last executing test programs: 2.246947919s ago: executing program 3 (id=890): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={0x0, r1}, 0x18) 1.991500433s ago: executing program 2 (id=894): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={0x0, r1}, 0x18) (fail_nth: 2) 1.722052237s ago: executing program 2 (id=896): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00'}) socket$netlink(0x10, 0x3, 0x0) open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x8, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001000)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1], 0x0, 0x2, 0x0, 0x0, 0x0, 0xd5e93709d453f02a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @value}, 0x94) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @mcast2}, r3}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000300)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x8, @loopback, 0xd}, {0xa, 0x4e23, 0x8, @remote, 0x80000006}, r3, 0xc75a}}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r4}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3fffff) 1.721597716s ago: executing program 4 (id=897): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0xfe58}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x3c, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_config_ext={0x3, 0x1}, 0x18002, 0x8002, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$binfmt_aout(r2, &(0x7f00000001c0)=ANY=[@ANYRESHEX], 0x20) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) fsopen(0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'netpci0\x00', 0x2}) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000000380)=ANY=[@ANYBLOB="01000004"]) 1.639629957s ago: executing program 2 (id=900): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xc8}}, 0x20050800) 1.630674658s ago: executing program 2 (id=901): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="190000000400000008000000"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="180000c069c4880867d397e5b93139000000000000000000000001b518110000", @ANYRESOCT=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000001c0)=0x20000, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'ip6tnl0\x00', 0x0}) setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000000)=0xf3e, 0x4) sendto$packet(r6, &(0x7f0000000240)="93", 0x1, 0x80, &(0x7f0000000080)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @broadcast}, 0x14) fallocate(r3, 0x0, 0x0, 0x8000c62) fallocate(r3, 0x10, 0x2, 0x7000000) write$selinux_load(r3, &(0x7f0000000380)={0xf97cff8c, 0x8, 'SE Linux', "d00c98b2c716be15c2cadff6b88fca61761f1b40b0f010ecd7d01810082e9e3bfd81cc4b6e621385247e4bd8514515e79196c36ef15ded9e6718409ec34d667deeb47396ed143d3d1283f20ef7ee0e2b6110c36f412b1cb265c9e8cd483d8331dc05e8b2627f9b0bd3a9f9c4abd04d969301725eb92e55f4d3400bd882497fcb3d6887f55233dfb60afc1e4ceda3c1c6c08b9de02ab41c5fa4f69eed54f1ccd0f5200ebf91327b83b3865b00c32cc5f00626fc43394819"}, 0xc7) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) close_range(r8, 0xffffffffffffffff, 0x0) 1.592319508s ago: executing program 1 (id=902): r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000002500)='\f7', 0x2}, {&(0x7f0000000000)='0', 0x1}], 0x2) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000fc0)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x4000054) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='sys_enter\x00', r1}, 0x10) getrusage(0x1, &(0x7f0000000dc0)) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000400)={&(0x7f00000008c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000229bd7000fcdbdf2507000000080005000c0000000400cc000400cc000ec707f74fe0f0eb93cc1ce9514b701fff88fbaed3cd93703205ac7dd4486dbb668e53a7c194676d419d777c74da8fe327c0bde14ab656af8d9cc88ee388788326534cbc89da09c1929819d8051f721cb84cb5ced89e3c2c49e404230d28cc90f5b814576706021e5ae139f7af8537141fb52133b6388d111cd3f7c8af10e39e471122f86609da585a3de6056df28670f8b6d1876fd4ff4cb932a02aa226c872bcf3935f1723b97a39d72bc43a24f4e930bad70860339702e0"], 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x80) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f00000001c0)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x61) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000380000003800000004000000020000000000001104000000ffffffff000000000000000200000000020000000000000802000000020000000000000e030000000000000000006300"], 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) bind$inet6(r3, &(0x7f0000000340)={0xa, 0x4e21, 0xfffff000, @private0, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000140), 0x4) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x7, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x4000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0xff0f}], 0x1}, 0x0) recvmsg(r5, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xff0f}], 0x1}, 0x0) getsockopt$bt_hci(r3, 0x11a, 0x2, 0x0, &(0x7f0000000180)) mkdir(&(0x7f0000000400)='./file0\x00', 0x101) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) pipe2$9p(&(0x7f0000000240), 0x80000) 1.282549072s ago: executing program 3 (id=903): r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x5, 0x10040) ioctl$USBDEVFS_DISCARDURB(r0, 0x550b, &(0x7f0000000040)) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, &(0x7f0000000080)=0xa) r1 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x98000, 0x1bc) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000010c0), 0x80000, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000001100)={0x4}) fcntl$setpipe(r1, 0x407, 0x6) stat(&(0x7f0000001140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000002140)={0x0, 0x0, 0x0, 0x0, 0x0}) madvise(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x65) ioctl$USBDEVFS_CLEAR_HALT(r1, 0x80045515, &(0x7f00000021c0)={0x3}) mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000002200)=0x30000000, 0x5, 0x4) lsm_get_self_attr(0x67, &(0x7f0000002240)={0x0, 0x0, 0x102, 0xe2, ""/226}, &(0x7f0000002380)=0x102, 0x1) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000023c0)={r1}, 0x4) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002400)='/proc/slabinfo\x00', 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000002680)={'ip6gre0\x00', &(0x7f0000002600)={'ip6_vti0\x00', 0x0, 0x4, 0x10, 0x6, 0x7, 0x40, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x20, 0x40, 0x7, 0x9}}) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000002700)={0x1, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000027c0)={0xc, 0x1c, &(0x7f0000002440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x7}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @func={0x85, 0x0, 0x1, 0x0, 0x7}, @ldst={0x2, 0x0, 0x4, 0x9, 0x2, 0x0, 0x8}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7fff}}, @map_fd={0x18, 0x3, 0x1, 0x0, r4}]}, &(0x7f0000002540)='GPL\x00', 0x6, 0x6e, &(0x7f0000002580)=""/110, 0x41000, 0x45, '\x00', r5, @fallback=0x36, r1, 0x8, &(0x7f00000026c0)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, r6, r1, 0x2, &(0x7f0000002740)=[r1], &(0x7f0000002780)=[{0x2, 0x4, 0xb, 0x4}, {0x3, 0x2, 0x3, 0xa}], 0x10, 0x9, @void, @value}, 0x94) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f0000002880)={0xffffffffffffffff, 0x0, 0x68, 0x8, @vifc_lcl_addr=@rand_addr=0x64010101, @multicast2}, 0x10) r7 = socket$inet_icmp(0x2, 0x2, 0x1) ioctl$TCSETS(r1, 0x5402, &(0x7f00000028c0)={0x2, 0x6, 0x80000001, 0xffffffff, 0x7, "47c906bd00dad7d000fc7e9145f41da16abdf2"}) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r7, 0xf503, 0x0) r8 = openat$urandom(0xffffffffffffff9c, &(0x7f0000002900), 0x400, 0x0) fchmod(r8, 0x148) ioctl$GIO_UNIMAP(r1, 0x4b66, &(0x7f0000002980)={0x3, &(0x7f0000002940)=[{}, {}, {}]}) quotactl$Q_GETFMT(0xffffffff80000400, &(0x7f00000029c0)=@loop={'/dev/loop', 0x0}, r3, &(0x7f0000002a00)) r9 = socket(0xc, 0x2, 0xfffffffd) getsockopt$inet_IP_XFRM_POLICY(r9, 0x0, 0x11, &(0x7f0000002a40)={{{@in=@empty, @in6=@empty}}, {{@in6=@empty}, 0x0, @in=@initdev}}, &(0x7f0000002b40)=0xe8) socket(0x21, 0xa, 0x1) fcntl$getownex(r8, 0x10, &(0x7f0000002c00)={0x0, 0x0}) perf_event_open(&(0x7f0000002b80)={0x3, 0x80, 0x8, 0xc, 0x83, 0xc7, 0x0, 0x0, 0x100, 0x7, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x4, @perf_config_ext={0x7c9, 0x4}, 0x4000, 0xee2c, 0x3, 0x2, 0x2, 0x4, 0x100, 0x0, 0xffffffff, 0x0, 0x4}, r10, 0xc, 0xffffffffffffffff, 0x0) 1.234500893s ago: executing program 3 (id=904): r0 = io_uring_setup(0x194b, &(0x7f0000000080)={0x0, 0x10000000, 0x1000, 0x0, 0x1d4}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x4000) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200000200f100850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r2}, 0x10) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) pwritev(r3, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd", 0x2}], 0x1, 0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000280)={0xd, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000100)=""/189, 0xbd}, {&(0x7f0000000000)=""/21, 0x15}, {&(0x7f0000000300)=""/195, 0xc3}, {&(0x7f0000000400)=""/130, 0x82}, {&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/81, 0x51}], &(0x7f0000001540)=[0x7, 0x7, 0x16d, 0x8, 0x6, 0x8, 0x40, 0x6, 0x100], 0x6}, 0x20) r4 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0xf0, 0xfd, 0x0, 0x0, 0x0, 0x7, 0xa0110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_config_ext={0xe6, 0x2}, 0x11c288, 0xc, 0x0, 0x3, 0x40, 0xfffffffe, 0x1}, 0x0, 0x3, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_genetlink_get_family_id$tipc(&(0x7f0000001700), r4) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000002700)=""/4084, 0xff4}], &(0x7f0000000200), 0x1}, 0x20) 1.233940943s ago: executing program 4 (id=905): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000500)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$evdev(&(0x7f0000001900), 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000d80)) read$hidraw(r1, 0x0, 0x49) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet_sctp(0x2, 0x5, 0x84) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000007c0), r3) sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)={0x24, r4, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x44801}, 0x40) sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000006c0)={0x24, r4, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8040}, 0x40) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x820901) write$char_usb(r5, &(0x7f0000000040)="e2", 0x1068) r6 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f0000000180)={0x0, 0x2}, 0x8) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x100, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r8}, 0x10) sendto$inet6(r6, &(0x7f0000000080)="be", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) 1.192206593s ago: executing program 1 (id=906): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ptrace$peekuser(0x3, 0x0, 0x200) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000080), 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV") 1.191270544s ago: executing program 3 (id=907): r0 = socket(0x10, 0x803, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x3c) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r2, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) r3 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000240)='devices.allow\x00', 0x2, 0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r3, 0x8008f512, &(0x7f0000000340)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x50, &(0x7f0000000000)=0x4, 0x4) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10) r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setuid(0xee00) sched_setaffinity(r7, 0x0, 0x0) r8 = socket(0x10, 0x803, 0x4) sendmsg$nl_route(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x7400, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r9}}, 0x24}}, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x264, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x238, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x64}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x112}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x30}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_SREG={0x8, 0x7, 0x1, 0x0, 0x2}]}}}, {0x38, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xd}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0x13}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xd}]}}}, {0x1c, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_INNER_NUM={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @quota={{0xa}, @void}}, {0x184, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x174, 0x2, 0x0, 0x1, [@NFTA_DYNSET_SET_ID={0x8}, @NFTA_DYNSET_SET_ID={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_DYNSET_SREG_KEY={0x8, 0x4, 0x1, 0x0, 0x10}, @NFTA_DYNSET_EXPRESSIONS={0x11c, 0xa, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @dup={{0x8}, @void}}, {0x40, 0x1, 0x0, 0x1, @dup={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x10}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x2f}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0xd}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x13}]}}}, {0x54, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0xe}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0xc, 0x1, 0x0, 0x1, @fib={{0x8}, @void}}, {0x14, 0x1, 0x0, 0x1, @byteorder={{0xe}, @void}}, {0x10, 0x1, 0x0, 0x1, @lookup={{0xb}, @void}}, {0x10, 0x1, 0x0, 0x1, @queue={{0xa}, @void}}, {0x10, 0x1, 0x0, 0x1, @lookup={{0xb}, @void}}, {0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}, {0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_TTL={0x5, 0x2, 0x1}]}}}]}, @NFTA_DYNSET_SREG_DATA={0x8, 0x5, 0x1, 0x0, 0xb}, @NFTA_DYNSET_EXPR={0x2c, 0x7, 0x0, 0x1, {{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LOOKUP_DREG={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_LOOKUP_DREG={0x8, 0x3, 0x1, 0x0, 0x12}, @NFTA_LOOKUP_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}]}}}, @NFTA_DYNSET_SET_ID={0x8, 0x2, 0x1, 0x0, 0x3}]}}}, {0x10, 0x1, 0x0, 0x1, @bitwise={{0xc}, @void}}]}]}], {0x14}}, 0x28c}}, 0x0) 1.086321865s ago: executing program 3 (id=908): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000500)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$evdev(&(0x7f0000001900), 0x0, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000d80)) read$hidraw(r1, 0x0, 0x49) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet_sctp(0x2, 0x5, 0x84) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f00000007c0), r4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000800)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)={0x24, r5, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x44801}, 0x40) sendmsg$BATADV_CMD_SET_MESH(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000006c0)={0x24, r5, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8040}, 0x40) (fail_nth: 1) r7 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x820901) write$char_usb(r7, &(0x7f0000000040)="e2", 0x1068) r8 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f0000000180)={0x0, 0x2}, 0x8) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r9, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x100, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r10}, 0x10) sendto$inet6(r8, &(0x7f0000000080)="be", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) 1.052068966s ago: executing program 1 (id=909): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000300)=[@in6={0xa, 0x4e21, 0x10, @private1, 0x6}]}, &(0x7f0000000280)=0x10) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000240)={r1, 0xd, "d656c9a61490b7e8773ca55437"}, &(0x7f0000000180)=0x15) 752.67222ms ago: executing program 0 (id=912): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xc8}}, 0x20050800) 731.5961ms ago: executing program 0 (id=913): bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0xa, 0x7, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$inet6(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000300012800b00010065727370616e000020000280040012000500160002000000060018"], 0x50}}, 0x0) sendto$inet6(r1, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 686.05667ms ago: executing program 0 (id=914): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18) mkdirat(0xffffffffffffffff, 0x0, 0x0) 662.970571ms ago: executing program 0 (id=915): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x65, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x3}}) close_range(r2, 0xffffffffffffffff, 0x400000000000000) 595.892102ms ago: executing program 0 (id=916): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0xfe58}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x3c, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_config_ext={0x3, 0x1}, 0x18002, 