, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000057000000"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@nouid32}]}, 0xc1, 0x7e9, &(0x7f00000017c0)="$eJzs3c1rHG8dAPDvbF42SauJIGh7CggaKN2YGlsFDxEPIlgo6Nk2bLahZpMt2U1pQqDpQfAiqHgQ9NKzL/UgePXlqv+EeJAW0TRYT7oys7t53d0kbXa3/fXzgck8M/PMPPPN88yzz+4MuwF8sKbTP7mIKxHxwyRisrk+iYiRLDUcsdDI93p3u5hOSdTr3/pnkuX57aWDYyXN+aXmwqcj4o/fi7iWO17qeHNeLq03U7O11Yez1c2t6w9WF5dLy6W1m3Pz8zduffHWzZN7val//2Xr8ssfff1zv14Yjk89/8GfkliIy81te7vbxbc8/AnTMd38n4yk/8IjvnbRhQ1YMugT4I2kl+ZQ4yqPKzEZQ1mqg7e9AAGAd8KTiKgDAB+Y5LTX/yFDBAD4aGl9DrC3u11sTYP9RKK//vHViBhrxN+6v9nYMty8ZzeW3Qed2EuO3BlJImLqAsqfjoif/+47v0yn6NF9SIB2dp425nu7+WP9f5L2f6OnHyHfccvnu+1Wb+w3fWy1/g/65/fp+OdLJ8d/V/cf6BnL/h4b/4zl21y7b+L06z/3osOuZ+ibTpeO/75y6Nm2g/Hf/kNrU0PNpY9lY76R5P6Dcint2z4eETMxkk+X57Ks7Z+Cmnn131edyj88/vvXj7/7i7T8dH6QI/diOB/1xnN5/8vG60uLtcWLiD2L/2nE1eF28Sf749/kSP0v7Ed6p+NRj1bNN778/Z91ypnGn8bbmk7G31v1ZxGfbVv/B3WZdH0+cTZrDrOtRtHGb/7204lO5R/Ufz6bp+W33gv0Q1r/E93jn0pT1c2tlcVyubRePX8Zf342+YdO2w63//bxZ+3/iLT9jybfztKtlvZ4sVZbn4sYTb55cv2Ng31by638afwzn2l//bdv/42+IH1PeG9/qbvhl6O/ah6qbfyZnU7x91Ya/9K56r9Lot7c59im569XhjqVf7b6n89SM801Z+n/TjnTt2jNAAAAAAAAAAAAAAAAAAAAAAAAAHB+uYi4HEmusJ/O5QqFxm94fzImcuVKtXbtfmVjbSmy38qeipFc66suJw99H+pc8/vwW8s3ji1/ISI+ERE/yY9ny4Vipbw06OABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOnS0d//f5LOCoXGtr/nB312AEDPjA36BACAvvP6DwAfnvO9/o/37DwAgP459/v/etKbEwEA+ubMr//3enseAED/uP8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAj925fTud6v/Z3S6my0uPNjdWKo+uL5WqK4XVjWKhWFl/WFiuVJbLpUKxstrxQDuNWblSeTgfaxuPZ2ulam22url1d7WysVa7+2B1cbl0tzTSt8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Oyqm1sri+VyaV2iS2K8NN45TxIRAz/D0xJpXV/kAYff0ZB3/jqSteuumWPqvWn8o13yJBdZ1vjxNYd7ifFBdE0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA74X/BwAA///YTBJy") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) r1 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r1, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x20300}}}}}}]}, 0x48}}, 0x4040004) sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, 0x0, 0x40) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/syz0\x00', 0x1ff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) (fail_nth: 4) gettid() timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003bc0)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x10002, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[], 0xe8}, 0x1, 0x0, 0x0, 0x40040000}, 0x20000004) syz_emit_ethernet(0x1e, &(0x7f00000000c0)={@random="373573c22a98", @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}, @void, {@can={0xc, {{0x4, 0x0, 0x1, 0x1}, 0x1, 0x2, 0x0, 0x0, "94f4dc5bede8c459"}}}}, &(0x7f0000000140)={0x0, 0x1, [0x51c, 0x4b, 0xc7d, 0x2cd]}) 622.178133ms ago: executing program 3 (id=1474): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@loopback={0xff00000000000000, 0x777fe6a4b23f}, 0x0, 0x0, 0x3, 0x9, 0x0, 0x0, 0x5}, 0x20) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r1}, 0x20) r2 = syz_open_dev$MSR(0x0, 0x6, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000d40)=@filter={'filter\x00', 0x2, 0x4, 0x4a8, 0xffffffff, 0x0, 0xf0, 0xf0, 0xfeffffff, 0xffffffff, 0x3d8, 0x3d8, 0x3d8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast1, [0xff, 0xff, 0x0, 0xffffff00], [], 'pimreg0\x00', 'bond_slave_0\x00', {}, {}, 0x6, 0x0, 0x3}, 0x2f2, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@dev={0xac, 0x14, 0x14, 0x1d}, 'caif0\x00', {0x7}}}}, {{@ipv6={@mcast1, @loopback, [], [0x0, 0x0, 0xffffffff], 'netdevsim0\x00', 'geneve0\x00'}, 0x0, 0xa8, 0x118}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "ddabf53d9b1435965491f6531877000001e770b689f173dfa40b58c10327e3121114449fd20ba2be6eb0cde72a972f25170163232ed996b4789b9d00"}}}, {{@uncond, 0x0, 0xa8, 0x1d0}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x602, 'system_u:object_r:boot_t:s0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x508) r4 = socket(0x10, 0x803, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x4040) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601046c0001000000000000000000050005000a000000050001000600000005000400000000000900020073797a300000000014000300686173683a69702c706f72742c697000140007800800084000002f5408000640"], 0x60}}, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4020}, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f00000029c0)={0x0, 0x0, {0x0, @struct, 0x0}, {}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_DEV_REPLACE(r4, 0xca289435, &(0x7f0000000740)={0x3, 0x2, @start={r6, 0x0, "e01b8eefeb645aaecb1f021d84945d1808b98cf8c211e989d800fa1e9924948fecef86a652d4a99a27c4b22c4a9d764e98109cd127e882ddb31b5c7f52c3c727f12be5d64798e0786d979f5e793afc4b750f1df83b0eab4552e8ab874bc05b828bb4439d83f532212c5ce21edc80b2ef697bcfcec5fa552a7ee6c4def9d4c4dc59350fc6b4707e70f10a43413edb19485f80a00533d589b7de7ea3f39eb0b3b4126c9836e0d0bdfb40a22cb6a428edc10af9c1824d98c01f2c925be9892eb18eed9e2c49f920b3293bccc695dcd636cfa889c45dd59fabdaf92207509e6c5ec704625c366d3a1ff6f5e8ff5e59a8874a472ec2829c5c4ba9c7725369914b1af886ec32830441e1517f887267d13f896c5d8ce0fdfa37b9f2663ce70cf3573b2300ad44843dfee2b01cfb539924b8bd7f596760de1387f365843d0217d30ec5d23916eb2cdd1fd374a35dc52823a6db67846a3b34ede882679b9e43be04639ed4ce75b887d3518bd2b667991f850a1f00ac03b337bdd531a546c529ed952027b5e4b8ca08624ca00500080be75203d82f5f8a67d85e958f87ff91685d3aea57e2e03b23f52f3e1df819bf1e1a19e8762663327137c2952ad3bbf7af1da6f37025450fbd3b03feaca29a16a508076393f68834498f86a7390fde9990bc035e9d1a5fa27f6f448f47fe2222dc16fe0fe8f6f4962f73202bf6c37f85df8ba10c37625923b19230f438f8db2961b095b84dc5bf963fae574893566e50230f2334da4e3ec57e5f1a9c487082d72115b3442fb02f865a43d62398bbe6f1e0f458d5168f92b452ef63d7d580f401221669e5eb3d830549785e7a8b5bb9b01008a1dd5bbc821359279848964e879ebbc753627ba68d5a6e7b98bcdb64d2b186324319990bef33a9060b666f5969f9f2748b0b6fc0c58089f1f1e52a54205d875eab192bc95a4461af703e0dfd1e9ff0e2983736ccf1fe335e04da846fe1c4466ada756b02dba7d0f42df5b656309e168c9d59e2daa115de833659292b885ef59eddcb3fec2b98fbfeff05172b1922dbcf971da6fd9b00a8b345cd47257dc5157bc7b2c4fb638dcc0f43de273666ab3b84b48ecd415b1ba6fe2af113658a3613ebdf47473b64ece038ce0a71cf2234e5ffe6590483d8032354fec57741928928bf81120b34138cbcc87ef51a8da4e64f3a9ce0205ebd5436ee4baf809df2476ab36283dd7129b5894db93fcb0be42b18e1482b49b9486311535f523afd8a6eaaae1f8e857b53d2dfab797b6cf75f264aabeb0199f3735011bc8dffccf4966c10c58351dea8d6b1ad6710c45acdb2e585ab058681b03396794e97f3a6a99b625df445360c0441aa8506b08fad3bd77ae3cc75f97517058fde8ec95e9afc1c598cabacc50ec7926b1d41cfd75e2933934647a2b5fb9e7793715a938e8c16bc827f16b9eeff8738", "f162c661e59cdf2f633ed9282dd4c48fa46db1e32e16c8e27824b413511956a9fdd793ae7c303f1a4e723dd070ae7c66e0071a5069b2f0e95e83736326577368e446c499636fa026cf6a0800cb42ffdcf474b999128471f046d4427a826ee666e384a75bc754f8006cb0499d086963e1954d95395b073b3b16227a887ec6c22befa7c2bdd5ab845ef34e3fb502ad16b6cf113653e8401aa38002912ba7c64075936380c1f5b98279aa6e8e61ae1f290be19c1f137dc2ee2788604304c38dbd12962e412d47562ab157c0dc995faf251ec38bf380ec5dac27e60e05654aae95eaf539b804f50ecd17b71b85d3481c5d0e26f92b7e86baf2f261cd7f56e3d842e298a18babb5ad64184df0bbf1856c1df9b376d2a7262c06b9a4ce40b4cffec8f1855bc4e18144a2663b5bfe5528309c8c0326021c0d71cf1ce68e5e69686bac7b6bf73234724482880604810f63cf0bb8362c6c415e79ea68d993656b8d975142bb1bab1f454e09257f14169e95286d1158f6ea3291da40d747b3ebad8ae8a232ec071db76d410721941ba5528ca21bc1f166e85546fd6a0570ff835242be7694abe99fdb39387ab784a1604f7fdeb58c24130173095f6ce4fd88e0b716376de34baca7033f96a33652d2198b67d4e01d64d12ccb9cf205493fdc3c2f6c3e5b9e99308353a6370898297f0278b65c6b22eac22d4e7006d4506895c35c85f5836ed381c7dd640b66f779e37eb3ec5d27dad53f4a270d13a2aa4e59f4fc9b0b73ce8960b1a9220af87bb31ae64543ae8d92502057e03b0def4e2b492291c145726c63615035b053b871d2e22dd6fcd9c53f0af70defb7f25a3c77058cb9ce59a7fd1afd8d51dd3da84ea6b2bc93405227f6b06cfed9350d30814a332768b7ebd16be8eba46662d0f48f4a85835b5b064f823a0658866a5e2a65a4087ecbaaff0aff07b5004cc4e6233a6f78004e94419b6a096583b25fab29c08cc71be2bd65459810cc6fc8c7015fd9954626e8217a180230e0e5030b7ad1ba59cd5b98522a00d0c4278e01772050f8987f923fdd83f42bb0d0836b93c1db899abaabaa3ef6d2fe866a832207f37f7ebff6f6727bae01640af294459f5232ee57bce84140aa6fbd08176c927d38c4f96b2bf354acc12936597ce09d07cf32de8ab87f30f4d99982cc08244def0924a76ab01d6bad1e5498668fe0d6f0a2461a3f523811ae3fbb5ee196a2c39c1b0aa72c32f71226ec535a73eca4b37de4f74c1ce6678c910843ac51754e7f1ed7746bdc49894f985478d591eb07b2d731eddb1da8eeecc60882ba796d3bcacaede6316a2518e29ab6b7412b73f75ec5af4efdced4e48de6e6845685b485c80068d1a8d4a265b00b2b779d8ffaff00a208d9a78d80f4b0d1c3ad050a4e985344139b66d5fe1fe73a6decf137ac7dd5fee225c1f81bd1d4fd5417a014"}, [0x3, 0x8, 0x2, 0x0, 0x8, 0x2, 0x5, 0x0, 0x5, 0x5b1, 0x9, 0x7f, 0x3, 0x9, 0x7, 0x5, 0x8e3, 0x0, 0x4, 0x0, 0x7, 0x9d, 0x1, 0x9, 0xb, 0x3, 0x8001, 0x2, 0x80, 0x1c8, 0x4, 0x5, 0x7, 0xffffffffffffffff, 0x8, 0x7, 0x2, 0xfffffffffffff001, 0x0, 0x1000, 0x2, 0x3, 0x10, 0x7fffffffffffffff, 0x6, 0x9, 0xfffffffffffffff8, 0x81, 0x8539, 0xffffffffffffff00, 0x0, 0x8, 0x10, 0xa18, 0x101, 0x5, 0x80000001, 0x9, 0x2, 0x7, 0x8, 0x3da, 0x7, 0x1]}) ioctl$BTRFS_IOC_DEV_INFO(r3, 0xd000941e, &(0x7f00000015c0)={r6, "b2c2e1004e620f38a2442e9fd768bb13"}) ioctl$BTRFS_IOC_DEV_INFO(r2, 0xd000941e, &(0x7f0000000a00)={r6, "e5e20d6d976a4d2167b330487a9c7ead"}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, &(0x7f0000000100)=0x6c, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000480)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2, 0x1}) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f00000004c0)={r3, r4, 0x7, 0xc8, &(0x7f0000000280)="f34af898ad590c9f5c536522f9dc360bb683735c1ca63b9dd99b9cbc7ef1a76c226a926b730f388d4dce224c3f914b9f0ff39f358e8a55e649d1c86d076afde80b3d174dfb97fd41ceb6ef695652ba145ae28774670b234d93fe23efafbfe2c90ef42984dd05a01b50c306da93c9248d039847f2435ed9c57afb2b7c2fa431e44273d045967a5df4ad09a9ddd15af062fb49723df08ba79fffce1fa34374b245041be5eac0e1790539b39ecf6d457d5e487a09bc7f4292570dd5fe9242dfb8d286c8a35f1dd55c28", 0x6, 0x6, 0x6, 0x3, 0x3, 0x2, 0xfff, 'syz0\x00'}) io_uring_enter(0xffffffffffffffff, 0x3576, 0x217, 0xa5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6, 0x0, 0x3}) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x4, 0x0, 0x7ffc1ffb}]}) unshare(0x8000000) r7 = semget$private(0x0, 0x20000000102, 0x0) semop(r7, &(0x7f0000000240)=[{0x3, 0x0, 0x1800}], 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) 478.053089ms ago: executing program 3 (id=1475): bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e24, 0xfffffffa, @loopback}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1b, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000080000007b8af0ff00000000bfa100000000000007010000f8ffd4436bef00000000000007040000f0ffffffb702000008000000182300", @ANYRES32, @ANYBLOB], 0x0, 0xc, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f00000002c0)='kfree\x00', r1, 0x0, 0x40}, 0x18) r2 = socket$inet6(0xa, 0x80003, 0xff) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) dup(r3) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r4}, 0x18) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x14, 0x3, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x40841}, 0x4) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000fcb000), 0x4) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000000040), 0x4) 463.08022ms ago: executing program 3 (id=1476): r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000040)={0x11082}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) bind$rxrpc(r3, &(0x7f0000000100)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x24) getsockname$packet(r3, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390429bd70000000000000000000", @ANYRES32=r4, @ANYBLOB="0198000000000000200012800b00126a2aa6366772650000100002800400120008000d0005000000"], 0x40}, 0x1, 0x0, 0x0, 0x20048001}, 0x4000004) sendto$packet(r0, &(0x7f0000000300)="3114", 0x2, 0x0, &(0x7f0000000000)={0x11, 0x8100, r4, 0x1, 0xaa, 0x6, @broadcast}, 0x14) 329.499906ms ago: executing program 3 (id=1477): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYRESHEX], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000000100)={'macvtap0\x00', @link_local}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x200000, @empty, 0x1}, 0x1c) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x8, 0x7fe2, 0x1}, 0x50) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x4, 0x7ffc0002}]}) semtimedop(0x0, &(0x7f0000000280)=[{0x0, 0x1000, 0x1000}], 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x18) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0) readv(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x4}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x8, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x54}, 0x20) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000280)={0x77359400}, 0xfffffffffffffffe) listen(r3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r8, @ANYBLOB], 0x84}}, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)='%pS \x00'}, 0x20) 268.628609ms ago: executing program 4 (id=1478): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) io_setup(0x8f0, &(0x7f0000002400)=0x0) io_submit(r3, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x6, 0x0, 0x0, 0x2}]) 213.236191ms ago: executing program 0 (id=1479): openat$ptp0(0xffffffffffffff9c, 0x0, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x16, 0x3, &(0x7f00000009c0)=@framed={{0x18, 0x2}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8983, &(0x7f00000003c0)={0x8, 'ip_vti0\x00', {'nicvf0\x00'}, 0x4}) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) gettid() r1 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0x925]}, 0x8) read(r1, &(0x7f0000000740)=""/384, 0x200008c0) r2 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 145.380514ms ago: executing program 4 (id=1480): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100004, 0x2, 0xfffffffc, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f0000000080)=r1}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r3}, 0x10) io_setup(0x8f0, &(0x7f0000002400)=0x0) io_submit(r4, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x6, 0x0, 0x0, 0x2}]) 60.863978ms ago: executing program 3 (id=1481): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) connect$inet6(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4) 46.844288ms ago: executing program 4 (id=1482): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x9, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000200)='objagg_obj_parent_assign\x00', r1}, 0x18) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22, 0x4, @loopback, 0x6}, 0x1c) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r4, 0x29, 0x4d, &(0x7f0000000040)=0x7, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900082c0120410000000000000000000000000000fe8000000000000000000000000000aaff"], 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) recvmmsg(r4, &(0x7f000000a680)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/30, 0x1e}, 0x3}], 0x1, 0x10060, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002a00)=ANY=[@ANYRES64=r2, @ANYRES16=r1, @ANYRESHEX=r0, @ANYRESDEC=r0, @ANYRES32=r2, @ANYRESHEX=r0, @ANYRES16=r1], 0x4a}, 0x1, 0x0, 0x0, 0x20040000}, 0x800) perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x10001, 0x7, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0xffffffffffffffff, 0xffffffffffffffff, r3, 0x2) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r6}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0) sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="44000000090605000000000000000000010000050900020073797a30000006000500010007000000080009400000000114000880100007800a001100b4"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000) sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000030605000000000000000000000000000500010007"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010) r8 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) write$binfmt_register(r8, &(0x7f0000000140)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x60, 0x3a, '/dev/input/event#\x00', 0x3a, '/\\', 0x3a, './file0'}, 0x3b) sendmsg$inet6(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000880)="b1", 0x1}], 0x1}, 0x10) setsockopt$inet6_tcp_int(r3, 0x6, 0xc, &(0x7f0000000140)=0x7, 0x4) ioctl$sock_x25_SIOCDELRT(r3, 0x890c, &(0x7f0000000080)={@null, 0x6, 'pim6reg1\x00'}) setresuid(0x0, 0xee01, 0x0) 761.41µs ago: executing program 2 (id=1483): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="02000000040000000800000001000000"], 0x50) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x8, 0x40008, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0, 0x5}, 0x0, 0x0, 0x800000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) epoll_create1(0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18) pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x8, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0) 0s ago: executing program 3 (id=1484): syz_emit_ethernet(0x2e, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c200000ee43f6642531e0800610000a9aa43273eda279052967735689e20000000090000000000000090786110000036a32757b2e7a385cac6c9b9b1ff73fc6756b502cd109540b78137179790c02ced24c5a7e79e7e67759030c1dc7eb7a3cd4fef09e149af00ed829264fd"], 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x20000000000000ba, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfd71}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0) read(r1, &(0x7f0000000200)=""/202, 0xca) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000840)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x2042, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3}}) tkill(r0, 0x7) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r1, 0x80045301, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000005}, 0x1004) kernel console output (not intermixed with test programs): 1.652748][ T29] audit: type=1326 audit(1764990126.545:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4398 comm="syz.0.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c910af749 code=0x7ffc0000 [ 61.676115][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 61.730674][ T4432] netlink: 'syz.4.304': attribute type 10 has an invalid length. [ 61.742853][ T4432] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 61.753165][ T29] audit: type=1400 audit(1764990126.648:1346): avc: denied { setopt } for pid=4435 comm="syz.2.306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 61.783692][ T29] audit: type=1326 audit(1764990126.676:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4441 comm="syz.1.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 61.807173][ T29] audit: type=1326 audit(1764990126.676:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4441 comm="syz.1.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 61.830432][ T29] audit: type=1326 audit(1764990126.676:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4441 comm="syz.1.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 61.853794][ T29] audit: type=1326 audit(1764990126.676:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4441 comm="syz.1.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 61.878318][ T4444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 61.887110][ T4444] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 61.895826][ T29] audit: type=1400 audit(1764990126.676:1351): avc: denied { write } for pid=4430 comm="syz.4.304" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 61.964036][ T4453] loop3: detected capacity change from 0 to 512 [ 61.996613][ T4453] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.315: bad orphan inode 11862016 [ 62.008039][ T4453] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 62.020842][ T4453] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.038337][ T29] audit: type=1326 audit(1764990126.919:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4449 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10ba4cf749 code=0x7ffc0000 [ 62.061944][ T29] audit: type=1326 audit(1764990126.919:1353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4449 comm="syz.2.314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7f10ba4cf749 code=0x7ffc0000 [ 62.063692][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 62.106466][ T4459] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.145580][ T4459] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.199700][ T4459] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.253966][ T4459] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.271491][ T4470] loop2: detected capacity change from 0 to 256 [ 62.302936][ T4473] FAULT_INJECTION: forcing a failure. [ 62.302936][ T4473] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 62.316068][ T4473] CPU: 1 UID: 0 PID: 4473 Comm: syz.2.321 Not tainted syzkaller #0 PREEMPT(voluntary) [ 62.316177][ T4473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 62.316193][ T4473] Call Trace: [ 62.316202][ T4473] [ 62.316211][ T4473] __dump_stack+0x1d/0x30 [ 62.316269][ T4473] dump_stack_lvl+0xe8/0x140 [ 62.316333][ T4473] dump_stack+0x15/0x1b [ 62.316350][ T4473] should_fail_ex+0x265/0x280 [ 62.316380][ T4473] should_fail+0xb/0x20 [ 62.316407][ T4473] should_fail_usercopy+0x1a/0x20 [ 62.316483][ T4473] _copy_to_user+0x20/0xa0 [ 62.316503][ T4473] simple_read_from_buffer+0xb5/0x130 [ 62.316532][ T4473] proc_fail_nth_read+0x10e/0x150 [ 62.316626][ T4473] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 62.316669][ T4473] vfs_read+0x1a8/0x770 [ 62.316694][ T4473] ? __rcu_read_unlock+0x4f/0x70 [ 62.316732][ T4473] ? __fget_files+0x184/0x1c0 [ 62.316749][ T4473] ? mutex_lock+0x58/0x90 [ 62.316767][ T4473] ksys_read+0xda/0x1a0 [ 62.316860][ T4473] __x64_sys_read+0x40/0x50 [ 62.316886][ T4473] x64_sys_call+0x2889/0x3000 [ 62.316939][ T4473] do_syscall_64+0xd8/0x2a0 [ 62.316963][ T4473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.316982][ T4473] RIP: 0033:0x7f10ba4ce15c [ 62.316995][ T4473] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 62.317010][ T4473] RSP: 002b:00007f10b8f2f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 62.317027][ T4473] RAX: ffffffffffffffda RBX: 00007f10ba725fa0 RCX: 00007f10ba4ce15c [ 62.317205][ T4473] RDX: 000000000000000f RSI: 00007f10b8f2f0a0 RDI: 0000000000000004 [ 62.317217][ T4473] RBP: 00007f10b8f2f090 R08: 0000000000000000 R09: 0000000000000000 [ 62.317228][ T4473] R10: 000000000000002a R11: 0000000000000246 R12: 0000000000000001 [ 62.317316][ T4473] R13: 00007f10ba726038 R14: 00007f10ba725fa0 R15: 00007ffe7a2f5b88 [ 62.317339][ T4473] [ 62.528051][ T4475] loop2: detected capacity change from 0 to 512 [ 62.535139][ T4475] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 62.545640][ T4475] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.322: invalid indirect mapped block 4294967295 (level 1) [ 62.559794][ T4475] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.322: invalid indirect mapped block 4294967295 (level 1) [ 62.574040][ T4475] EXT4-fs (loop2): 2 truncates cleaned up [ 62.580362][ T4475] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.605778][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.700908][ T4482] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.731945][ T4488] macvtap0: refused to change device tx_queue_len [ 62.755466][ T4482] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.788668][ T4482] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.809884][ T4492] macsec0: entered promiscuous mode [ 62.815112][ T4492] bridge0: entered promiscuous mode [ 62.820802][ T4492] bridge0: port 3(macsec0) entered blocking state [ 62.827302][ T4492] bridge0: port 3(macsec0) entered disabled state [ 62.834100][ T4492] macsec0: entered allmulticast mode [ 62.839538][ T4492] bridge0: entered allmulticast mode [ 62.845531][ T4492] macsec0: left allmulticast mode [ 62.850667][ T4492] bridge0: left allmulticast mode [ 62.856309][ T4492] bridge0: left promiscuous mode [ 62.862635][ T4503] __nla_validate_parse: 2 callbacks suppressed [ 62.862648][ T4503] netlink: 36 bytes leftover after parsing attributes in process `syz.1.327'. [ 62.866997][ T4504] Falling back ldisc for ttyS3. [ 62.868884][ T4503] netlink: 16 bytes leftover after parsing attributes in process `syz.1.327'. [ 62.891603][ T4503] netlink: 36 bytes leftover after parsing attributes in process `syz.1.327'. [ 62.900923][ T4503] netlink: 36 bytes leftover after parsing attributes in process `syz.1.327'. [ 62.911237][ T4482] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.957719][ T4506] lo speed is unknown, defaulting to 1000 [ 62.964429][ T4506] lo speed is unknown, defaulting to 1000 [ 62.971735][ T4506] lo speed is unknown, defaulting to 1000 [ 63.005223][ T4506] infiniband sz1: set down [ 63.009781][ T4506] infiniband sz1: added lo [ 63.014292][ T3508] lo speed is unknown, defaulting to 1000 [ 63.024280][ T4506] RDS/IB: sz1: added [ 63.028437][ T4506] smc: adding ib device sz1 with port count 1 [ 63.035038][ T4506] smc: ib device sz1 port 1 has no pnetid [ 63.041216][ T4428] lo speed is unknown, defaulting to 1000 [ 63.047091][ T4506] lo speed is unknown, defaulting to 1000 [ 63.081187][ T4506] lo speed is unknown, defaulting to 1000 [ 63.115127][ T4506] lo speed is unknown, defaulting to 1000 [ 63.147446][ T4513] netlink: 36 bytes leftover after parsing attributes in process `syz.4.331'. [ 63.150363][ T4506] lo speed is unknown, defaulting to 1000 [ 63.156419][ T4513] netlink: 16 bytes leftover after parsing attributes in process `syz.4.331'. [ 63.170961][ T4513] netlink: 36 bytes leftover after parsing attributes in process `syz.4.331'. [ 63.180389][ T4513] netlink: 36 bytes leftover after parsing attributes in process `syz.4.331'. [ 63.195315][ T4506] lo speed is unknown, defaulting to 1000 [ 63.639511][ T4520] loop1: detected capacity change from 0 to 164 [ 63.647343][ T4520] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 63.658672][ T4520] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 63.667318][ T4520] Symlink component flag not implemented [ 63.673025][ T4520] Symlink component flag not implemented [ 63.678889][ T4520] Symlink component flag not implemented (7) [ 63.685007][ T4520] Symlink component flag not implemented (116) [ 63.699182][ T4520] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 63.707636][ T4520] rock: directory entry would overflow storage [ 63.713838][ T4520] rock: sig=0x4f50, size=4, remaining=3 [ 63.719483][ T4520] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 63.840452][ T4524] FAULT_INJECTION: forcing a failure. [ 63.840452][ T4524] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 63.854689][ T4524] CPU: 0 UID: 0 PID: 4524 Comm: syz.1.336 Not tainted syzkaller #0 PREEMPT(voluntary) [ 63.854713][ T4524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 63.854751][ T4524] Call Trace: [ 63.854759][ T4524] [ 63.854788][ T4524] __dump_stack+0x1d/0x30 [ 63.854820][ T4524] dump_stack_lvl+0xe8/0x140 [ 63.854839][ T4524] dump_stack+0x15/0x1b [ 63.854856][ T4524] should_fail_ex+0x265/0x280 [ 63.854936][ T4524] should_fail+0xb/0x20 [ 63.854978][ T4524] should_fail_usercopy+0x1a/0x20 [ 63.855053][ T4524] copy_fpstate_to_sigframe+0x628/0x7d0 [ 63.855074][ T4524] ? copy_fpstate_to_sigframe+0xe6/0x7d0 [ 63.855106][ T4524] ? x86_task_fpu+0x36/0x60 [ 63.855220][ T4524] get_sigframe+0x34d/0x490 [ 63.855241][ T4524] ? get_signal+0xdc7/0xf70 [ 63.855267][ T4524] x64_setup_rt_frame+0xa8/0x580 [ 63.855370][ T4524] arch_do_signal_or_restart+0x24c/0x450 [ 63.855396][ T4524] exit_to_user_mode_loop+0x6a/0x740 [ 63.855416][ T4524] ? __x64_sys_preadv2+0x67/0x80 [ 63.855434][ T4524] do_syscall_64+0x202/0x2a0 [ 63.855463][ T4524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.855481][ T4524] RIP: 0033:0x7f48c446f747 [ 63.855495][ T4524] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 63.855663][ T4524] RSP: 002b:00007f48c2ed7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000147 [ 63.855681][ T4524] RAX: 0000000000000147 RBX: 00007f48c46c5fa0 RCX: 00007f48c446f749 [ 63.855692][ T4524] RDX: 0000000000000001 RSI: 0000200000000180 RDI: 0000000000000006 [ 63.855703][ T4524] RBP: 00007f48c2ed7090 R08: 0000000000000004 R09: 0000000000000001 [ 63.855714][ T4524] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 63.855739][ T4524] R13: 00007f48c46c6038 R14: 00007f48c46c5fa0 R15: 00007fff1fed8888 [ 63.855755][ T4524] [ 64.180043][ T4524] lo speed is unknown, defaulting to 1000 [ 64.563427][ T4531] lo speed is unknown, defaulting to 1000 [ 64.870389][ T4543] loop4: detected capacity change from 0 to 1024 [ 64.878494][ T4543] EXT4-fs: Ignoring removed orlov option [ 64.898610][ T4543] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 65.048440][ T4547] xt_CT: You must specify a L4 protocol and not use inversions on it [ 65.061001][ T4547] netlink: 8 bytes leftover after parsing attributes in process `syz.4.344'. [ 65.117560][ T56] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.131596][ T56] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.155272][ T52] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.245536][ T52] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.330923][ T3328] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.513600][ T4554] 9pnet_fd: Insufficient options for proto=fd [ 65.539143][ T4555] netlink: 36 bytes leftover after parsing attributes in process `syz.4.345'. [ 65.837258][ T52] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.866136][ T4562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 65.875148][ T52] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.885624][ T4562] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 65.903849][ T52] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.936339][ T52] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.269562][ T4579] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 66.277785][ T3500] IPVS: starting estimator thread 0... [ 66.291110][ T4585] process 'syz.4.359' launched '/dev/fd/7' with NULL argv: empty string added [ 66.319292][ T4585] lo speed is unknown, defaulting to 1000 [ 66.387635][ T4583] IPVS: using max 2496 ests per chain, 124800 per kthread [ 66.607031][ T4612] macvtap0: refused to change device tx_queue_len [ 66.697349][ T4620] Falling back ldisc for ttyS3. [ 66.734081][ T4622] lo speed is unknown, defaulting to 1000 [ 66.966741][ T4645] loop3: detected capacity change from 0 to 1024 [ 66.989551][ T4645] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 67.004732][ T29] kauditd_printk_skb: 168 callbacks suppressed [ 67.004749][ T29] audit: type=1326 audit(1764990131.559:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4643 comm="syz.3.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 67.035158][ T29] audit: type=1326 audit(1764990131.559:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4641 comm="syz.2.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10ba4cf749 code=0x7ffc0000 [ 67.035911][ T4645] 9pnet_fd: Insufficient options for proto=fd [ 67.058521][ T29] audit: type=1326 audit(1764990131.568:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4641 comm="syz.2.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7f10ba4cf749 code=0x7ffc0000 [ 67.058557][ T29] audit: type=1326 audit(1764990131.568:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4641 comm="syz.2.