0x8002, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$binfmt_aout(r2, &(0x7f00000001c0)=ANY=[@ANYRESHEX], 0x20) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'netpci0\x00', 0x2}) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000000380)=ANY=[@ANYBLOB="01000004"]) 588.258892ms ago: executing program 4 (id=917): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000d80)=ANY=[@ANYBLOB="4801000010001307000000000000000000000000000000000000000000000001fe8000000000000000000000000000bb00000000000000010000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000332000000fe880000000000000000000000970001ffffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc7fffffffffffff0000000000000000fcffffffffffffff000000000000000000000000000000000000000002000000fdffffff000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008001d000000000008001e000010000004532cd4b0408e512fc91c2de348555f0fa93e57c2bff167f9f63f183ae8"], 0x148}, 0x1, 0x0, 0x0, 0x8000}, 0x0) (fail_nth: 2) 563.241432ms ago: executing program 4 (id=918): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$selinux_user(r2, &(0x7f0000000080)=ANY=[], 0x27) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket(0x10, 0x803, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x24040084) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), 0xffffffffffffffff) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r8}, 0x10) syz_emit_ethernet(0x56, &(0x7f00000004c0)=ANY=[@ANYBLOB="bbbbbbbbbbbb863f187dc8f886dd637caa2700203c01fc010000000012000000000000000000ff0200"/53], 0x0) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f0000000840)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x20, r7, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_SEC_LEVEL={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x804c044}, 0x80) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r12 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r12, &(0x7f0000000ac0)=[{&(0x7f0000000300)="916a5459cc4f868ca32c5ec6f9281ba9bfdb1b125d7cb86b5e85e89137c6fe77754f6c552a4214e90a941d79f7c8106a9ead4fc0eeafc420ba24956170a42e6f8665321b5fba8b75b70b28ef482d2df8a307e3e300ea82de940e43112be521a0ceb822c9f11ed6f9753c372e97a5526b1b82b232c28836e1ad53db24dcd50a8534b6d0cb3e8585ebe1d7d7771fa8", 0x8e}, {&(0x7f0000000b80)="39f50911cfb273db43bedabc4f6937a0a358d7d6f385a03f160edc8a59630a3a43db592710dc974ee88d256e64bf17307d523e44a797e7c0ae764ed2136a6dbaed71c63f5e5fca2319c6f4361f11dac048dfe9fc36b203a4c0cd8da9d9e073d51f53443e3096d727fc979bbd024e", 0x6e}, {&(0x7f00000003c0)="41540a6a061984031b95bd3c29279bc8a8753e577904b3024669b3b976ce782610afd7b40950fa369394d99d136e37ac37b21d0f7dbddcddcd3ffad50853f1be9904f34768b472e978cc01c52013a3e45731eff9609059c63dcc3ed0492acca523f090ff9e798d97b9207a73c623655e00381e5c1e248c589e7055ea083b61a182f7004cc61403526981835571fdf7c9ff10068569149c4a824ae4f88923876ac2a34209aa29156d677c4d8a51b94ccf28f33c2c44df556970c68e9e14faa69b04da9304edaef13193db6b4ce640c22a182364ab1cad5a742a45b0fd3f0191e1136d8aefe684624697c24ed9532f7d98a46cb97ee02adb2e86e7", 0xfa}, {&(0x7f00000007c0)="231ccc7382f6c8dd1047c84acf4dfc7bff5fe7e0810000000010758248fb2781c5cb44a6316a7b8cb536c033b979c6a9c6d449c946f862425f20eaeb8b753eef34ca2655a32a4bb60e590e13a37c3a6f5faaf8ad24642cc431b99fb6f2b87c34a29086ffccee2f62394c4a5a45022a4040138f81b18484d9147389619453a8aa961bf778735f162af626b1dc172cdc4d910ca08e4846292c226a43719191b0d9f6863d7a245d074d1b3207d814b4395155720ef765cfa1cfa45231172657689dae36043b867925bd7ca654e0e516faf43e3dbb840f6eb07ee476029b3288bb0dd4ef864b", 0xe4}, {&(0x7f00000001c0)="8c5289e3b0abe2189fbb1d56", 0xc}, {&(0x7f0000001a40)="2fb2903f3bc932bc531aff77387bfc8f0c10fccf549fa47ad742f2c5e9be2ef774b69a336652002f3d8896c88dd570b1a9c91afab7feccf2c04a5030880942f2ac5d980356f36fcfbb9686bca48ab741feaf8a218b2e8e15c6274fc694b948284167bc184de75782c459eb4db78f6b464835d434732ee1a4cf6a39fb3d236734163b93b30dff79f8b967243e58668ed5d44b071e3a316716e14252aa9582ddd406d3f4f0d7ec34303f50a6a5828fafdd9f0ce3107356b2c47cdbdd6f6a1dbe98a7e270d317e4fd631efa96ff87656e1a5c3b0b51919a1e8c030c363d5ae298494ad444c535d01f3656dfbfb2855b34c58236df831f87fab9049dee975158b10daad6d5d3c8a93405a0097ec098d323dcf59d190c8cc61aec092342f3b465c0dce57581c35df3b49f207247cc58edabdde8a54a759fb23840f168a0b92d38f11e0b1df360abb43ece84a15ebdbb78efc655f2f45a5230479e4d543af375226ae11c2c3571a33c14b131929bd1bd5d96597009b28c664a6257e2ab", 0x17a}], 0x6) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r11, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x40) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r12, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x1100, 0x5dd8, 0x0, 0x5, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_io_uring_setup(0x2695, &(0x7f0000000500)={0x0, 0x2d2b, 0x2000, 0x2, 0x23c, 0x0, r12}, &(0x7f0000000240), &(0x7f0000000580)) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000000)={[{@errors_remount}, {@nobh}]}, 0x3, 0x519, &(0x7f0000001300)="$eJzs3c9vI1cdAPDvTOJtsptiFxAqlSgVLcpWsHbS0DZCCMoFTpWAcl9C4kRR7DiKnbKJKkjFf4CQQOLEiQsSfwBS1QN/AKpUCS6IAwIEQrCFA+JHB9ke041jJ6k2yezGn4/04vdmxvN9byy/+eGXmQAm1lMR8VJETEXEsxFRzqeneYrDfuou987d11a7KYkse+WvSST5tMG6uuXpiLiRv20mIr725YhvJsfjtvcPtlYajfpuXq51mju19v7Brc3mykZ9o769tLT4wvKLy88vL2S5+2pnZZD5yZc+/8anv/W723+++e1utT73kSjFUDvOU7/ppd62GOhuo92LCFaAqbw9paIrAgDAmXSP8T8YEZ/oHf+XY6p3NDdkqoiaAQAAAOcl+8Jc/CeJyAAAAIArK42IuUjSaj4WYC7S9Fp+beDDcT1ttNqdT6239rbXuvMiKlFK1zcb9YV8rHAlSkm3vJiPsR2UnxsqL0XEYxHx/fJsr1xdbTXWCr72AQAAAJPixtD5/z/KaS9/uhH/JwAAAAA8uCpjCwAAAMBV4ZQfAAAArr7h8/83CqoHAAAAcCG+8vLL3ZQNnn+99ur+3lbr1Vtr9fZWtbm3Wl1t7e5UN1qtjd49+5qnra/Rau18Jrb37tQ69Xan1t4/uN1s7W13bm8eeQQ2AAAAcIke+/ibv04i4vCzs70U+X0AAY74Q9EVAM7TVNEVAArjLt4wuUpFVwAoXHLKfIN3AADg4Tf/0eO//w+e/+/aAFxtxvoAwOSZjtmiqwAUpGQEIEy0NCI+0M8+Mm6Zsb////KsUbIs4q3yvVNcXwQAgMs110tJWs3PA+YiTavViEcj0kqUkvXNRn0hPz/4Vbn0SLe82HtncuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgL8uSyAAAAIArLSL9U9K7m3/EfPmZueHrA9eSf5bjj3nhR6/84M5Kp7O72J3+t96zvK5FROeH+fTnxj4+DAAAADhvyeHYWf3z9Px18VJrBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAEeOfua6uDdJlx//LFiKiMij8dM73XmShFxPW/JzF9z/uSiJg6h/iHr0fE46PiJ/FulmWVvBbD8dOImL3g+JXephkf/8Y5xIdJ9ma3/3lp1Pcvjad6r6O/f9N5ul/j+780j/x4r58b1f89emxtzZExnnj7Z7Wx8V+PeGJ6dP8z6H+TMfGfPra2f2dZdjzGN75+cDAufvbjiPmR+5/kSKxap7lTa+8f3NpsrmzUN+rbS0uLLyy/uPz88kJtfbNRz/+OjPG9j/383ZPaf31E/N/+pt//ntT+Z8atdMh/375z90P9bGlU/JtPj9z/zsSY+Gm+7/tknu/Onx/kD/v5ez3507eePKn9a2O2/2mf/80ztv/Zr37392dcFAC4BO39g62VRqO+e0Jm5gzLPIyZX8w8ENV4n5nsO/1P7oRlysXV8F9nXrh7tPrelEGrCt+8RzLZpcWaigekyf/PFNotAQAAF+C9g/6iawIAAAAAAAAAAAAAAAAAAACT6zJuJzYc87CYpgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnOh/AQAA///uxuBB") 442.004744ms ago: executing program 3 (id=919): r0 = perf_event_open(&(0x7f0000004cc0)={0x1, 0x80, 0x2, 0x0, 0xfd, 0x0, 0x0, 0x9, 0x400, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xaf1d, 0x1, @perf_bp={0x0, 0x1}, 0x100410, 0x9, 0xa18a, 0x1, 0x9, 0x9, 0xfffd, 0x0, 0x0, 0x0, 0xf}, 0x0, 0xffffffffffffdfff, 0xffffffffffffffff, 0x1) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r0], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) ioctl$TUNSETCARRIER(r3, 0x400454e2, &(0x7f0000000040)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f00000002c0)='mm_page_alloc\x00', r2}, 0x10) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x9, 0x5, 0x9fd, 0x84, 0x0, 0xffffffffffffffff, 0xfffffffe, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000040)={0x3, &(0x7f0000000340)=[{0x80, 0x7, 0xa1, 0x462}, {0x4000, 0x9, 0xfa, 0xf999}, {0x3, 0xc, 0x5, 0x8}]}, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r8}, 0x10) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f0000000300)={[{@noauto_da_alloc}, {@errors_remount}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") socket$xdp(0x2c, 0x3, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_getevents(r10, 0x4, 0x4, &(0x7f00000000c0)=[{}, {}, {}, {}], 0x0) io_submit(r10, 0x1, &(0x7f0000000300)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r9, 0x0}]) 441.561934ms ago: executing program 0 (id=920): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000), 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x48) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000400)={0xa}) epoll_pwait(r1, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0) 335.974045ms ago: executing program 2 (id=921): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f80)={0x18, 0x3e, 0x103, 0x70bd26, 0x25dfdbfe, {0x1, 0x7c}, [@nested={0x4, 0x3}]}, 0x18}, 