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10ba4cf749 code=0x7ffc0000 [ 67.058590][ T29] audit: type=1326 audit(1764990131.568:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4641 comm="syz.2.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10ba4cf749 code=0x7ffc0000 [ 67.058622][ T29] audit: type=1326 audit(1764990131.587:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4643 comm="syz.3.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 67.112961][ T4654] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, [ 67.134847][ T29] audit: type=1326 audit(1764990131.587:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4643 comm="syz.3.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 67.134911][ T29] audit: type=1326 audit(1764990131.587:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4643 comm="syz.3.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 67.135932][ T29] audit: type=1326 audit(1764990131.587:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4643 comm="syz.3.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 67.158451][ T4654] block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 67.245753][ T29] audit: type=1400 audit(1764990131.587:1531): avc: denied { mounton } for pid=4643 comm="syz.3.378" path="/65/file1/file0" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 67.290975][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.307342][ T4657] Falling back ldisc for ttyS3. [ 67.345758][ T4661] macvtap0: refused to change device tx_queue_len [ 67.594963][ T2665] Bluetooth: hci0: Frame reassembly failed (-84) [ 67.842784][ T4701] loop3: detected capacity change from 0 to 512 [ 67.869897][ T4701] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.399: bad orphan inode 11862016 [ 67.881404][ T4701] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.942300][ T4707] Falling back ldisc for ttyS3. [ 67.958015][ T4711] macvtap0: refused to change device tx_queue_len [ 68.483259][ T4742] Falling back ldisc for ttyS3. [ 68.730477][ T4750] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 68.739001][ T4750] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 68.889822][ T4758] loop4: detected capacity change from 0 to 128 [ 68.899284][ T4758] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 68.906917][ T4758] FAT-fs (loop4): Filesystem has been set read-only [ 68.981648][ T4762] loop1: detected capacity change from 0 to 512 [ 68.991535][ T4762] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 69.004750][ T4762] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 69.017944][ T4762] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 69.031488][ T4762] EXT4-fs (loop1): 1 truncate cleaned up [ 69.106357][ T4773] __nla_validate_parse: 24 callbacks suppressed [ 69.106371][ T4773] netlink: 16 bytes leftover after parsing attributes in process `syz.1.425'. [ 69.287717][ T4783] netlink: 108 bytes leftover after parsing attributes in process `syz.3.428'. [ 69.300016][ T4783] loop3: detected capacity change from 0 to 512 [ 69.357877][ T4787] netlink: 12 bytes leftover after parsing attributes in process `syz.2.430'. [ 69.388829][ T4789] loop2: detected capacity change from 0 to 512 [ 69.396054][ T4789] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 69.414319][ T4789] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 69.429327][ T4789] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.431: bg 0: block 248: padding at end of block bitmap is not set [ 69.444207][ T4789] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.431: Failed to acquire dquot type 1 [ 69.456502][ T4789] EXT4-fs (loop2): 1 truncate cleaned up [ 69.465567][ T4789] EXT4-fs error (device loop2): ext4_lookup:1789: inode #2: comm syz.2.431: deleted inode referenced: 12 [ 69.736526][ T4803] lo speed is unknown, defaulting to 1000 [ 69.797456][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 70.048451][ T4817] netlink: 24 bytes leftover after parsing attributes in process `syz.3.440'. [ 70.156173][ T4822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 70.165377][ T4822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 70.212692][ T4824] loop4: detected capacity change from 0 to 512 [ 70.219922][ T4824] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 70.237531][ T4824] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 70.252328][ T4824] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.443: bg 0: block 248: padding at end of block bitmap is not set [ 70.266899][ T4824] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.443: Failed to acquire dquot type 1 [ 70.279287][ T4824] EXT4-fs (loop4): 1 truncate cleaned up [ 70.291438][ T4824] EXT4-fs error (device loop4): ext4_lookup:1789: inode #2: comm syz.4.443: deleted inode referenced: 12 [ 70.381095][ T4835] lo speed is unknown, defaulting to 1000 [ 70.703329][ T4863] loop4: detected capacity change from 0 to 512 [ 70.711216][ T4863] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 70.739263][ T4863] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 70.769051][ T4863] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.456: bg 0: block 248: padding at end of block bitmap is not set [ 70.815275][ T4863] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.456: Failed to acquire dquot type 1 [ 70.830065][ T4863] EXT4-fs (loop4): 1 truncate cleaned up [ 70.848362][ T4874] rdma_rxe: rxe_newlink: failed to add lo [ 70.856635][ T4863] EXT4-fs error (device loop4): ext4_lookup:1789: inode #2: comm syz.4.456: deleted inode referenced: 12 [ 70.872704][ T4875] loop1: detected capacity change from 0 to 128 [ 70.893623][ T4876] loop2: detected capacity change from 0 to 128 [ 70.961470][ T4882] netlink: 'syz.3.463': attribute type 7 has an invalid length. [ 70.974330][ T4882] netlink: 'syz.3.463': attribute type 7 has an invalid length. [ 70.974945][ T56] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.990559][ T56] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 71.001660][ T56] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 71.010154][ T4882] loop3: detected capacity change from 0 to 512 [ 71.013492][ T56] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 71.040671][ T4882] ext4 filesystem being mounted at /99/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.052776][ T4882] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 71.121610][ T4886] loop3: detected capacity change from 0 to 512 [ 71.150057][ T4886] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.465: bad orphan inode 11862016 [ 71.161302][ T4886] ext4 filesystem being mounted at /100/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.217038][ T4890] loop3: detected capacity change from 0 to 2048 [ 71.550605][ T4898] Falling back ldisc for ttyS3. [ 71.619933][ T4907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.629392][ T4907] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.674469][ T4911] loop3: detected capacity change from 0 to 512 [ 71.689757][ T4911] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 71.703534][ T4911] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 71.718227][ T4911] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.473: bg 0: block 248: padding at end of block bitmap is not set [ 71.733067][ T4911] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.473: Failed to acquire dquot type 1 [ 71.744961][ T4911] EXT4-fs (loop3): 1 truncate cleaned up [ 71.754822][ T4911] EXT4-fs error (device loop3): ext4_lookup:1789: inode #2: comm syz.3.473: deleted inode referenced: 12 [ 71.828263][ T4916] rdma_rxe: rxe_newlink: failed to add lo [ 71.986268][ T4926] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 72.214934][ T4922] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.477: bad orphan inode 11862016 [ 72.227219][ T4922] ext4 filesystem being mounted at /122/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 72.961605][ T4872] Bluetooth: hci1: command 0x1003 tx timeout [ 72.967668][ T44] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 72.974433][ T3649] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 73.243728][ T4938] Falling back ldisc for ttyS3. [ 73.279288][ T29] kauditd_printk_skb: 377 callbacks suppressed [ 73.279336][ T29] audit: type=1400 audit(1764990137.425:1901): avc: denied { create } for pid=4943 comm="syz.4.483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 73.624136][ T29] audit: type=1326 audit(1764990137.705:1902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4960 comm="syz.0.488" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1c910af749 code=0x0 [ 73.720798][ T4979] Falling back ldisc for ttyS3. [ 73.830867][ T4987] netlink: 8 bytes leftover after parsing attributes in process `syz.3.496'. [ 73.899170][ T29] audit: type=1400 audit(1764990138.005:1903): avc: denied { setattr } for pid=4995 comm="syz.4.500" name="tun" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tun_tap_device_t tclass=chr_file permissive=1 [ 74.017376][ T5010] Falling back ldisc for ttyS3. [ 74.075331][ T5018] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 74.097091][ T5018] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 74.111832][ T5018] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.508: bg 0: block 248: padding at end of block bitmap is not set [ 74.126441][ T5018] Quota error (device loop4): write_blk: dquota write failed [ 74.133868][ T5018] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 74.143957][ T5018] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.508: Failed to acquire dquot type 1 [ 74.155887][ T5018] EXT4-fs (loop4): 1 truncate cleaned up [ 74.162091][ T5018] EXT4-fs mount: 20 callbacks suppressed [ 74.162150][ T5018] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 74.183281][ T5018] EXT4-fs error (device loop4): ext4_lookup:1789: inode #2: comm syz.4.508: deleted inode referenced: 12 [ 74.206653][ T3328] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 74.227005][ T29] audit: type=1326 audit(1764990138.313:1904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5025 comm="syz.4.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 74.253419][ T29] audit: type=1326 audit(1764990138.313:1905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5025 comm="syz.4.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 74.276770][ T29] audit: type=1326 audit(1764990138.313:1906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5025 comm="syz.4.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 74.372123][ T5030] netlink: 36 bytes leftover after parsing attributes in process `syz.4.511'. [ 74.381099][ T5030] netlink: 16 bytes leftover after parsing attributes in process `syz.4.511'. [ 74.390092][ T5030] netlink: 36 bytes leftover after parsing attributes in process `syz.4.511'. [ 74.399092][ T5030] netlink: 36 bytes leftover after parsing attributes in process `syz.4.511'. [ 74.636549][ T5045] Falling back ldisc for ttyS3. [ 74.770585][ T5061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 74.779568][ T5061] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 74.991826][ T5067] FAULT_INJECTION: forcing a failure. [ 74.991826][ T5067] name fail_futex, interval 1, probability 0, space 0, times 1 [ 75.004792][ T5067] CPU: 0 UID: 0 PID: 5067 Comm: syz.1.525 Not tainted syzkaller #0 PREEMPT(voluntary) [ 75.004824][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 75.004839][ T5067] Call Trace: [ 75.004847][ T5067] [ 75.004857][ T5067] __dump_stack+0x1d/0x30 [ 75.004959][ T5067] dump_stack_lvl+0xe8/0x140 [ 75.004980][ T5067] dump_stack+0x15/0x1b [ 75.004997][ T5067] should_fail_ex+0x265/0x280 [ 75.005053][ T5067] should_fail+0xb/0x20 [ 75.005079][ T5067] get_futex_key+0x130/0xc00 [ 75.005107][ T5067] futex_wake+0x7d/0x360 [ 75.005201][ T5067] ? __rcu_read_unlock+0x4f/0x70 [ 75.005275][ T5067] do_futex+0x323/0x380 [ 75.005381][ T5067] mm_release+0xb2/0x1e0 [ 75.005403][ T5067] exit_mm_release+0x25/0x30 [ 75.005423][ T5067] exit_mm+0x38/0x180 [ 75.005449][ T5067] do_exit+0x427/0x15d0 [ 75.005478][ T5067] ? __mutex_unlock_slowpath+0x1e1/0x280 [ 75.005539][ T5067] do_group_exit+0xff/0x140 [ 75.005567][ T5067] ? get_signal+0xe50/0xf70 [ 75.005600][ T5067] get_signal+0xe58/0xf70 [ 75.005639][ T5067] arch_do_signal_or_restart+0x96/0x450 [ 75.005706][ T5067] exit_to_user_mode_loop+0x6a/0x740 [ 75.005733][ T5067] ? __x64_sys_splice+0x78/0x90 [ 75.005858][ T5067] do_syscall_64+0x202/0x2a0 [ 75.005892][ T5067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.005990][ T5067] RIP: 0033:0x7f48c446f749 [ 75.006007][ T5067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.006028][ T5067] RSP: 002b:00007f48c2eb6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 75.006050][ T5067] RAX: fffffffffffffe00 RBX: 00007f48c46c6090 RCX: 00007f48c446f749 [ 75.006065][ T5067] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000007 [ 75.006120][ T5067] RBP: 00007f48c2eb6090 R08: 0000000000000006 R09: 000000000000000b [ 75.006132][ T5067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 75.006144][ T5067] R13: 00007f48c46c6128 R14: 00007f48c46c6090 R15: 00007fff1fed8888 [ 75.006182][ T5067] [ 75.295803][ T5093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 75.307133][ T5093] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 75.455045][ T5101] lo speed is unknown, defaulting to 1000 [ 75.500315][ T5103] xt_connbytes: Forcing CT accounting to be enabled [ 75.507224][ T5103] Cannot find set identified by id 0 to match [ 75.562800][ T29] audit: type=1326 audit(1764990139.567:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5104 comm="syz.3.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 75.572678][ T5103] program syz.2.537 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 75.586199][ T29] audit: type=1326 audit(1764990139.567:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5104 comm="syz.3.538" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 75.660077][ T5101] set_capacity_and_notify: 4 callbacks suppressed [ 75.660096][ T5101] loop2: detected capacity change from 0 to 512 [ 76.053787][ T5128] netlink: 36 bytes leftover after parsing attributes in process `syz.0.544'. [ 76.062828][ T5128] netlink: 16 bytes leftover after parsing attributes in process `syz.0.544'. [ 76.071725][ T5128] netlink: 36 bytes leftover after parsing attributes in process `syz.0.544'. [ 76.081371][ T5128] netlink: 36 bytes leftover after parsing attributes in process `syz.0.544'. [ 76.301785][ T5132] netlink: 8 bytes leftover after parsing attributes in process `syz.2.549'. [ 76.375357][ T5135] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 76.385426][ T5135] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.437296][ T5135] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 76.447312][ T5135] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.501349][ T5135] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 76.511232][ T5135] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.544296][ T5135] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 76.554170][ T5135] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.602850][ T52] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 76.611174][ T52] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.623090][ T52] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 76.631370][ T52] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.643372][ T52] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 76.651638][ T52] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.663868][ T52] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 76.672166][ T52] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.881089][ T5142] Falling back ldisc for ttyS3. [ 76.919843][ T5148] lo speed is unknown, defaulting to 1000 [ 77.117908][ T5151] program syz.0.552 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 77.311260][ T5175] Falling back ldisc for ttyS3. [ 77.431419][ T5181] loop1: detected capacity change from 0 to 128 [ 77.581671][ T5200] netlink: 8 bytes leftover after parsing attributes in process `syz.1.573'. [ 78.004819][ T5221] netlink: 'syz.4.582': attribute type 13 has an invalid length. [ 78.224882][ T5233] loop4: detected capacity change from 0 to 512 [ 78.516813][ T5241] Falling back ldisc for ttyS3. [ 78.690420][ T29] kauditd_printk_skb: 105 callbacks suppressed [ 78.690438][ T29] audit: type=1400 audit(1764990142.486:2014): avc: denied { write } for pid=5250 comm="syz.3.592" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 78.943094][ T29] audit: type=1400 audit(1764990142.523:2015): avc: denied { connect } for pid=5250 comm="syz.3.592" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 78.962694][ T29] audit: type=1400 audit(1764990142.523:2016): avc: denied { name_connect } for pid=5250 comm="syz.3.592" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 79.183982][ T29] audit: type=1400 audit(1764990142.841:2017): avc: denied { getopt } for pid=5260 comm="syz.1.596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 79.203589][ T29] audit: type=1400 audit(1764990142.841:2018): avc: denied { create } for pid=5260 comm="syz.1.596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 79.223121][ T29] audit: type=1400 audit(1764990142.851:2019): avc: denied { bind } for pid=5260 comm="syz.1.596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 79.242481][ T29] audit: type=1400 audit(1764990142.851:2020): avc: denied { listen } for pid=5260 comm="syz.1.596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 79.261986][ T29] audit: type=1400 audit(1764990142.851:2021): avc: denied { connect } for pid=5260 comm="syz.1.596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 79.281679][ T29] audit: type=1400 audit(1764990142.851:2022): avc: denied { write } for pid=5260 comm="syz.1.596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 79.301184][ T29] audit: type=1400 audit(1764990142.851:2023): avc: denied { prog_load } for pid=5260 comm="syz.1.596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 79.419534][ T5266] netlink: 36 bytes leftover after parsing attributes in process `syz.0.597'. [ 79.428591][ T5266] netlink: 16 bytes leftover after parsing attributes in process `syz.0.597'. [ 79.437447][ T5266] netlink: 36 bytes leftover after parsing attributes in process `syz.0.597'. [ 79.471428][ T5266] netlink: 36 bytes leftover after parsing attributes in process `syz.0.597'. [ 79.883816][ T5281] loop3: detected capacity change from 0 to 512 [ 79.894734][ T5281] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 80.073002][ T5287] loop1: detected capacity change from 0 to 512 [ 80.094391][ T5287] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.605: bad orphan inode 11862016 [ 80.105829][ T5287] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 80.156117][ T5287] ext4 filesystem being mounted at /105/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 80.391846][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 80.622491][ T5312] lo speed is unknown, defaulting to 1000 [ 80.901757][ T5328] loop4: detected capacity change from 0 to 512 [ 80.925567][ T5328] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 80.969156][ T5328] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 80.998607][ T5328] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.620: bg 0: block 248: padding at end of block bitmap is not set [ 81.030579][ T5328] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.620: Failed to acquire dquot type 1 [ 81.059024][ T5328] EXT4-fs (loop4): 1 truncate cleaned up [ 81.075178][ T5328] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 81.101089][ T5334] FAULT_INJECTION: forcing a failure. [ 81.101089][ T5334] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 81.114294][ T5334] CPU: 1 UID: 0 PID: 5334 Comm: syz.0.622 Not tainted syzkaller #0 PREEMPT(voluntary) [ 81.114355][ T5334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 81.114371][ T5334] Call Trace: [ 81.114380][ T5334] [ 81.114389][ T5334] __dump_stack+0x1d/0x30 [ 81.114450][ T5334] dump_stack_lvl+0xe8/0x140 [ 81.114475][ T5334] dump_stack+0x15/0x1b [ 81.114500][ T5334] should_fail_ex+0x265/0x280 [ 81.114543][ T5334] should_fail+0xb/0x20 [ 81.114660][ T5334] should_fail_usercopy+0x1a/0x20 [ 81.114713][ T5334] _copy_from_user+0x1c/0xb0 [ 81.114741][ T5334] ___sys_sendmsg+0xc1/0x1d0 [ 81.114810][ T5334] __x64_sys_sendmsg+0xd4/0x160 [ 81.114845][ T5334] x64_sys_call+0x17ba/0x3000 [ 81.114930][ T5334] do_syscall_64+0xd8/0x2a0 [ 81.114965][ T5334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.114993][ T5334] RIP: 0033:0x7f1c910af749 [ 81.115066][ T5334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.115084][ T5334] RSP: 002b:00007f1c8fb17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 81.115103][ T5334] RAX: ffffffffffffffda RBX: 00007f1c91305fa0 RCX: 00007f1c910af749 [ 81.115115][ T5334] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000004 [ 81.115129][ T5334] RBP: 00007f1c8fb17090 R08: 0000000000000000 R09: 0000000000000000 [ 81.115142][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 81.115154][ T5334] R13: 00007f1c91306038 R14: 00007f1c91305fa0 R15: 00007ffc4b7717c8 [ 81.115172][ T5334] [ 81.279348][ T5328] EXT4-fs error (device loop4): ext4_lookup:1789: inode #2: comm syz.4.620: deleted inode referenced: 12 [ 81.318113][ T3328] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 81.768214][ T5364] __nla_validate_parse: 4 callbacks suppressed [ 81.768232][ T5364] netlink: 36 bytes leftover after parsing attributes in process `syz.1.629'. [ 81.783465][ T5364] netlink: 16 bytes leftover after parsing attributes in process `syz.1.629'. [ 81.792374][ T5364] netlink: 36 bytes leftover after parsing attributes in process `syz.1.629'. [ 81.801620][ T5364] netlink: 36 bytes leftover after parsing attributes in process `syz.1.629'. [ 81.855257][ T5366] rdma_rxe: rxe_newlink: failed to add lo [ 81.866843][ T5368] bridge0: port 3(gretap0) entered blocking state [ 81.873349][ T5368] bridge0: port 3(gretap0) entered disabled state [ 81.880414][ T5368] gretap0: entered allmulticast mode [ 81.886488][ T5368] gretap0: entered promiscuous mode [ 81.919198][ T5368] gretap0: left allmulticast mode [ 81.924312][ T5368] gretap0: left promiscuous mode [ 81.929532][ T5368] bridge0: port 3(gretap0) entered disabled state [ 82.098675][ T5379] Falling back ldisc for ttyS3. [ 82.380622][ T5390] loop2: detected capacity change from 0 to 1024 [ 82.387694][ T5390] EXT4-fs: Ignoring removed mblk_io_submit option [ 82.397126][ T5390] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 82.414486][ T5390] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 82.436225][ T5390] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #11: comm syz.2.643: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 82.469411][ T5390] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.643: couldn't read orphan inode 11 (err -117) [ 82.513881][ T5390] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.602350][ T5390] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 82.690683][ T5407] loop1: detected capacity change from 0 to 512 [ 82.703449][ T5407] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 82.736987][ T5408] netlink: 24 bytes leftover after parsing attributes in process `syz.3.650'. [ 82.758047][ T5408] loop3: detected capacity change from 0 to 1024 [ 82.804444][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.864642][ T5408] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.981752][ T5406] 9pnet_fd: Insufficient options for proto=fd [ 82.995073][ T5412] loop4: detected capacity change from 0 to 512 [ 83.019266][ T5406] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 83.073554][ T5412] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.652: bad orphan inode 11862016 [ 83.140527][ T5412] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 83.191518][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.215220][ T5412] ext4 filesystem being mounted at /165/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.345400][ T3328] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 83.683339][ T5420] macvtap0: refused to change device tx_queue_len [ 83.711112][ T5416] loop4: detected capacity change from 0 to 512 [ 83.740402][ T5416] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.654: bad orphan inode 11862016 [ 83.784454][ T5416] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 83.811148][ T5416] ext4 filesystem being mounted at /166/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.836604][ T5424] netlink: 36 bytes leftover after parsing attributes in process `syz.2.651'. [ 83.845577][ T5424] netlink: 16 bytes leftover after parsing attributes in process `syz.2.651'. [ 83.854467][ T5424] netlink: 36 bytes leftover after parsing attributes in process `syz.2.651'. [ 83.897766][ T3328] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 83.918449][ T5424] netlink: 36 bytes leftover after parsing attributes in process `syz.2.651'. [ 83.982689][ T5429] netlink: 24 bytes leftover after parsing attributes in process `syz.3.657'. [ 84.000882][ T5429] loop3: detected capacity change from 0 to 1024 [ 84.017286][ T5429] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.032943][ T5429] 9pnet_fd: Insufficient options for proto=fd [ 84.039703][ T29] kauditd_printk_skb: 281 callbacks suppressed [ 84.039720][ T29] audit: type=1326 audit(1764990147.500:2303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5427 comm="syz.3.657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 84.070811][ T5429] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 84.086160][ T29] audit: type=1326 audit(1764990147.528:2304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5427 comm="syz.3.657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 84.119993][ T29] audit: type=1326 audit(1764990147.566:2305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5427 comm="syz.3.657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 84.170531][ T29] audit: type=1326 audit(1764990147.622:2306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5432 comm="syz.2.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10ba4cf749 code=0x7ffc0000 [ 84.211468][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.252679][ T29] audit: type=1326 audit(1764990147.650:2307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5432 comm="syz.2.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7f10ba4cf749 code=0x7ffc0000 [ 84.276057][ T29] audit: type=1326 audit(1764990147.650:2308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5432 comm="syz.2.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10ba4cf749 code=0x7ffc0000 [ 84.299467][ T29] audit: type=1326 audit(1764990147.650:2309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5432 comm="syz.2.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f10ba4cf749 code=0x7ffc0000 [ 84.322810][ T29] audit: type=1326 audit(1764990147.650:2310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5432 comm="syz.2.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10ba4cf749 code=0x7ffc0000 [ 84.346268][ T29] audit: type=1326 audit(1764990147.650:2311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5432 comm="syz.2.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f10ba4cf749 code=0x7ffc0000 [ 84.369669][ T29] audit: type=1326 audit(1764990147.650:2312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5432 comm="syz.2.658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10ba4cf749 code=0x7ffc0000 [ 84.595531][ T5456] Falling back ldisc for ttyS3. [ 84.726996][ T5465] loop3: detected capacity change from 0 to 512 [ 84.754175][ T5465] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.669: bad orphan inode 11862016 [ 84.765724][ T5465] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 84.778884][ T5465] ext4 filesystem being mounted at /143/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 84.806724][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 84.942446][ T5503] rdma_rxe: rxe_newlink: failed to add lo [ 85.105671][ T5538] rdma_rxe: rxe_newlink: failed to add lo [ 85.269476][ T5543] Falling back ldisc for ttyS3. [ 85.365992][ T5548] macvtap0: refused to change device tx_queue_len [ 85.644102][ T5561] loop2: detected capacity change from 0 to 164 [ 85.691506][ T5561] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 85.710685][ T5561] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 85.719952][ T5561] Symlink component flag not implemented [ 85.725709][ T5561] Symlink component flag not implemented [ 85.731800][ T5561] Symlink component flag not implemented (7) [ 85.737967][ T5561] Symlink component flag not implemented (116) [ 85.807075][ T5561] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 85.818066][ T5561] rock: directory entry would overflow storage [ 85.824389][ T5561] rock: sig=0x4f50, size=4, remaining=3 [ 85.830071][ T5561] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 85.931936][ T5572] sz1: rxe_newlink: already configured on lo [ 86.202903][ T5589] bridge0: port 3(gretap0) entered blocking state [ 86.209472][ T5589] bridge0: port 3(gretap0) entered disabled state [ 86.216571][ T5589] gretap0: entered allmulticast mode [ 86.223049][ T5589] gretap0: entered promiscuous mode [ 86.229070][ T5589] bridge0: port 3(gretap0) entered blocking state [ 86.235581][ T5589] bridge0: port 3(gretap0) entered forwarding state [ 86.286412][ T5589] gretap0: left allmulticast mode [ 86.291684][ T5589] gretap0: left promiscuous mode [ 86.296893][ T5589] bridge0: port 3(gretap0) entered disabled state [ 86.393144][ T5601] loop4: detected capacity change from 0 to 164 [ 86.431192][ T5601] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 86.461350][ T5601] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 86.493678][ T5601] Symlink component flag not implemented [ 86.499435][ T5601] Symlink component flag not implemented [ 86.505225][ T5601] Symlink component flag not implemented (7) [ 86.511308][ T5601] Symlink component flag not implemented (116) [ 86.598554][ T5602] loop2: detected capacity change from 0 to 1024 [ 86.670958][ T5623] Falling back ldisc for ttyS3. [ 86.850707][ T5635] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 86.999190][ T5638] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.085332][ T5638] 9pnet_fd: Insufficient options for proto=fd [ 87.122206][ T5638] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 87.148762][ T5648] __nla_validate_parse: 13 callbacks suppressed [ 87.148779][ T5648] netlink: 8 bytes leftover after parsing attributes in process `syz.0.720'. [ 87.232768][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.522831][ T5655] Falling back ldisc for ttyS3. [ 87.782935][ T5663] netlink: 8 bytes leftover after parsing attributes in process `syz.2.728'. [ 87.877822][ T5671] netlink: 12 bytes leftover after parsing attributes in process `syz.0.730'. [ 87.892559][ T5673] rdma_rxe: rxe_newlink: failed to add lo [ 87.934682][ T5677] netlink: 24 bytes leftover after parsing attributes in process `syz.4.732'. [ 87.949064][ T5677] set_capacity_and_notify: 2 callbacks suppressed [ 87.949081][ T5677] loop4: detected capacity change from 0 to 1024 [ 87.970475][ T5677] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.985438][ T5680] netlink: 36 bytes leftover after parsing attributes in process `syz.1.721'. [ 87.994377][ T5680] netlink: 16 bytes leftover after parsing attributes in process `syz.1.721'. [ 88.003260][ T5680] netlink: 36 bytes leftover after parsing attributes in process `syz.1.721'. [ 88.019116][ T5677] 9pnet_fd: Insufficient options for proto=fd [ 88.026575][ T5677] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 88.078891][ T3328] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.094578][ T5680] netlink: 36 bytes leftover after parsing attributes in process `syz.1.721'. [ 88.134115][ T5686] netlink: 8 bytes leftover after parsing attributes in process `syz.4.734'. [ 88.574053][ T5691] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 89.282262][ T5508] Bluetooth: hci0: Frame reassembly failed (-84) [ 89.353792][ T5714] loop2: detected capacity change from 0 to 128 [ 89.407709][ T29] kauditd_printk_skb: 323 callbacks suppressed [ 89.407724][ T29] audit: type=1326 audit(1764990152.515:2636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5717 comm="syz.4.