0x1, 0x0, 0x0, 0x488c0}, 0x8080) 299.518116ms ago: executing program 2 (id=922): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000000)={{r1}, &(0x7f0000000040), &(0x7f0000000280)='%pS \x00'}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r0, &(0x7f00000057c0)=[{{0x0, 0x9400, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0}, {&(0x7f00000017c0)=""/130, 0x94}], 0x2}, 0xa1}], 0x2, 0x0, 0x0) 180.790427ms ago: executing program 1 (id=923): mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r0 = openat$selinux_policy(0xffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r0, 0x0) 100.621938ms ago: executing program 4 (id=924): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0xc8}}, 0x20050800) 94.631738ms ago: executing program 1 (id=925): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18) mkdirat(0xffffffffffffffff, 0x0, 0x0) 41.657269ms ago: executing program 4 (id=926): bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001900)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) r0 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x0) preadv2(r0, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=927): bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0xa, 0x7, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$inet6(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000300012800b00010065727370616e000020000280040012000500160002000000060018"], 0x50}}, 0x0) sendto$inet6(r1, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) kernel console output (not intermixed with test programs): /0x160 [ 53.513047][ T4209] ? __pfx_inotify_release+0x10/0x10 [ 53.513152][ T4209] fsnotify_destroy_group+0x53/0x180 [ 53.513196][ T4209] ? __rcu_read_unlock+0x4f/0x70 [ 53.513226][ T4209] inotify_release+0x1f/0x30 [ 53.513258][ T4209] __fput+0x298/0x650 [ 53.513343][ T4209] fput_close_sync+0x6e/0x120 [ 53.513375][ T4209] __x64_sys_close+0x56/0xf0 [ 53.513472][ T4209] x64_sys_call+0x2747/0x2fb0 [ 53.513521][ T4209] do_syscall_64+0xd0/0x1a0 [ 53.513553][ T4209] ? clear_bhb_loop+0x25/0x80 [ 53.513644][ T4209] ? clear_bhb_loop+0x25/0x80 [ 53.513750][ T4209] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.513779][ T4209] RIP: 0033:0x7fda0457e969 [ 53.513799][ T4209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.513834][ T4209] RSP: 002b:00007fda02be7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 53.513858][ T4209] RAX: ffffffffffffffda RBX: 00007fda047a5fa0 RCX: 00007fda0457e969 [ 53.513875][ T4209] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 53.513890][ T4209] RBP: 00007fda02be7090 R08: 0000000000000000 R09: 0000000000000000 [ 53.513906][ T4209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 53.513922][ T4209] R13: 0000000000000000 R14: 00007fda047a5fa0 R15: 00007ffea5f182e8 [ 53.513972][ T4209] [ 53.586661][ T4210] loop4: detected capacity change from 0 to 512 [ 53.599841][ T4201] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 53.606217][ T4210] EXT4-fs: Ignoring removed nobh option [ 53.844085][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.871232][ T4210] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #16: comm syz.4.222: corrupted inode contents [ 53.888784][ T4210] EXT4-fs (loop4): Remounting filesystem read-only [ 53.896238][ T4210] EXT4-fs (loop4): 1 truncate cleaned up [ 53.902751][ T4210] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.916953][ T4210] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.927721][ T4025] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 53.938502][ T4025] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 53.953549][ T4210] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.963294][ T4025] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 53.990738][ T4216] loop1: detected capacity change from 0 to 512 [ 54.018628][ T4216] EXT4-fs (loop1): 1 orphan inode deleted [ 54.025110][ T4216] ext4 filesystem being mounted at /49/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.047089][ T4025] EXT4-fs error (device loop1): ext4_release_dquot:6971: comm kworker/u8:43: Failed to release dquot type 1 [ 54.084805][ T4228] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 54.093865][ T4229] loop4: detected capacity change from 0 to 512 [ 54.118420][ T4229] EXT4-fs error (device loop4): ext4_acquire_dquot:6935: comm syz.4.229: Failed to acquire dquot type 1 [ 54.130406][ T4229] EXT4-fs (loop4): 1 truncate cleaned up [ 54.137121][ T4229] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.371678][ T4247] loop2: detected capacity change from 0 to 512 [ 54.390967][ T4247] EXT4-fs (loop2): orphan cleanup on readonly fs [ 54.427743][ T4254] netlink: 35 bytes leftover after parsing attributes in process `syz.3.240'. [ 54.431094][ T4247] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.237: bg 0: block 248: padding at end of block bitmap is not set [ 54.436788][ T4254] netlink: 8 bytes leftover after parsing attributes in process `syz.3.240'. [ 54.474724][ T4247] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.237: Failed to acquire dquot type 1 [ 54.493609][ T4247] EXT4-fs (loop2): 1 truncate cleaned up [ 54.501556][ T4258] loop3: detected capacity change from 0 to 2048 [ 54.683409][ T4269] loop0: detected capacity change from 0 to 1024 [ 54.692959][ T4270] loop1: detected capacity change from 0 to 1024 [ 54.702175][ T4269] EXT4-fs: Ignoring removed bh option [ 54.708667][ T4270] EXT4-fs: Ignoring removed bh option [ 54.770804][ T4278] loop0: detected capacity change from 0 to 128 [ 54.829273][ T4278] FAULT_INJECTION: forcing a failure. [ 54.829273][ T4278] name failslab, interval 1, probability 0, space 0, times 0 [ 54.842224][ T4278] CPU: 1 UID: 0 PID: 4278 Comm: syz.0.249 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 54.842259][ T4278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 54.842274][ T4278] Call Trace: [ 54.842282][ T4278] [ 54.842292][ T4278] __dump_stack+0x1d/0x30 [ 54.842320][ T4278] dump_stack_lvl+0xe8/0x140 [ 54.842339][ T4278] dump_stack+0x15/0x1b [ 54.842360][ T4278] should_fail_ex+0x265/0x280 [ 54.842428][ T4278] should_failslab+0x8c/0xb0 [ 54.842465][ T4278] __kmalloc_noprof+0xa5/0x3e0 [ 54.842534][ T4278] ? alloc_pipe_info+0x1c9/0x350 [ 54.842631][ T4278] alloc_pipe_info+0x1c9/0x350 [ 54.842659][ T4278] splice_direct_to_actor+0x592/0x680 [ 54.842687][ T4278] ? kstrtouint_from_user+0x9f/0xf0 [ 54.842754][ T4278] ? __pfx_direct_splice_actor+0x10/0x10 [ 54.842778][ T4278] ? __rcu_read_unlock+0x4f/0x70 [ 54.842804][ T4278] ? avc_policy_seqno+0x15/0x30 [ 54.842848][ T4278] do_splice_direct+0xda/0x150 [ 54.842874][ T4278] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 54.842935][ T4278] do_sendfile+0x380/0x640 [ 54.842977][ T4278] __x64_sys_sendfile64+0x105/0x150 [ 54.843037][ T4278] x64_sys_call+0xb39/0x2fb0 [ 54.843063][ T4278] do_syscall_64+0xd0/0x1a0 [ 54.843091][ T4278] ? clear_bhb_loop+0x25/0x80 [ 54.843192][ T4278] ? clear_bhb_loop+0x25/0x80 [ 54.843219][ T4278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.843242][ T4278] RIP: 0033:0x7f063213e969 [ 54.843256][ T4278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.843272][ T4278] RSP: 002b:00007f06307a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 54.843289][ T4278] RAX: ffffffffffffffda RBX: 00007f0632365fa0 RCX: 00007f063213e969 [ 54.843324][ T4278] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006 [ 54.843382][ T4278] RBP: 00007f06307a7090 R08: 0000000000000000 R09: 0000000000000000 [ 54.843397][ T4278] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001 [ 54.843444][ T4278] R13: 0000000000000000 R14: 00007f0632365fa0 R15: 00007ffed72ddea8 [ 54.843461][ T4278] [ 55.109449][ T4293] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4293 comm=syz.0.253 [ 55.122120][ T4292] loop1: detected capacity change from 0 to 2048 [ 55.158733][ T4297] SELinux: syz.3.257 (4297) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 55.182562][ T4297] loop3: detected capacity change from 0 to 512 [ 55.189552][ T4297] EXT4-fs: Ignoring removed nobh option [ 55.219757][ T4301] loop0: detected capacity change from 0 to 512 [ 55.237271][ T4297] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #16: comm syz.3.257: corrupted inode contents [ 55.250352][ T4297] EXT4-fs (loop3): Remounting filesystem read-only [ 55.252549][ T4301] random: crng reseeded on system resumption [ 55.257304][ T4297] EXT4-fs (loop3): 