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 89.438861][ T29] audit: type=1326 audit(1764990152.552:2637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5717 comm="syz.4.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 89.462243][ T29] audit: type=1326 audit(1764990152.552:2638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5717 comm="syz.4.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 89.485607][ T29] audit: type=1326 audit(1764990152.552:2639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5717 comm="syz.4.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 89.631834][ T5720] netlink: 12 bytes leftover after parsing attributes in process `syz.3.747'. [ 89.780072][ T5730] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 89.790114][ T5730] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.833843][ T29] audit: type=1326 audit(1764990152.917:2640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5729 comm="syz.3.752" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f030404f749 code=0x0 [ 89.883982][ T5730] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 89.893874][ T5730] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.959203][ T5730] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 89.969066][ T5730] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.090409][ T5740] loop1: detected capacity change from 0 to 512 [ 90.147656][ T5740] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 90.168631][ T29] audit: type=1400 audit(1764990153.226:2641): avc: denied { ioctl } for pid=5743 comm="syz.0.757" path="socket:[13642]" dev="sockfs" ino=13642 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 90.282605][ T5730] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 90.292431][ T5730] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.435664][ T5744] netlink: 'syz.0.757': attribute type 7 has an invalid length. [ 90.467763][ T5744] bridge_slave_1: left allmulticast mode [ 90.473653][ T5744] bridge_slave_1: left promiscuous mode [ 90.479362][ T5744] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.611484][ T5744] bridge_slave_0: left allmulticast mode [ 90.617288][ T5744] bridge_slave_0: left promiscuous mode [ 90.623153][ T5744] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.744276][ T1681] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 90.752708][ T1681] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.802414][ T1681] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 90.810650][ T1681] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.013349][ T5755] 8021q: adding VLAN 0 to HW filter on device bond1 [ 91.021890][ T1681] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.030154][ T1681] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.064925][ T5755] bond1: (slave batadv1): Opening slave failed [ 91.087995][ T1681] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.096324][ T1681] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.298329][ T29] audit: type=1400 audit(1764990154.292:2642): avc: denied { write } for pid=5768 comm="syz.0.768" name="001" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 91.378638][ T5774] rdma_rxe: rxe_newlink: failed to add lo [ 91.432477][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 91.438584][ T3649] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 91.458387][ T29] audit: type=1400 audit(1764990154.442:2643): avc: denied { create } for pid=5778 comm="syz.3.772" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 91.481933][ T29] audit: type=1400 audit(1764990154.461:2644): avc: denied { allowed } for pid=5778 comm="syz.3.772" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 91.504652][ T29] audit: type=1400 audit(1764990154.479:2645): avc: denied { create } for pid=5778 comm="syz.3.772" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 91.985799][ T5792] loop4: detected capacity change from 0 to 164 [ 92.002287][ T5792] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 92.040624][ T5792] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 92.065585][ T5792] Symlink component flag not implemented [ 92.071268][ T5792] Symlink component flag not implemented [ 92.092662][ T5792] Symlink component flag not implemented (7) [ 92.098732][ T5792] Symlink component flag not implemented (116) [ 92.313315][ T5801] rdma_rxe: rxe_newlink: failed to add lo [ 92.617623][ T5820] loop2: detected capacity change from 0 to 164 [ 92.645581][ T5820] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 92.760242][ T5824] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 93.468258][ T5834] rdma_rxe: rxe_newlink: failed to add lo [ 93.482697][ T5836] macvtap0: refused to change device tx_queue_len [ 93.658135][ T5840] __nla_validate_parse: 3 callbacks suppressed [ 93.658155][ T5840] netlink: 36 bytes leftover after parsing attributes in process `syz.3.797'. [ 93.673266][ T5840] netlink: 16 bytes leftover after parsing attributes in process `syz.3.797'. [ 93.682165][ T5840] netlink: 36 bytes leftover after parsing attributes in process `syz.3.797'. [ 93.714741][ T5844] loop4: detected capacity change from 0 to 1024 [ 93.744610][ T5844] EXT4-fs: Ignoring removed orlov option [ 93.771479][ T5844] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.810125][ T5840] netlink: 36 bytes leftover after parsing attributes in process `syz.3.797'. [ 93.839670][ T3328] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.879219][ T5854] loop1: detected capacity change from 0 to 128 [ 94.165605][ T5873] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.257012][ T5873] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.391787][ T5873] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.457872][ T5873] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.533241][ T5493] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.545712][ T5493] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.563282][ T5493] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.596263][ T5493] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.798203][ T29] kauditd_printk_skb: 235 callbacks suppressed [ 94.798219][ T29] audit: type=1400 audit(1764990157.557:2881): avc: denied { ioctl } for pid=5890 comm="syz.3.820" path="socket:[15216]" dev="sockfs" ino=15216 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 94.831452][ T29] audit: type=1400 audit(1764990157.576:2882): avc: denied { create } for pid=5886 comm="syz.0.818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 94.851243][ T29] audit: type=1400 audit(1764990157.576:2883): avc: denied { setopt } for pid=5886 comm="syz.0.818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 94.870959][ T29] audit: type=1400 audit(1764990157.576:2884): avc: denied { read } for pid=5886 comm="syz.0.818" name="nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 94.893902][ T29] audit: type=1400 audit(1764990157.576:2885): avc: denied { open } for pid=5886 comm="syz.0.818" path="/dev/nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 94.917478][ T29] audit: type=1400 audit(1764990157.576:2886): avc: denied { ioctl } for pid=5886 comm="syz.0.818" path="/dev/nvram" dev="devtmpfs" ino=98 ioctlcmd=0x7040 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 94.942420][ T29] audit: type=1326 audit(1764990157.576:2887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5886 comm="syz.0.818" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1c910af749 code=0x0 [ 94.967103][ T29] audit: type=1400 audit(1764990157.726:2888): avc: denied { read write } for pid=5892 comm="syz.3.821" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 94.967947][ T5895] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 94.991108][ T29] audit: type=1400 audit(1764990157.726:2889): avc: denied { open } for pid=5892 comm="syz.3.821" path="/dev/raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 95.022450][ T29] audit: type=1400 audit(1764990157.726:2890): avc: denied { ioctl } for pid=5892 comm="syz.3.821" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 95.048107][ T5895] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 95.914737][ T5917] loop3: detected capacity change from 0 to 512 [ 95.927613][ T5917] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 95.964590][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 95.970685][ T3649] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 96.203231][ T5921] netlink: 24 bytes leftover after parsing attributes in process `syz.2.831'. [ 96.312682][ T5922] loop2: detected capacity change from 0 to 1024 [ 96.332127][ T5925] sz1: rxe_newlink: already configured on lo [ 96.357060][ T5922] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.440151][ T5921] 9pnet_fd: Insufficient options for proto=fd [ 96.465601][ T5921] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 96.548398][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.893288][ T5942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 96.901917][ T5942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 97.036584][ T5953] macvtap0: refused to change device tx_queue_len [ 97.109722][ T5958] netlink: 36 bytes leftover after parsing attributes in process `syz.2.843'. [ 97.118653][ T5958] netlink: 16 bytes leftover after parsing attributes in process `syz.2.843'. [ 97.127715][ T5958] netlink: 36 bytes leftover after parsing attributes in process `syz.2.843'. [ 97.137065][ T5958] netlink: 36 bytes leftover after parsing attributes in process `syz.2.843'. [ 97.710978][ T5960] loop1: detected capacity change from 0 to 512 [ 97.723717][ T5960] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 99.033770][ T5480] Bluetooth: hci0: Frame reassembly failed (-84) [ 99.066505][ T5986] loop3: detected capacity change from 0 to 512 [ 99.078278][ T5988] netlink: 24 bytes leftover after parsing attributes in process `syz.0.856'. [ 99.101152][ T5989] loop2: detected capacity change from 0 to 128 [ 99.110834][ T5986] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.855: bad orphan inode 11862016 [ 99.184198][ T5986] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 99.229090][ T5986] ext4 filesystem being mounted at /195/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.297823][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 99.370353][ T6007] sz1: rxe_newlink: already configured on lo [ 99.397099][ T6009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 99.411385][ T6009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 99.604151][ T6019] netlink: 44 bytes leftover after parsing attributes in process `syz.0.870'. [ 99.750507][ T6024] netlink: 24 bytes leftover after parsing attributes in process `syz.1.872'. [ 99.765199][ T6024] loop1: detected capacity change from 0 to 1024 [ 99.765216][ T6026] macvtap0: refused to change device tx_queue_len [ 99.790863][ T6024] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.813433][ T6024] 9pnet_fd: Insufficient options for proto=fd [ 99.820614][ T6024] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 99.845933][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.875791][ T6034] netlink: 36 bytes leftover after parsing attributes in process `syz.3.862'. [ 99.884802][ T6034] netlink: 16 bytes leftover after parsing attributes in process `syz.3.862'. [ 99.893698][ T6034] netlink: 36 bytes leftover after parsing attributes in process `syz.3.862'. [ 99.909155][ T6032] loop1: detected capacity change from 0 to 8192 [ 99.909261][ T6034] netlink: 36 bytes leftover after parsing attributes in process `syz.3.862'. [ 100.378537][ T29] kauditd_printk_skb: 169 callbacks suppressed [ 100.378604][ T29] audit: type=1326 audit(1764990162.777:3060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6062 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c910af749 code=0x7ffc0000 [ 100.408560][ T29] audit: type=1326 audit(1764990162.777:3061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6062 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c910af749 code=0x7ffc0000 [ 100.432003][ T29] audit: type=1326 audit(1764990162.787:3062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6062 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7f1c910af749 code=0x7ffc0000 [ 100.455589][ T29] audit: type=1326 audit(1764990162.787:3063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6062 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c910af749 code=0x7ffc0000 [ 100.478935][ T29] audit: type=1326 audit(1764990162.787:3064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6062 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c910af749 code=0x7ffc0000 [ 100.502310][ T29] audit: type=1326 audit(1764990162.787:3065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6062 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1c910af749 code=0x7ffc0000 [ 100.525691][ T29] audit: type=1326 audit(1764990162.787:3066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6062 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c910af749 code=0x7ffc0000 [ 100.547278][ T6068] netlink: 36 bytes leftover after parsing attributes in process `syz.0.886'. [ 100.549140][ T29] audit: type=1326 audit(1764990162.787:3067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6062 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1c910af749 code=0x7ffc0000 [ 100.558015][ T6068] netlink: 16 bytes leftover after parsing attributes in process `syz.0.886'. [ 100.558034][ T6068] netlink: 36 bytes leftover after parsing attributes in process `syz.0.886'. [ 100.581453][ T29] audit: type=1326 audit(1764990162.787:3068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6062 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c910af749 code=0x7ffc0000 [ 100.622565][ T29] audit: type=1326 audit(1764990162.787:3069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6062 comm="syz.0.886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1c910af749 code=0x7ffc0000 [ 101.111083][ T6088] loop1: detected capacity change from 0 to 512 [ 101.129727][ T6088] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.895: bad orphan inode 11862016 [ 101.141048][ T6088] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 101.153802][ T6088] ext4 filesystem being mounted at /145/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 101.176249][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 101.185302][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 101.185838][ T3649] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 101.498967][ T6102] loop1: detected capacity change from 0 to 164 [ 101.507819][ T6102] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 101.519090][ T6102] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 101.528047][ T6102] Symlink component flag not implemented [ 101.533851][ T6102] Symlink component flag not implemented [ 101.539908][ T6102] Symlink component flag not implemented (7) [ 101.545934][ T6102] Symlink component flag not implemented (116) [ 101.972485][ T6119] loop1: detected capacity change from 0 to 1024 [ 101.987997][ T6119] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.002460][ T6119] 9pnet_fd: Insufficient options for proto=fd [ 102.009723][ T6119] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 102.050862][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.352070][ T5513] Bluetooth: hci0: Frame reassembly failed (-84) [ 102.947258][ T6158] loop3: detected capacity change from 0 to 1024 [ 102.959293][ T6158] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.973919][ T6158] 9pnet_fd: Insufficient options for proto=fd [ 102.981508][ T6158] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 103.009236][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.124257][ T6168] macvtap0: refused to change device tx_queue_len [ 103.379962][ T6179] loop3: detected capacity change from 0 to 8192 [ 103.447473][ T6185] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 103.468918][ T6185] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.504525][ T6188] loop4: detected capacity change from 0 to 1024 [ 103.523972][ T6188] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.544898][ T6188] 9pnet_fd: Insufficient options for proto=fd [ 103.554770][ T6188] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 103.634597][ T3328] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.737040][ T6198] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.935: bad orphan inode 11862016 [ 103.749578][ T6198] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 103.767190][ T6198] ext4 filesystem being mounted at /151/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.802583][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 104.045364][ T6209] macvtap0: refused to change device tx_queue_len [ 104.515992][ T3649] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 104.516013][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 104.763875][ T6232] set_capacity_and_notify: 1 callbacks suppressed [ 104.763888][ T6232] loop2: detected capacity change from 0 to 512 [ 104.796714][ T6232] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.946: bad orphan inode 11862016 [ 104.807898][ T6232] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 104.820628][ T6232] ext4 filesystem being mounted at /154/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 104.846140][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 104.958937][ T6241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 104.968308][ T6241] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 105.012189][ T6243] rdma_rxe: rxe_newlink: failed to add lo [ 105.401946][ T6256] __nla_validate_parse: 13 callbacks suppressed [ 105.401959][ T6256] netlink: 8 bytes leftover after parsing attributes in process `syz.0.956'. [ 105.501574][ T6262] loop2: detected capacity change from 0 to 8192 [ 105.563823][ T6265] macvtap0: refused to change device tx_queue_len [ 105.586601][ T6265] netlink: 36 bytes leftover after parsing attributes in process `syz.3.960'. [ 105.595590][ T6265] netlink: 16 bytes leftover after parsing attributes in process `syz.3.960'. [ 105.604493][ T6265] netlink: 36 bytes leftover after parsing attributes in process `syz.3.960'. [ 105.613469][ T6265] netlink: 36 bytes leftover after parsing attributes in process `syz.3.960'. [ 105.734939][ T29] kauditd_printk_skb: 374 callbacks suppressed [ 105.735000][ T29] audit: type=1326 audit(1764990167.801:3444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6271 comm="syz.3.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 105.764558][ T29] audit: type=1326 audit(1764990167.801:3445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6271 comm="syz.3.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 105.788050][ T29] audit: type=1326 audit(1764990167.829:3446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6269 comm="syz.3.960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 105.871709][ T29] audit: type=1326 audit(1764990167.913:3447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6277 comm="syz.3.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 105.895397][ T29] audit: type=1326 audit(1764990167.913:3448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6277 comm="syz.3.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 105.918821][ T29] audit: type=1326 audit(1764990167.932:3449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6277 comm="syz.3.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 105.942238][ T29] audit: type=1326 audit(1764990167.932:3450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6277 comm="syz.3.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 105.965624][ T29] audit: type=1326 audit(1764990167.932:3451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6277 comm="syz.3.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 105.988969][ T29] audit: type=1326 audit(1764990167.932:3452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6277 comm="syz.3.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 106.012413][ T29] audit: type=1326 audit(1764990167.932:3453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6277 comm="syz.3.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 106.099210][ T5488] Bluetooth: hci0: Frame reassembly failed (-84) [ 106.167734][ T6287] loop3: detected capacity change from 0 to 128 [ 106.182937][ T6288] loop1: detected capacity change from 0 to 512 [ 106.194988][ T6288] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 106.811229][ T6304] macvtap0: refused to change device tx_queue_len [ 106.998905][ T6307] netlink: 36 bytes leftover after parsing attributes in process `syz.4.972'. [ 107.007885][ T6307] netlink: 16 bytes leftover after parsing attributes in process `syz.4.972'. [ 107.016849][ T6307] netlink: 36 bytes leftover after parsing attributes in process `syz.4.972'. [ 107.066791][ T6307] netlink: 36 bytes leftover after parsing attributes in process `syz.4.972'. [ 107.518909][ T6319] netlink: 8 bytes leftover after parsing attributes in process `syz.0.978'. [ 108.059363][ T6331] loop2: detected capacity change from 0 to 512 [ 108.091009][ T6331] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.983: bad orphan inode 11862016 [ 108.092900][ T6333] loop4: detected capacity change from 0 to 1024 [ 108.104238][ T6331] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 108.121113][ T6331] ext4 filesystem being mounted at /163/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.134342][ T6333] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.149510][ T6333] 9pnet_fd: Insufficient options for proto=fd [ 108.157160][ T6333] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 108.173302][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 108.187636][ T3328] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.221631][ T6340] rdma_rxe: rxe_newlink: failed to add lo [ 108.251652][ T6344] loop2: detected capacity change from 0 to 512 [ 108.269993][ T6344] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.987: bad orphan inode 11862016 [ 108.278689][ T3649] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 108.286074][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 108.292257][ T6344] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 108.305683][ T6344] ext4 filesystem being mounted at /165/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.337616][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 108.463109][ T6357] loop4: detected capacity change from 0 to 512 [ 108.475017][ T6357] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 108.887202][ T6369] loop1: detected capacity change from 0 to 128 [ 110.087589][ T6394] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.128261][ T6394] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 110.341798][ T6406] loop3: detected capacity change from 0 to 512 [ 110.362210][ T6406] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.1010: bad orphan inode 11862016 [ 110.374401][ T6406] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 110.395575][ T6406] ext4 filesystem being mounted at /221/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.424586][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 110.489773][ T5513] Bluetooth: hci0: Frame reassembly failed (-84) [ 110.569226][ T6426] loop3: detected capacity change from 0 to 128 [ 110.854134][ T6439] macvtap0: refused to change device tx_queue_len [ 110.904098][ T6442] __nla_validate_parse: 5 callbacks suppressed [ 110.904114][ T6442] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1023'. [ 110.925123][ T6442] loop2: detected capacity change from 0 to 1024 [ 110.945706][ T6442] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.960901][ T6442] 9pnet_fd: Insufficient options for proto=fd [ 110.968771][ T6442] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 110.988562][ T6447] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1022'. [ 110.997612][ T6447] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1022'. [ 111.006611][ T6447] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1022'. [ 111.018265][ T6447] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1022'. [ 111.034514][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.059880][ T6449] loop2: detected capacity change from 0 to 512 [ 111.070360][ T6449] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.1024: bad orphan inode 11862016 [ 111.081987][ T6449] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 111.095057][ T6449] ext4 filesystem being mounted at /176/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 111.106569][ T29] kauditd_printk_skb: 395 callbacks suppressed [ 111.106587][ T29] audit: type=1400 audit(1764990172.825:3849): avc: denied { add_name } for pid=6448 comm="syz.2.1024" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 111.135523][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 111.157352][ T29] audit: type=1400 audit(1764990172.825:3850): avc: denied { create } for pid=6448 comm="syz.2.1024" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 111.177702][ T29] audit: type=1400 audit(1764990172.825:3851): avc: denied { read write open } for pid=6448 comm="syz.2.1024" path="/176/file1/file1" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 111.214927][ T29] audit: type=1400 audit(1764990172.918:3852): avc: denied { create } for pid=6452 comm="syz.0.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 111.234653][ T29] audit: type=1400 audit(1764990172.918:3853): avc: denied { ioctl } for pid=6452 comm="syz.0.1026" path="socket:[16547]" dev="sockfs" ino=16547 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 111.259878][ T29] audit: type=1400 audit(1764990172.928:3854): avc: denied { open } for pid=6455 comm="syz.2.1025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 111.279142][ T29] audit: type=1400 audit(1764990172.928:3855): avc: denied { kernel } for pid=6455 comm="syz.2.1025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 111.301902][ T29] audit: type=1326 audit(1764990172.965:3856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6455 comm="syz.2.1025" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f10ba4cf749 code=0x0 [ 111.424208][ T6463] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.433110][ T6463] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.440969][ T29] audit: type=1400 audit(1764990173.115:3857): avc: denied { read write } for pid=6462 comm="syz.4.1029" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 111.464580][ T29] audit: type=1400 audit(1764990173.115:3858): avc: denied { open } for pid=6462 comm="syz.4.1029" path="/dev/raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 112.050759][ T6482] rdma_rxe: rxe_newlink: failed to add lo [ 112.201186][ T6497] macvtap0: refused to change device tx_queue_len [ 112.289292][ T6505] macvtap0: refused to change device tx_queue_len [ 112.333966][ T6509] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1044'. [ 112.343094][ T6509] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1044'. [ 112.344037][ T6510] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.352156][ T6509] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1044'. [ 112.361180][ T6510] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 112.370573][ T6509] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1044'. [ 112.387483][ T6511] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1047'. [ 112.513236][ T6520] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.566690][ T6520] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.620012][ T6520] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.639784][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 112.641261][ T3649] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 112.684282][ T6520] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.742734][ T5488] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.754632][ T5488] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.766105][ T5488] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.778307][ T5488] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.518728][ T6545] macvtap0: refused to change device tx_queue_len [ 113.965696][ T6575] loop3: detected capacity change from 0 to 164 [ 113.990517][ T6575] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 114.030459][ T6575] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 114.040757][ T6575] Symlink component flag not implemented [ 114.046411][ T6575] Symlink component flag not implemented [ 114.061473][ T6575] Symlink component flag not implemented (7) [ 114.067565][ T6575] Symlink component flag not implemented (116) [ 114.143344][ T6584] loop3: detected capacity change from 0 to 1024 [ 114.170114][ T6584] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.191785][ T6584] 9pnet_fd: Insufficient options for proto=fd [ 114.201810][ T6584] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 114.240447][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.100823][ T6624] loop1: detected capacity change from 0 to 164 [ 115.118446][ T6624] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 115.215772][ T6624] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 115.224351][ T6624] Symlink component flag not implemented [ 115.230062][ T6624] Symlink component flag not implemented [ 115.239384][ T6624] Symlink component flag not implemented (7) [ 115.245449][ T6624] Symlink component flag not implemented (116) [ 115.338632][ T6633] loop1: detected capacity change from 0 to 1024 [ 115.390938][ T6633] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.494967][ T6633] 9pnet_fd: Insufficient options for proto=fd [ 115.539314][ T6633] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 115.633726][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.120803][ T6659] loop4: detected capacity change from 0 to 512 [ 116.131822][ T6659] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 116.795883][ T29] kauditd_printk_skb: 224 callbacks suppressed [ 116.795901][ T29] audit: type=1400 audit(1764990178.139:4083): avc: denied { getopt } for pid=6664 comm="syz.0.1108" lport=45279 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 116.832952][ T6665] sz1: rxe_newlink: already configured on lo [ 116.951063][ T6669] loop1: detected capacity change from 0 to 164 [ 116.998372][ T6669] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 117.034457][ T6673] __nla_validate_parse: 13 callbacks suppressed [ 117.034483][ T6673] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1112'. [ 117.059415][ T6669] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 117.070480][ T29] audit: type=1326 audit(1764990178.391:4084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6671 comm="syz.3.