1 truncate cleaned up [ 55.270102][ T4297] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.329486][ T4307] loop4: detected capacity change from 0 to 1024 [ 55.338639][ T4027] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 55.339568][ T4307] EXT4-fs: Ignoring removed bh option [ 55.349241][ T4027] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 55.365228][ T4027] __quota_error: 173 callbacks suppressed [ 55.365322][ T4027] Quota error (device loop3): write_blk: dquota write failed [ 55.374784][ T29] audit: type=1326 audit(1746791969.231:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4300 comm="syz.0.258" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f063213e969 code=0x0 [ 55.379477][ T4027] Quota error (device loop3): free_dqentry: Can't move quota data block (5) to free list [ 55.381064][ T4027] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 55.422756][ T4027] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 55.423815][ T4027] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 55.481504][ T29] audit: type=1400 audit(1746791969.331:620): avc: denied { name_bind } for pid=4311 comm="syz.1.261" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 55.502686][ T29] audit: type=1400 audit(1746791969.331:621): avc: denied { node_bind } for pid=4311 comm="syz.1.261" saddr=::1 src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 55.541608][ T29] audit: type=1326 audit(1746791969.391:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4311 comm="syz.1.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42cb80e969 code=0x7ffc0000 [ 55.565204][ T29] audit: type=1326 audit(1746791969.391:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4311 comm="syz.1.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=241 compat=0 ip=0x7f42cb80e969 code=0x7ffc0000 [ 55.565681][ T4317] FAULT_INJECTION: forcing a failure. [ 55.565681][ T4317] name failslab, interval 1, probability 0, space 0, times 0 [ 55.588913][ T29] audit: type=1326 audit(1746791969.391:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4311 comm="syz.1.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42cb80e969 code=0x7ffc0000 [ 55.601493][ T4317] CPU: 1 UID: 0 PID: 4317 Comm: syz.4.263 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 55.601527][ T4317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 55.601542][ T4317] Call Trace: [ 55.601551][ T4317] [ 55.601561][ T4317] __dump_stack+0x1d/0x30 [ 55.601648][ T4317] dump_stack_lvl+0xe8/0x140 [ 55.601673][ T4317] dump_stack+0x15/0x1b [ 55.601695][ T4317] should_fail_ex+0x265/0x280 [ 55.601743][ T4317] should_failslab+0x8c/0xb0 [ 55.601774][ T4317] __kmalloc_cache_node_noprof+0x54/0x320 [ 55.601802][ T4317] ? __get_vm_area_node+0x106/0x1c0 [ 55.601832][ T4317] __get_vm_area_node+0x106/0x1c0 [ 55.601914][ T4317] get_vm_area+0x46/0x60 [ 55.601940][ T4317] ? arena_map_alloc+0x1e6/0x370 [ 55.601963][ T4317] arena_map_alloc+0x1e6/0x370 [ 55.601999][ T4317] map_create+0x840/0xb90 [ 55.602035][ T4317] ? security_bpf+0x2b/0x90 [ 55.602069][ T4317] __sys_bpf+0x5ab/0x790 [ 55.602113][ T4317] __x64_sys_bpf+0x41/0x50 [ 55.602228][ T4317] x64_sys_call+0x2478/0x2fb0 [ 55.602263][ T4317] do_syscall_64+0xd0/0x1a0 [ 55.602292][ T4317] ? clear_bhb_loop+0x25/0x80 [ 55.602320][ T4317] ? clear_bhb_loop+0x25/0x80 [ 55.602386][ T4317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.602413][ T4317] RIP: 0033:0x7f061befe969 [ 55.602434][ T4317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.602501][ T4317] RSP: 002b:00007f061a567038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 55.602524][ T4317] RAX: ffffffffffffffda RBX: 00007f061c125fa0 RCX: 00007f061befe969 [ 55.602540][ T4317] RDX: 0000000000000050 RSI: 0000200000000480 RDI: 0000000000000000 [ 55.602555][ T4317] RBP: 00007f061a567090 R08: 0000000000000000 R09: 0000000000000000 [ 55.602571][ T4317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 55.602586][ T4317] R13: 0000000000000001 R14: 00007f061c125fa0 R15: 00007ffc971d5dd8 [ 55.602609][ T4317] [ 55.845361][ T4321] netlink: 'syz.1.264': attribute type 4 has an invalid length. [ 55.868811][ T4326] loop0: detected capacity change from 0 to 512 [ 55.875608][ T4326] ext4: Unknown parameter 'permit_directio' [ 55.895314][ T4321] netlink: 'syz.1.264': attribute type 4 has an invalid length. [ 55.942515][ T4321] loop1: detected capacity change from 0 to 256 [ 56.232707][ T4355] loop1: detected capacity change from 0 to 2048 [ 56.330707][ T4358] netlink: 8 bytes leftover after parsing attributes in process `syz.1.277'. [ 56.504789][ T4363] FAULT_INJECTION: forcing a failure. [ 56.504789][ T4363] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 56.518143][ T4363] CPU: 1 UID: 0 PID: 4363 Comm: syz.2.279 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 56.518248][ T4363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 56.518310][ T4363] Call Trace: [ 56.518317][ T4363] [ 56.518326][ T4363] __dump_stack+0x1d/0x30 [ 56.518350][ T4363] dump_stack_lvl+0xe8/0x140 [ 56.518402][ T4363] dump_stack+0x15/0x1b [ 56.518423][ T4363] should_fail_ex+0x265/0x280 [ 56.518527][ T4363] should_fail+0xb/0x20 [ 56.518612][ T4363] should_fail_usercopy+0x1a/0x20 [ 56.518632][ T4363] _copy_to_user+0x20/0xa0 [ 56.518658][ T4363] simple_read_from_buffer+0xb5/0x130 [ 56.518681][ T4363] proc_fail_nth_read+0x100/0x140 [ 56.518767][ T4363] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 56.518792][ T4363] vfs_read+0x19d/0x6f0 [ 56.518814][ T4363] ? __rcu_read_unlock+0x4f/0x70 [ 56.518834][ T4363] ? __fget_files+0x184/0x1c0 [ 56.518902][ T4363] ? __traceiter_kfree+0x2b/0x50 [ 56.518939][ T4363] ksys_read+0xda/0x1a0 [ 56.518963][ T4363] __x64_sys_read+0x40/0x50 [ 56.519004][ T4363] x64_sys_call+0x2d77/0x2fb0 [ 56.519028][ T4363] do_syscall_64+0xd0/0x1a0 [ 56.519055][ T4363] ? clear_bhb_loop+0x25/0x80 [ 56.519080][ T4363] ? clear_bhb_loop+0x25/0x80 [ 56.519156][ T4363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.519176][ T4363] RIP: 0033:0x7fda0457d37c [ 56.519190][ T4363] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 56.519261][ T4363] RSP: 002b:00007fda02be7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 56.519282][ T4363] RAX: ffffffffffffffda RBX: 00007fda047a5fa0 RCX: 00007fda0457d37c [ 56.519293][ T4363] RDX: 000000000000000f RSI: 00007fda02be70a0 RDI: 0000000000000005 [ 56.519304][ T4363] RBP: 00007fda02be7090 R08: 0000000000000000 R09: 0000000000000000 [ 56.519315][ T4363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 56.519327][ T4363] R13: 0000000000000000 R14: 00007fda047a5fa0 R15: 00007ffea5f182e8 [ 56.519395][ T4363] [ 56.839275][ T4367] loop2: detected capacity change from 0 to 512 [ 56.846246][ T4367] ext4: Unknown parameter 'permit_directio' [ 57.025081][ T4378] netlink: 4 bytes leftover after parsing attributes in process `syz.2.286'. [ 57.103268][ T4381] loop4: detected capacity change from 0 to 512 [ 57.167339][ T4381] EXT4-fs (loop4): orphan cleanup on readonly fs [ 57.177481][ T4381] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.288: bg 0: block 248: padding at end of block bitmap is not set [ 57.210035][ T4381] EXT4-fs error (device loop4): ext4_acquire_dquot:6935: comm syz.4.288: Failed to acquire dquot type 1 [ 57.274964][ T4381] EXT4-fs (loop4): 1 truncate cleaned up [ 57.495733][ T4402] loop3: detected capacity change from 0 to 1024 [ 57.653192][ T4415] FAULT_INJECTION: forcing a failure. [ 57.653192][ T4415] name failslab, interval 1, probability 0, space 0, times 0 [ 57.666522][ T4415] CPU: 1 UID: 0 PID: 4415 Comm: syz.1.301 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 57.666559][ T4415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 57.666576][ T4415] Call Trace: [ 57.666583][ T4415] [ 57.666664][ T4415] __dump_stack+0x1d/0x30 [ 57.666693][ T4415] dump_stack_lvl+0xe8/0x140 [ 57.666736][ T4415] dump_stack+0x15/0x1b [ 57.666758][ T4415] should_fail_ex+0x265/0x280 [ 57.666902][ T4415] should_failslab+0x8c/0xb0 [ 57.666939][ T4415] kmem_cache_alloc_noprof+0x50/0x310 [ 57.666981][ T4415] ? security_inode_alloc+0x37/0x100 [ 57.667010][ T4415] security_inode_alloc+0x37/0x100 [ 57.667086][ T4415] inode_init_always_gfp+0x4b7/0x500 [ 57.667122][ T4415] ? __pfx_sock_alloc_inode+0x10/0x10 [ 57.667155][ T4415] alloc_inode+0x58/0x170 [ 57.667181][ T4415] __sock_create+0x122/0x5b0 [ 57.667272][ T4415] ? kstrtoull+0x111/0x140 [ 57.667308][ T4415] sock_create_kern+0x38/0x50 [ 57.667412][ T4415] mptcp_subflow_create_socket+0x84/0x630 [ 57.667491][ T4415] __mptcp_nmpc_sk+0xb3/0x3b0 [ 57.667520][ T4415] mptcp_setsockopt+0xfbf/0x2480 [ 57.667547][ T4415] sock_common_setsockopt+0x66/0x80 [ 57.667610][ T4415] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 57.667648][ T4415] __sys_setsockopt+0x181/0x200 [ 57.667702][ T4415] __x64_sys_setsockopt+0x64/0x80 [ 57.667745][ T4415] x64_sys_call+0x2bd5/0x2fb0 [ 57.667799][ T4415] do_syscall_64+0xd0/0x1a0 [ 57.667827][ T4415] ? clear_bhb_loop+0x25/0x80 [ 57.667857][ T4415] ? clear_bhb_loop+0x25/0x80 [ 57.667939][ T4415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.668002][ T4415] RIP: 0033:0x7f42cb80e969 [ 57.668167][ T4415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.668191][ T4415] RSP: 002b:00007f42c9e77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 57.668216][ T4415] RAX: ffffffffffffffda RBX: 00007f42cba35fa0 RCX: 00007f42cb80e969 [ 57.668233][ T4415] RDX: 0000000000000017 RSI: 0000000000000006 RDI: 0000000000000003 [ 57.668248][ T4415] RBP: 00007f42c9e77090 R08: 0000000000000004 R09: 0000000000000000 [ 57.668259][ T4415] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 57.668271][ T4415] R13: 0000000000000000 R14: 00007f42cba35fa0 R15: 00007fff973d4658 [ 57.668356][ T4415] [ 57.668372][ T4415] socket: no more sockets [ 58.434921][ T4430] loop4: detected capacity change from 0 to 512 [ 58.450923][ T4334] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 58.458717][ T4334] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 58.524352][ T4430] EXT4-fs (loop4): orphan cleanup on readonly fs [ 58.539069][ T4430] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.306: bg 0: block 248: padding at end of block bitmap is not set [ 58.623112][ T4430] EXT4-fs error (device loop4): ext4_acquire_dquot:6935: comm syz.4.306: Failed to acquire dquot type 1 [ 58.673814][ T4430] EXT4-fs (loop4): 1 truncate cleaned up [ 58.793310][ T4442] loop4: detected capacity change from 0 to 1024 [ 58.813040][ T4442] EXT4-fs: Ignoring removed bh option [ 59.171648][ T4334] loop0: detected capacity change from 0 to 256 [ 59.392578][ T4461] netlink: 8 bytes leftover after parsing attributes in process `syz.3.314'. [ 59.739070][ T4495] loop3: detected capacity change from 0 to 2048 [ 59.796411][ T3789] loop3: p3 < > p4 < > [ 59.800691][ T3789] loop3: partition table partially beyond EOD, truncated [ 59.819249][ T3789] loop3: p3 start 4284289 is beyond EOD, truncated [ 59.879081][ T4495] loop3: p3 < > p4 < > [ 59.883311][ T4495] loop3: partition table partially beyond EOD, truncated [ 59.908005][ T4495] loop3: p3 start 4284289 is beyond EOD, truncated [ 60.171283][ T4517] loop1: detected capacity change from 0 to 1024 [ 60.183071][ T4517] EXT4-fs: Ignoring removed nobh option [ 60.189960][ T4517] EXT4-fs: Ignoring removed bh option [ 60.380518][ T4537] SELinux: syz.0.331 (4537) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 60.424829][ T4537] loop0: detected capacity change from 0 to 512 [ 60.432250][ T4537] EXT4-fs: Ignoring removed nobh option [ 60.493985][ T4537] EXT4-fs error (device loop0): ext4_do_update_inode:5211: inode #16: comm syz.0.331: corrupted inode contents [ 60.522192][ T4549] loop4: detected capacity change from 0 to 2048 [ 60.538657][ T4537] EXT4-fs (loop0): Remounting filesystem read-only [ 60.545426][ T4537] EXT4-fs (loop0): 1 truncate cleaned up [ 60.551684][ T4537] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.563643][ T4011] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 60.574354][ T4011] __quota_error: 127 callbacks suppressed [ 60.574366][ T4011] Quota error (device loop0): write_blk: dquota write failed [ 60.587821][ T4011] Quota error (device loop0): remove_free_dqentry: Can't write block (5) with free entries [ 60.598079][ T4011] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 60.608914][ T4011] Quota error (device loop0): write_blk: dquota write failed [ 60.616502][ T4011] Quota error (device loop0): free_dqentry: Can't move quota data block (5) to free list [ 60.743414][ T4011] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 60.753764][ T4011] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 60.767507][ T4011] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 61.002299][ T29] audit: type=1400 audit(1746791974.851:748): avc: denied { ioctl } for pid=4577 comm="syz.4.339" path="socket:[6863]" dev="sockfs" ino=6863 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 61.093549][ T4584] loop4: detected capacity change from 0 to 1024 [ 61.111629][ T4584] EXT4-fs: Ignoring removed nobh option [ 61.117393][ T4584] EXT4-fs: Ignoring removed bh option [ 61.197752][ T4590] vlan0: entered allmulticast mode [ 61.242238][ T4590] vlan0: entered allmulticast mode [ 61.273088][ T29] audit: type=1400 audit(1746791975.121:749): avc: denied { create } for pid=4591 comm="syz.4.344" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 61.293468][ T29] audit: type=1400 audit(1746791975.121:750): avc: denied { connect } for pid=4591 comm="syz.4.344" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 61.313872][ T29] audit: type=1400 audit(1746791975.121:751): avc: denied { write } for pid=4591 comm="syz.4.344" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 61.360343][ T4590] vlan0: entered allmulticast mode [ 61.380707][ T4595] loop3: detected capacity change from 0 to 512 [ 61.390386][ T4595] EXT4-fs (loop3): orphan cleanup on readonly fs [ 61.411961][ T4595] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.345: bg 0: block 248: padding at end of block bitmap is not set [ 61.436118][ T4595] EXT4-fs error (device loop3): ext4_acquire_dquot:6935: comm syz.3.345: Failed to acquire dquot type 1 [ 61.452901][ T4590] vlan0: entered allmulticast mode [ 61.486693][ T4595] EXT4-fs (loop3): 1 truncate cleaned up [ 61.509858][ T4590] vlan0: entered allmulticast mode [ 61.565660][ T4590] vlan0: entered allmulticast mode [ 61.629164][ T4610] loop2: detected capacity change from 0 to 2048 [ 61.643894][ T4590] vlan0: entered allmulticast mode [ 61.681041][ T4611] netlink: 4 bytes leftover after parsing attributes in process `syz.1.348'. [ 61.723940][ T4617] loop2: detected capacity change from 0 to 512 [ 61.752226][ T4619] loop3: detected capacity change from 0 to 1024 [ 61.759524][ T4619] EXT4-fs: Ignoring removed nobh option [ 61.765265][ T4619] EXT4-fs: Ignoring removed bh option [ 61.771766][ T4617] ext4: Unknown parameter 'permit_directio' [ 61.862544][ T4624] netlink: 'syz.2.355': attribute type 16 has an invalid length. [ 61.870612][ T4624] netlink: 'syz.2.355': attribute type 17 has an invalid length. [ 61.901766][ T4590] vlan0: entered allmulticast mode [ 61.960675][ T4624] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 62.065501][ T4636] loop0: detected capacity change from 0 to 2048 [ 62.327863][ T4647] loop1: detected capacity change from 0 to 1024 [ 62.355035][ T4647] EXT4-fs: Ignoring removed nomblk_io_submit option [ 62.375639][ T4647] EXT4-fs: Mount option(s) incompatible with ext2 [ 62.434534][ T4649] loop4: detected capacity change from 0 to 2048 [ 62.574432][ T4654] loop3: detected capacity change from 0 to 512 [ 62.581338][ T4654] ext4: Unknown parameter 'permit_directio' [ 62.593119][ T4655] netlink: 8 bytes leftover after parsing attributes in process `syz.4.364'. [ 63.437310][ T4666] loop4: detected capacity change from 0 to 2048 [ 63.529036][ T4670] netlink: 8 bytes leftover after parsing attributes in process `syz.4.369'. [ 63.640799][ T4672] SELinux: Context system_u:object_r:mouse_device_t:s0 is not valid (left unmapped). [ 63.791834][ T4680] loop2: detected capacity change from 0 to 1024 [ 63.799248][ T4680] EXT4-fs: Ignoring removed bh option [ 63.834462][ T4680] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 63.851024][ T4680] EXT4-fs (loop2): Remounting filesystem read-only [ 63.966316][ T4697] loop2: detected capacity change from 0 to 512 [ 63.975195][ T4697] ext4: Unknown parameter 'permit_directio' [ 64.232099][ T4714] loop3: detected capacity change from 0 to 1024 [ 64.267116][ T4714] EXT4-fs: Ignoring removed nobh option [ 64.272806][ T4714] EXT4-fs: Ignoring removed bh option [ 64.614919][ T4749] netlink: 35 bytes leftover after parsing attributes in process `syz.0.390'. [ 64.624043][ T4749] netlink: 8 bytes leftover after parsing