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 117.093932][ T29] audit: type=1326 audit(1764990178.391:4085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6671 comm="syz.3.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 117.117496][ T29] audit: type=1326 audit(1764990178.391:4086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6671 comm="syz.3.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 117.140924][ T29] audit: type=1326 audit(1764990178.391:4087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6671 comm="syz.3.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 117.198283][ T6669] Symlink component flag not implemented [ 117.203983][ T6669] Symlink component flag not implemented [ 117.243461][ T6669] Symlink component flag not implemented (7) [ 117.249598][ T6669] Symlink component flag not implemented (116) [ 117.292687][ T6683] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.301192][ T6683] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.398608][ T29] audit: type=1400 audit(1764990178.578:4088): avc: denied { create } for pid=6672 comm="syz.2.1112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 117.419055][ T29] audit: type=1400 audit(1764990178.578:4089): avc: denied { bind } for pid=6672 comm="syz.2.1112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 117.439210][ T29] audit: type=1400 audit(1764990178.578:4090): avc: denied { connect } for pid=6672 comm="syz.2.1112" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 117.560594][ T6689] rdma_rxe: rxe_newlink: failed to add lo [ 118.073099][ T29] audit: type=1326 audit(1764990179.336:4091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6696 comm="syz.2.1120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f10ba4c65e7 code=0x7ffc0000 [ 118.206646][ T29] audit: type=1326 audit(1764990179.374:4092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6696 comm="syz.2.1120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f10ba46b829 code=0x7ffc0000 [ 118.395952][ T5481] Bluetooth: hci0: Frame reassembly failed (-84) [ 118.431259][ T6710] loop2: detected capacity change from 0 to 164 [ 118.438641][ T6710] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 118.466099][ T6711] loop4: detected capacity change from 0 to 128 [ 118.473298][ T6710] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 118.516845][ T6710] Symlink component flag not implemented [ 118.522688][ T6710] Symlink component flag not implemented [ 118.560563][ T6710] Symlink component flag not implemented (7) [ 118.566778][ T6710] Symlink component flag not implemented (116) [ 118.598069][ T6713] macvtap0: refused to change device tx_queue_len [ 118.702768][ T6720] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1127'. [ 118.711799][ T6720] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1127'. [ 118.720749][ T6720] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1127'. [ 118.756894][ T6720] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1127'. [ 119.186428][ T6740] loop1: detected capacity change from 0 to 128 [ 119.937167][ T6758] macvtap0: refused to change device tx_queue_len [ 120.064855][ T6761] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1147'. [ 120.073887][ T6761] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1147'. [ 120.082956][ T6761] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1147'. [ 120.092032][ T6761] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1147'. [ 120.276384][ T6765] loop2: detected capacity change from 0 to 164 [ 120.286829][ T6765] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 120.299007][ T6765] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 120.307712][ T6765] Symlink component flag not implemented [ 120.313378][ T6765] Symlink component flag not implemented [ 120.319384][ T6765] Symlink component flag not implemented (7) [ 120.325435][ T6765] Symlink component flag not implemented (116) [ 120.408281][ T6770] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1151'. [ 120.421805][ T6770] loop3: detected capacity change from 0 to 1024 [ 120.435487][ T6770] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 120.449464][ T6770] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 120.477485][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.506202][ T6779] rdma_rxe: rxe_newlink: failed to add lo [ 120.592548][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 120.592890][ T3649] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 120.821163][ T6802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.830061][ T6802] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 121.021922][ T6810] loop1: detected capacity change from 0 to 1024 [ 121.032484][ T6810] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.046671][ T6810] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 121.072791][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.095013][ T6814] rdma_rxe: rxe_newlink: failed to add lo [ 121.205613][ T5498] Bluetooth: hci0: Frame reassembly failed (-84) [ 121.264942][ T6829] loop4: detected capacity change from 0 to 128 [ 121.544980][ T6837] loop2: detected capacity change from 0 to 1024 [ 121.558096][ T6837] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.572385][ T6837] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 121.598530][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.678320][ T5487] Bluetooth: hci1: Frame reassembly failed (-84) [ 122.202385][ T6866] rdma_rxe: rxe_newlink: failed to add lo [ 122.264591][ T29] kauditd_printk_skb: 377 callbacks suppressed [ 122.264606][ T29] audit: type=1326 audit(1764990183.256:4470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6873 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 122.294475][ T29] audit: type=1326 audit(1764990183.256:4471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6873 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 122.327780][ T29] audit: type=1326 audit(1764990183.256:4472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6873 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 122.351247][ T29] audit: type=1326 audit(1764990183.265:4473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6873 comm="syz.1.1190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 122.415082][ T6880] loop2: detected capacity change from 0 to 164 [ 122.427221][ T6880] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 122.447239][ T6880] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 122.455787][ T6880] Symlink component flag not implemented [ 122.461440][ T6880] Symlink component flag not implemented [ 122.467192][ T6880] Symlink component flag not implemented (7) [ 122.473170][ T6880] Symlink component flag not implemented (116) [ 122.825489][ T6894] rdma_rxe: rxe_newlink: failed to add lo [ 122.890849][ T6900] __nla_validate_parse: 6 callbacks suppressed [ 122.890866][ T6900] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1203'. [ 122.910151][ T6900] loop1: detected capacity change from 0 to 1024 [ 122.924267][ T6900] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.938466][ T6900] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 122.963583][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.001560][ T6906] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1205'. [ 123.414490][ T4872] Bluetooth: hci0: command 0x1003 tx timeout [ 123.421575][ T3649] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 123.517134][ T6911] loop2: detected capacity change from 0 to 512 [ 123.527925][ T6911] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 123.842051][ T44] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 124.142746][ T6924] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1210'. [ 124.194957][ T29] audit: type=1326 audit(1764990184.949:4474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.1.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 124.218596][ T29] audit: type=1326 audit(1764990184.949:4475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.1.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 124.242167][ T29] audit: type=1326 audit(1764990184.949:4476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.1.1209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 124.315459][ T6931] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1215'. [ 124.355360][ T6931] loop1: detected capacity change from 0 to 1024 [ 124.388273][ T6933] rdma_rxe: rxe_newlink: failed to add lo [ 124.428248][ T6931] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.468042][ T6938] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1217'. [ 124.505231][ T6931] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 124.592149][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.924032][ T6949] macvtap0: refused to change device tx_queue_len [ 124.944520][ T6951] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1223'. [ 124.955683][ T29] audit: type=1326 audit(1764990185.782:4477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6948 comm="syz.1.1222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 124.979975][ T29] audit: type=1326 audit(1764990185.801:4478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6948 comm="syz.1.1222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 125.003535][ T29] audit: type=1326 audit(1764990185.801:4479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6948 comm="syz.1.1222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 125.156711][ T6963] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1222'. [ 125.165750][ T6963] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1222'. [ 125.174748][ T6963] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1222'. [ 125.184435][ T6963] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1222'. [ 125.405693][ T6974] loop4: detected capacity change from 0 to 164 [ 125.429757][ T6974] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 125.492769][ T6974] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 125.507081][ T6974] Symlink component flag not implemented [ 125.512851][ T6974] Symlink component flag not implemented [ 125.573887][ T6974] Symlink component flag not implemented (7) [ 125.580003][ T6974] Symlink component flag not implemented (116) [ 125.632684][ T6988] macvtap0: refused to change device tx_queue_len [ 126.054257][ T7022] macvtap0: refused to change device tx_queue_len [ 126.129906][ T7031] macvtap0: refused to change device tx_queue_len [ 127.110668][ T7059] macvtap0: refused to change device tx_queue_len [ 127.318857][ T7070] loop4: detected capacity change from 0 to 512 [ 127.351063][ T7070] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 127.916137][ T7086] macvtap0: refused to change device tx_queue_len [ 127.935462][ T29] kauditd_printk_skb: 199 callbacks suppressed [ 127.935480][ T29] audit: type=1326 audit(1764990188.560:4679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7085 comm="syz.3.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f03040465e7 code=0x7ffc0000 [ 127.993348][ T29] audit: type=1326 audit(1764990188.598:4680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7085 comm="syz.3.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0303feb829 code=0x7ffc0000 [ 128.016755][ T29] audit: type=1326 audit(1764990188.598:4681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7085 comm="syz.3.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f03040465e7 code=0x7ffc0000 [ 128.040108][ T29] audit: type=1326 audit(1764990188.598:4682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7085 comm="syz.3.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0303feb829 code=0x7ffc0000 [ 128.063528][ T29] audit: type=1326 audit(1764990188.598:4683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7085 comm="syz.3.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 128.086947][ T29] audit: type=1326 audit(1764990188.607:4684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7085 comm="syz.3.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 128.110528][ T29] audit: type=1326 audit(1764990188.607:4685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7085 comm="syz.3.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f03040465e7 code=0x7ffc0000 [ 128.133997][ T29] audit: type=1326 audit(1764990188.607:4686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7085 comm="syz.3.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0303feb829 code=0x7ffc0000 [ 128.157356][ T29] audit: type=1326 audit(1764990188.607:4687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7085 comm="syz.3.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f03040465e7 code=0x7ffc0000 [ 128.180772][ T29] audit: type=1326 audit(1764990188.607:4688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7085 comm="syz.3.1280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0303feb829 code=0x7ffc0000 [ 128.385462][ T7105] loop3: detected capacity change from 0 to 164 [ 128.767474][ T7105] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 128.834208][ T7105] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 128.872559][ T7115] loop2: detected capacity change from 0 to 512 [ 128.883721][ T7105] Symlink component flag not implemented [ 128.889485][ T7105] Symlink component flag not implemented [ 128.896575][ T7115] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 128.991232][ T7105] Symlink component flag not implemented (7) [ 128.997333][ T7105] Symlink component flag not implemented (116) [ 129.196599][ T7124] loop2: detected capacity change from 0 to 512 [ 129.271680][ T7124] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 129.290334][ T7124] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.1293: invalid indirect mapped block 4294967295 (level 0) [ 129.304597][ T7124] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.1293: invalid indirect mapped block 4294967295 (level 1) [ 129.326611][ T7124] EXT4-fs (loop2): 1 orphan inode deleted [ 129.332390][ T7124] EXT4-fs (loop2): 1 truncate cleaned up [ 129.338946][ T7124] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.353673][ T7131] rdma_rxe: rxe_newlink: failed to add lo [ 129.360518][ T7124] EXT4-fs error (device loop2): ext4_find_dest_de:2050: inode #2: block 13: comm syz.2.1293: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0 [ 129.439651][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.487383][ T7140] __nla_validate_parse: 4 callbacks suppressed [ 129.487403][ T7140] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1299'. [ 129.518258][ T7140] loop2: detected capacity change from 0 to 1024 [ 129.542767][ T7140] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.567506][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.802433][ T7156] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1303'. [ 129.811570][ T7156] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1303'. [ 129.820647][ T7156] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1303'. [ 130.254456][ T7172] sd 