attributes in process `syz.0.390'. [ 64.742562][ T4765] dvmrp0: entered allmulticast mode [ 64.776353][ T4765] dvmrp0: left allmulticast mode [ 64.942155][ T4787] loop2: detected capacity change from 0 to 1024 [ 64.960443][ T4787] EXT4-fs: Ignoring removed nobh option [ 64.966200][ T4787] EXT4-fs: Ignoring removed bh option [ 65.190518][ T4807] dvmrp0: entered allmulticast mode [ 65.266128][ T4809] FAULT_INJECTION: forcing a failure. [ 65.266128][ T4809] name failslab, interval 1, probability 0, space 0, times 0 [ 65.279232][ T4809] CPU: 0 UID: 0 PID: 4809 Comm: syz.3.400 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 65.279266][ T4809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 65.279281][ T4809] Call Trace: [ 65.279302][ T4809] [ 65.279311][ T4809] __dump_stack+0x1d/0x30 [ 65.279332][ T4809] dump_stack_lvl+0xe8/0x140 [ 65.279351][ T4809] dump_stack+0x15/0x1b [ 65.279367][ T4809] should_fail_ex+0x265/0x280 [ 65.279441][ T4809] ? ip_ra_control+0xd6/0x2c0 [ 65.279570][ T4809] should_failslab+0x8c/0xb0 [ 65.279608][ T4809] __kmalloc_cache_noprof+0x4c/0x320 [ 65.279635][ T4809] ? __pfx_mrtsock_destruct+0x10/0x10 [ 65.279673][ T4809] ip_ra_control+0xd6/0x2c0 [ 65.279721][ T4809] ? __pfx_mrtsock_destruct+0x10/0x10 [ 65.279753][ T4809] ip_mroute_setsockopt+0x32b/0x960 [ 65.279911][ T4809] do_ip_setsockopt+0xcea/0x2240 [ 65.279941][ T4809] ip_setsockopt+0x58/0x110 [ 65.279999][ T4809] raw_setsockopt+0xbd/0x150 [ 65.280036][ T4809] sock_common_setsockopt+0x66/0x80 [ 65.280105][ T4809] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 65.280148][ T4809] __sys_setsockopt+0x181/0x200 [ 65.280190][ T4809] __x64_sys_setsockopt+0x64/0x80 [ 65.280242][ T4809] x64_sys_call+0x2bd5/0x2fb0 [ 65.280263][ T4809] do_syscall_64+0xd0/0x1a0 [ 65.280286][ T4809] ? clear_bhb_loop+0x25/0x80 [ 65.280307][ T4809] ? clear_bhb_loop+0x25/0x80 [ 65.280405][ T4809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.280440][ T4809] RIP: 0033:0x7f90bc28e969 [ 65.280457][ T4809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.280493][ T4809] RSP: 002b:00007f90ba8f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 65.280517][ T4809] RAX: ffffffffffffffda RBX: 00007f90bc4b5fa0 RCX: 00007f90bc28e969 [ 65.280532][ T4809] RDX: 00000000000000c8 RSI: 0000000000000000 RDI: 0000000000000005 [ 65.280604][ T4809] RBP: 00007f90ba8f7090 R08: 0000000000000004 R09: 0000000000000000 [ 65.280639][ T4809] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 65.280652][ T4809] R13: 0000000000000000 R14: 00007f90bc4b5fa0 R15: 00007ffd1d7eb078 [ 65.280673][ T4809] [ 65.702228][ T4828] loop2: detected capacity change from 0 to 1024 [ 65.715865][ T4828] EXT4-fs: Ignoring removed nobh option [ 65.721653][ T4828] EXT4-fs: Ignoring removed bh option [ 65.727788][ T4826] loop0: detected capacity change from 0 to 512 [ 65.734834][ T4826] ext4: Unknown parameter 'permit_directio' [ 65.868568][ T4835] loop4: detected capacity change from 0 to 1024 [ 65.902024][ T4835] EXT4-fs: Ignoring removed nomblk_io_submit option [ 65.909362][ T4841] SELinux: syz.0.414 (4841) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 65.946283][ T4835] EXT4-fs: Mount option(s) incompatible with ext2 [ 65.968977][ T4841] loop0: detected capacity change from 0 to 512 [ 65.975478][ T4841] EXT4-fs: Ignoring removed nobh option [ 66.013770][ T4841] EXT4-fs error (device loop0): ext4_do_update_inode:5211: inode #16: comm syz.0.414: corrupted inode contents [ 66.035054][ T4841] EXT4-fs (loop0): Remounting filesystem read-only [ 66.058253][ T4841] EXT4-fs (loop0): 1 truncate cleaned up [ 66.078218][ T4027] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 66.088920][ T4027] __quota_error: 99 callbacks suppressed [ 66.088932][ T4027] Quota error (device loop0): write_blk: dquota write failed [ 66.102037][ T4027] Quota error (device loop0): remove_free_dqentry: Can't write block (5) with free entries [ 66.112137][ T4027] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 66.122748][ T4027] Quota error (device loop0): write_blk: dquota write failed [ 66.130158][ T4027] Quota error (device loop0): free_dqentry: Can't move quota data block (5) to free list [ 66.146489][ T4841] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.170880][ T4027] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 66.181186][ T4027] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 66.191674][ T4027] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 66.367799][ T29] audit: type=1400 audit(1746791980.211:849): avc: denied { relabelto } for pid=4858 comm="syz.1.420" name="cgroup" dev="tmpfs" ino=507 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 trawcon="system_u:object_r:hald_sonypic_exec_t:s0" [ 66.415849][ T29] audit: type=1400 audit(1746791980.221:850): avc: denied { associate } for pid=4858 comm="syz.1.420" name="cgroup" dev="tmpfs" ino=507 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:hald_sonypic_exec_t:s0" [ 66.513837][ T4859] loop1: detected capacity change from 0 to 512 [ 66.566555][ T4859] EXT4-fs (loop1): orphan cleanup on readonly fs [ 66.597427][ T4859] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.420: bg 0: block 248: padding at end of block bitmap is not set [ 66.627827][ T4859] Quota error (device loop1): write_blk: dquota write failed [ 66.637707][ T4859] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 66.648507][ T4859] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.420: Failed to acquire dquot type 1 [ 66.688342][ T4859] EXT4-fs (loop1): 1 truncate cleaned up [ 66.850023][ T4888] FAULT_INJECTION: forcing a failure. [ 66.850023][ T4888] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 66.863312][ T4888] CPU: 1 UID: 0 PID: 4888 Comm: syz.3.426 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 66.863363][ T4888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 66.863378][ T4888] Call Trace: [ 66.863386][ T4888] [ 66.863395][ T4888] __dump_stack+0x1d/0x30 [ 66.863422][ T4888] dump_stack_lvl+0xe8/0x140 [ 66.863446][ T4888] dump_stack+0x15/0x1b [ 66.863513][ T4888] should_fail_ex+0x265/0x280 [ 66.863555][ T4888] should_fail+0xb/0x20 [ 66.863652][ T4888] should_fail_usercopy+0x1a/0x20 [ 66.863675][ T4888] _copy_from_user+0x1c/0xb0 [ 66.863713][ T4888] __sys_bpf+0x178/0x790 [ 66.863766][ T4888] __x64_sys_bpf+0x41/0x50 [ 66.863797][ T4888] x64_sys_call+0x2478/0x2fb0 [ 66.863824][ T4888] do_syscall_64+0xd0/0x1a0 [ 66.863859][ T4888] ? clear_bhb_loop+0x25/0x80 [ 66.863886][ T4888] ? clear_bhb_loop+0x25/0x80 [ 66.863912][ T4888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.864026][ T4888] RIP: 0033:0x7f90bc28e969 [ 66.864045][ T4888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.864065][ T4888] RSP: 002b:00007f90ba8f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 66.864089][ T4888] RAX: ffffffffffffffda RBX: 00007f90bc4b5fa0 RCX: 00007f90bc28e969 [ 66.864104][ T4888] RDX: 0000000000000094 RSI: 0000200000000440 RDI: 0000000000000005 [ 66.864122][ T4888] RBP: 00007f90ba8f7090 R08: 0000000000000000 R09: 0000000000000000 [ 66.864136][ T4888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 66.864150][ T4888] R13: 0000000000000000 R14: 00007f90bc4b5fa0 R15: 00007ffd1d7eb078 [ 66.864175][ T4888] [ 67.624563][ T4927] loop1: detected capacity change from 0 to 512 [ 67.663473][ T4927] EXT4-fs (loop1): orphan cleanup on readonly fs [ 67.690430][ T4931] loop0: detected capacity change from 0 to 1024 [ 67.704192][ T4931] EXT4-fs: Ignoring removed nomblk_io_submit option [ 67.726551][ T4927] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.438: bg 0: block 248: padding at end of block bitmap is not set [ 67.746093][ T4927] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.438: Failed to acquire dquot type 1 [ 67.769850][ T4931] EXT4-fs: Mount option(s) incompatible with ext2 [ 67.781367][ T4933] loop3: detected capacity change from 0 to 2048 [ 67.789315][ T4927] EXT4-fs (loop1): 1 truncate cleaned up [ 68.034500][ T4948] loop4: detected capacity change from 0 to 2048 [ 68.121800][ T4954] loop1: detected capacity change from 0 to 512 [ 68.196825][ T4954] EXT4-fs (loop1): orphan cleanup on readonly fs [ 68.232181][ T4954] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.449: bg 0: block 248: padding at end of block bitmap is not set [ 68.247592][ T4954] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.449: Failed to acquire dquot type 1 [ 