0:0:1:0: device reset [ 130.423422][ T7180] loop3: detected capacity change from 0 to 512 [ 130.430832][ T7180] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 130.453924][ T7180] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 130.471815][ T7180] ext4 filesystem being mounted at /293/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.628063][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 130.768986][ T7199] macvtap0: refused to change device tx_queue_len [ 130.907037][ T7213] loop2: detected capacity change from 0 to 512 [ 130.940744][ T7213] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 131.205844][ T7230] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1333'. [ 131.242827][ T7233] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1330'. [ 131.251994][ T7233] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1330'. [ 131.261060][ T7233] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1330'. [ 131.317066][ T7235] loop1: detected capacity change from 0 to 512 [ 131.324849][ T7235] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 131.348444][ T7235] EXT4-fs (loop1): 1 truncate cleaned up [ 131.354975][ T7235] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.373813][ T7235] EXT4-fs (loop1): shut down requested (0) [ 131.403898][ T7235] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 131.439468][ T7235] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 131.486480][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.912143][ T7261] sz1: rxe_newlink: already configured on lo [ 132.125577][ T7273] loop3: detected capacity change from 0 to 164 [ 132.132653][ T7275] syz.4.1350 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 132.161590][ T7273] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 132.201547][ T7273] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 132.209930][ T7273] Symlink component flag not implemented [ 132.215714][ T7273] Symlink component flag not implemented [ 132.233205][ T7273] Symlink component flag not implemented (7) [ 132.239319][ T7273] Symlink component flag not implemented (116) [ 132.258417][ T7279] rdma_rxe: rxe_newlink: failed to add lo [ 132.554059][ T7296] loop4: detected capacity change from 0 to 512 [ 132.580707][ T7296] journal_path: Non-blockdev passed as './bus' [ 132.587255][ T7296] EXT4-fs: error: could not find journal device path [ 132.600660][ T7299] macvtap0: refused to change device tx_queue_len [ 133.054206][ T7328] lo speed is unknown, defaulting to 1000 [ 133.163118][ T7335] €Â: renamed from batadv_slave_0 (while UP) [ 133.426195][ T7337] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 133.559622][ T29] kauditd_printk_skb: 225 callbacks suppressed [ 133.559639][ T29] audit: type=1400 audit(1764990193.827:4914): avc: denied { map } for pid=7327 comm="syz.3.1372" path="socket:[19358]" dev="sockfs" ino=19358 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 133.687048][ T7340] rdma_rxe: rxe_newlink: failed to add lo [ 133.762325][ T29] audit: type=1326 audit(1764990193.855:4915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7327 comm="syz.3.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 133.785819][ T29] audit: type=1326 audit(1764990193.855:4916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7327 comm="syz.3.1372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f030404f749 code=0x7ffc0000 [ 134.089726][ T7344] loop1: detected capacity change from 0 to 164 [ 134.187701][ T29] audit: type=1400 audit(1764990194.155:4917): avc: denied { ioctl } for pid=7341 comm="syz.1.1376" path="socket:[19393]" dev="sockfs" ino=19393 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 134.225349][ T7344] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 134.247726][ T7344] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 134.287413][ T7344] Symlink component flag not implemented [ 134.293090][ T7344] Symlink component flag not implemented [ 134.322394][ T7344] Symlink component flag not implemented (7) [ 134.328595][ T7344] Symlink component flag not implemented (116) [ 134.340510][ T29] audit: type=1400 audit(1764990194.557:4918): avc: denied { create } for pid=7345 comm="syz.4.1378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 134.435076][ T29] audit: type=1400 audit(1764990194.576:4919): avc: denied { read } for pid=7345 comm="syz.4.1378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 134.599008][ T29] audit: type=1326 audit(1764990194.754:4920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7351 comm="syz.1.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 134.622746][ T29] audit: type=1326 audit(1764990194.754:4921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7351 comm="syz.1.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 134.646187][ T29] audit: type=1326 audit(1764990194.754:4922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7351 comm="syz.1.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 134.669677][ T29] audit: type=1326 audit(1764990194.754:4923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7351 comm="syz.1.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48c446f749 code=0x7ffc0000 [ 135.039041][ T7332] Set syz1 is full, maxelem 65536 reached [ 135.135001][ T7368] sz1: rxe_newlink: already configured on lo [ 135.383396][ T7386] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 135.536938][ T7392] rdma_rxe: rxe_newlink: failed to add lo [ 135.671279][ T7396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.683754][ T7396] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.990444][ T7403] rdma_rxe: rxe_newlink: failed to add lo [ 136.264989][ T7412] loop1: detected capacity change from 0 to 512 [ 136.316997][ T7412] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 136.362398][ T7412] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 136.400613][ T7412] EXT4-fs (loop1): 1 truncate cleaned up [ 136.427288][ T7412] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 136.475538][ T7420] rdma_rxe: rxe_newlink: failed to add lo [ 136.503480][ T7412] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #2: block 4: comm syz.1.1402: lblock 0 mapped to illegal pblock 4 (length 1) [ 136.566181][ T7412] EXT4-fs (loop1): Remounting filesystem read-only [ 136.781067][ T7427] 9pnet_fd: Insufficient options for proto=fd [ 137.083985][ T7442] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1410'. [ 137.093069][ T7442] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1410'. [ 137.102104][ T7442] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1410'. [ 137.246505][ T7451] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1411'. [ 137.255590][ T7451] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1411'. [ 137.264660][ T7451] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1411'. [ 137.306358][ T7451] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1411'. [ 137.754148][ T7470] loop2: detected capacity change from 0 to 512 [ 137.951863][ T7470] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 137.961959][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.441380][ T7474] loop3: detected capacity change from 0 to 2048 [ 138.608677][ T7474] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 138.754184][ T7474] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 138.766585][ T7490] loop4: detected capacity change from 0 to 128 [ 138.915527][ T7501] macvtap0: refused to change device tx_queue_len [ 138.939579][ T29] kauditd_printk_skb: 141 callbacks suppressed [ 138.939644][ T29] audit: type=1326 audit(1764990198.860:5065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7500 comm="syz.4.1434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 139.010065][ T29] audit: type=1326 audit(1764990198.889:5066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7500 comm="syz.4.1434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 139.033583][ T29] audit: type=1326 audit(1764990198.889:5067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7500 comm="syz.4.1434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 139.057273][ T29] audit: type=1326 audit(1764990198.889:5068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7500 comm="syz.4.1434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 139.080764][ T29] audit: type=1326 audit(1764990198.889:5069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7500 comm="syz.4.1434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 139.104250][ T29] audit: type=1326 audit(1764990198.889:5070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7500 comm="syz.4.1434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 139.127783][ T29] audit: type=1326 audit(1764990198.889:5071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7500 comm="syz.4.1434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 139.151378][ T29] audit: type=1326 audit(1764990198.889:5072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7500 comm="syz.4.1434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 139.256854][ T7510] FAULT_INJECTION: forcing a failure. [ 139.256854][ T7510] name failslab, interval 1, probability 0, space 0, times 0 [ 139.269717][ T7510] CPU: 1 UID: 0 PID: 7510 Comm: syz.1.1438 Not tainted syzkaller #0 PREEMPT(voluntary) [ 139.269744][ T7510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 139.269757][ T7510] Call Trace: [ 139.269764][ T7510] [ 139.269772][ T7510] __dump_stack+0x1d/0x30 [ 139.269810][ T7510] dump_stack_lvl+0xe8/0x140 [ 139.269839][ T7510] dump_stack+0x15/0x1b [ 139.269910][ T7510] should_fail_ex+0x265/0x280 [ 139.270024][ T7510] should_failslab+0x8c/0xb0 [ 139.270105][ T7510] __kmalloc_noprof+0xa5/0x590 [ 139.270125][ T7510] ? sock_kmalloc+0x85/0xc0 [ 139.270146][ T7510] ? iovec_from_user+0x5e/0x210 [ 139.270217][ T7510] sock_kmalloc+0x85/0xc0 [ 139.270240][ T7510] ____sys_sendmsg+0xf8/0x4a0 [ 139.270272][ T7510] ___sys_sendmsg+0x17b/0x1d0 [ 139.270310][ T7510] __sys_sendmmsg+0x178/0x300 [ 139.270388][ T7510] __x64_sys_sendmmsg+0x57/0x70 [ 139.270410][ T7510] x64_sys_call+0x1e28/0x3000 [ 139.270434][ T7510] do_syscall_64+0xd8/0x2a0 [ 139.270466][ T7510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.270509][ T7510] RIP: 0033:0x7f48c446f749 [ 139.270533][ T7510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.270614][ T7510] RSP: 002b:00007f48c2ed7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 139.270633][ T7510] RAX: ffffffffffffffda RBX: 00007f48c46c5fa0 RCX: 00007f48c446f749 [ 139.270646][ T7510] RDX: 0000000000000001 RSI: 0000200000005980 RDI: 0000000000000004 [ 139.270661][ T7510] RBP: 00007f48c2ed7090 R08: 0000000000000000 R09: 0000000000000000 [ 139.270677][ T7510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 139.270693][ T7510] R13: 00007f48c46c6038 R14: 00007f48c46c5fa0 R15: 00007fff1fed8888 [ 139.270718][ T7510] [ 139.484515][ T29] audit: type=1326 audit(1764990199.085:5073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7500 comm="syz.4.1434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 139.508050][ T29] audit: type=1326 audit(1764990199.085:5074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7500 comm="syz.4.1434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fede32bf749 code=0x7ffc0000 [ 139.546208][ T7514] loop2: detected capacity change from 0 to 164 [ 139.578053][ T7514] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 139.611861][ T7514] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 139.634408][ T7514] Symlink component flag not implemented [ 139.640112][ T7514] Symlink component flag not implemented [ 139.665712][ T7514] Symlink component flag not implemented (7) [ 139.671764][ T7514] Symlink component flag not implemented (116) [ 139.699445][ T7524] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1444'. [ 139.895046][ T7537] lo speed is unknown, defaulting to 1000 [ 140.013400][ T7544] €Â: renamed from batadv_slave_0 [ 140.679111][ T7559] macvtap0: refused to change device tx_queue_len [ 140.742798][ T7531] Set syz1 is full, maxelem 65536 reached [ 140.780141][ T7572] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1460'. [ 140.814598][ T7577] macvtap0: refused to change device tx_queue_len [ 140.904265][ T7585] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1463'. [ 141.066787][ T7594] loop3: detected capacity change from 0 to 164 [ 141.083577][ T7594] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 141.137385][ T7594] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 141.167708][ T7594] Symlink component flag not implemented [ 141.173508][ T7594] Symlink component flag not implemented [ 141.199267][ T7594] Symlink component flag not implemented (7) [ 141.205379][ T7594] Symlink component flag not implemented (116) [ 141.224026][ T7600] loop4: detected capacity change from 0 to 2048 [ 141.258742][ T7600] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 141.290419][ T7605] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 141.386816][ T7600] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 141.424196][ T7600] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 538 with error 28 [ 141.436645][ T7600] EXT4-fs (loop4): This should not happen!! Data will be lost [ 141.436645][ T7600] [ 141.446386][ T7600] EXT4-fs (loop4): Total free blocks count 0 [ 141.452468][ T7600] EXT4-fs (loop4): Free/Dirty block details [ 141.458446][ T7600] EXT4-fs (loop4): free_blocks=2415919104 [ 141.464182][ T7600] EXT4-fs (loop4): dirty_blocks=544 [ 141.469530][ T7600] EXT4-fs (loop4): Block reservation details [ 141.475530][ T7600] EXT4-fs (loop4): i_reserved_data_blocks=34 [ 141.572068][ T7613] macvtap0: refused to change device tx_queue_len [ 141.612522][ T5515] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 538 with error 28 [ 141.868628][ T7589] ================================================================== [ 141.876859][ T7589] BUG: KCSAN: data-race in memcpy_and_pad / rcu_tasks_trace_pregp_step [ 141.885144][ T7589] [ 141.887489][ T7589] write to 0xffff88810a1d14dc of 4 bytes by task 28 on cpu 1: [ 141.894975][ T7589] rcu_tasks_trace_pregp_step+0x1ac/0x920 [ 141.900820][ T7589] rcu_tasks_wait_gp+0x8b/0x530 [ 141.905694][ T7589] rcu_tasks_one_gp+0x7f6/0x8e0 [ 141.910582][ T7589] rcu_tasks_kthread+0xf7/0x110 [ 141.915446][ T7589] kthread+0x489/0x510 [ 141.919575][ T7589] ret_from_fork+0x149/0x290 [ 141.924176][ T7589] ret_from_fork_asm+0x1a/0x30 [ 141.928980][ T7589] [ 141.931303][ T7589] read to 0xffff88810a1d1080 of 3264 bytes by task 7589 on cpu 0: [ 141.939110][ T7589] memcpy_and_pad+0x48/0x80 [ 141.943667][ T7589] arch_dup_task_struct+0x2c/0x40 [ 141.948716][ T7589] dup_task_struct+0x83/0x690 [ 141.953405][ T7589] copy_process+0x37d/0x1ef0 [ 141.953599][ T7632] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.958014][ T7589] create_io_thread+0x71/0xa0 [ 141.958044][ T7589] io_sq_offload_create+0x644/0x840 [ 141.958076][ T7589] io_uring_create+0x2f2/0x4e0 [ 141.967837][ T7632] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.971162][ T7589] __se_sys_io_uring_setup+0x1be/0x1d0 [ 141.994290][ T7589] __x64_sys_io_uring_setup+0x31/0x40 [ 141.999689][ T7589] x64_sys_call+0x244c/0x3000 [ 142.004377][ T7589] do_syscall_64+0xd8/0x2a0 [ 142.008902][ T7589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.014805][ T7589] [ 142.017127][ T7589] Reported by Kernel Concurrency Sanitizer on: [ 142.023273][ T7589] CPU: 0 UID: 0 PID: 7589 Comm: syz.1.1468 Not tainted syzkaller #0 PREEMPT(voluntary) [ 142.033015][ T7589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 142.043087][ T7589] ==================================================================