68.259977][ T4954] EXT4-fs (loop1): 1 truncate cleaned up [ 68.574760][ T4968] netlink: 35 bytes leftover after parsing attributes in process `syz.2.454'. [ 68.583878][ T4968] netlink: 8 bytes leftover after parsing attributes in process `syz.2.454'. [ 68.583969][ T4966] loop1: detected capacity change from 0 to 2048 [ 68.703571][ T4973] netlink: 8 bytes leftover after parsing attributes in process `syz.1.453'. [ 68.741929][ T4975] loop0: detected capacity change from 0 to 2048 [ 68.896187][ T4983] netlink: 8 bytes leftover after parsing attributes in process `syz.0.456'. [ 68.917651][ T4982] loop2: detected capacity change from 0 to 512 [ 68.979397][ T4982] EXT4-fs (loop2): orphan cleanup on readonly fs [ 69.018601][ T4982] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.458: bg 0: block 248: padding at end of block bitmap is not set [ 69.041858][ T4982] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.458: Failed to acquire dquot type 1 [ 69.117749][ T4991] IPVS: stopping master sync thread 4992 ... [ 69.126056][ T4992] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 69.140863][ T4982] EXT4-fs (loop2): 1 truncate cleaned up [ 69.584051][ T5000] loop1: detected capacity change from 0 to 512 [ 69.612452][ T5000] EXT4-fs (loop1): orphan cleanup on readonly fs [ 69.627540][ T5000] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.464: bg 0: block 248: padding at end of block bitmap is not set [ 69.809589][ T5000] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.464: Failed to acquire dquot type 1 [ 69.905374][ T5005] loop0: detected capacity change from 0 to 1024 [ 69.989314][ T5005] EXT4-fs: Ignoring removed bh option [ 70.009946][ T5000] EXT4-fs (loop1): 1 truncate cleaned up [ 70.258836][ T5015] dvmrp0: entered allmulticast mode [ 70.264401][ T5012] loop3: detected capacity change from 0 to 1024 [ 70.270417][ T5015] dvmrp0: left allmulticast mode [ 70.302179][ T5012] EXT4-fs: Ignoring removed nomblk_io_submit option [ 70.312364][ T5012] EXT4-fs: Mount option(s) incompatible with ext2 [ 70.378962][ T23] IPVS: starting estimator thread 0... [ 70.384641][ T5021] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 70.397564][ T5029] FAULT_INJECTION: forcing a failure. [ 70.397564][ T5029] name failslab, interval 1, probability 0, space 0, times 0 [ 70.406238][ T5027] netlink: 'syz.2.472': attribute type 13 has an invalid length. [ 70.410805][ T5029] CPU: 0 UID: 0 PID: 5029 Comm: syz.0.474 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 70.410837][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 70.410853][ T5029] Call Trace: [ 70.410862][ T5029] [ 70.410905][ T5029] __dump_stack+0x1d/0x30 [ 70.410934][ T5029] dump_stack_lvl+0xe8/0x140 [ 70.410959][ T5029] dump_stack+0x15/0x1b [ 70.411012][ T5029] should_fail_ex+0x265/0x280 [ 70.411052][ T5029] should_failslab+0x8c/0xb0 [ 70.411090][ T5029] kmem_cache_alloc_noprof+0x50/0x310 [ 70.411186][ T5029] ? dst_alloc+0xbd/0x100 [ 70.411304][ T5029] dst_alloc+0xbd/0x100 [ 70.411368][ T5029] ip_route_output_key_hash_rcu+0xebb/0x13d0 [ 70.411407][ T5029] ip_route_output_flow+0x7b/0x130 [ 70.411447][ T5029] udp_sendmsg+0x118b/0x13a0 [ 70.411493][ T5029] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 70.411594][ T5029] ? avc_has_perm+0xd3/0x150 [ 70.411706][ T5029] ? __pfx_udp_sendmsg+0x10/0x10 [ 70.411748][ T5029] inet_sendmsg+0xac/0xd0 [ 70.411867][ T5029] __sock_sendmsg+0x102/0x180 [ 70.411985][ T5029] ____sys_sendmsg+0x345/0x4e0 [ 70.412013][ T5029] ___sys_sendmsg+0x17b/0x1d0 [ 70.412057][ T5029] __sys_sendmmsg+0x178/0x300 [ 70.412096][ T5029] __x64_sys_sendmmsg+0x57/0x70 [ 70.412121][ T5029] x64_sys_call+0x2f2f/0x2fb0 [ 70.412199][ T5029] do_syscall_64+0xd0/0x1a0 [ 70.412228][ T5029] ? clear_bhb_loop+0x25/0x80 [ 70.412256][ T5029] ? clear_bhb_loop+0x25/0x80 [ 70.412285][ T5029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.412372][ T5029] RIP: 0033:0x7f063213e969 [ 70.412392][ T5029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.412414][ T5029] RSP: 002b:00007f06307a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 70.412438][ T5029] RAX: ffffffffffffffda RBX: 00007f0632365fa0 RCX: 00007f063213e969 [ 70.412455][ T5029] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000005 [ 70.412470][ T5029] RBP: 00007f06307a7090 R08: 0000000000000000 R09: 0000000000000000 [ 70.412558][ T5029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 70.412573][ T5029] R13: 0000000000000000 R14: 00007f0632365fa0 R15: 00007ffed72ddea8 [ 70.412660][ T5029] [ 70.432205][ T5029] netlink: 'syz.0.474': attribute type 13 has an invalid length. [ 70.495989][ T5028] IPVS: using max 1920 ests per chain, 96000 per kthread [ 70.717140][ T10] IPVS: starting estimator thread 0... [ 70.732529][ T5023] loop1: detected capacity change from 0 to 512 [ 70.784451][ T5023] EXT4-fs (loop1): orphan cleanup on readonly fs [ 70.803854][ T5027] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.811228][ T5027] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.818644][ T5031] IPVS: using max 2448 ests per chain, 122400 per kthread [ 70.895708][ T5023] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.473: bg 0: block 248: padding at end of block bitmap is not set [ 70.930223][ T5023] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.473: Failed to acquire dquot type 1 [ 70.973365][ T5027] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 70.988708][ T5036] loop4: detected capacity change from 0 to 8192 [ 70.999722][ T5027] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 71.013671][ T5023] EXT4-fs (loop1): 1 truncate cleaned up [ 71.112930][ T29] kauditd_printk_skb: 82 callbacks suppressed [ 71.112944][ T29] audit: type=1400 audit(1746791984.961:923): avc: denied { setopt } for pid=5038 comm="syz.1.477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 71.149023][ T5027] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.158035][ T5027] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.166993][ T5027] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.176017][ T5027] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.280418][ T29] audit: type=1400 audit(1746791984.991:924): avc: denied { bind } for pid=5038 comm="syz.1.477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 71.299639][ T29] audit: type=1400 audit(1746791984.991:925): avc: denied { name_bind } for pid=5038 comm="syz.1.477" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 71.321525][ T29] audit: type=1400 audit(1746791984.991:926): avc: denied { node_bind } for pid=5038 comm="syz.1.477" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 71.353846][ T29] audit: type=1400 audit(1746791985.151:927): avc: denied { create } for pid=5040 comm="syz.1.478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 71.374064][ T29] audit: type=1400 audit(1746791985.151:928): avc: denied { create } for pid=5040 comm="syz.1.478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 71.410768][ T29] audit: type=1400 audit(1746791985.211:929): avc: denied { create } for pid=5040 comm="syz.1.478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 71.487136][ T5029] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.494993][ T5029] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.625006][ T5049] loop1: detected capacity change from 0 to 512 [ 71.631864][ T5029] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 71.641545][ T5049] EXT4-fs (loop1): orphan cleanup on readonly fs [ 71.648962][ T5049] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.481: bg 0: block 248: padding at end of block bitmap is not set [ 71.667815][ T5049] Quota error (device loop1): write_blk: dquota write failed [ 71.676302][ T5049] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 71.688046][ T5049] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.481: Failed to acquire dquot type 1 [ 71.704820][ T29] audit: type=1400 audit(1746791985.551:930): avc: denied { unmount } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 71.725130][ T5029] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 71.757531][ T5049] EXT4-fs (loop1): 1 truncate cleaned up [ 71.792783][ T5049] EXT4-fs mount: 78 callbacks suppressed [ 71.792800][ T5049] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 71.824864][ T5055] loop2: detected capacity change from 0 to 1024 [ 71.831660][ T5055] EXT4-fs: Ignoring removed nomblk_io_submit option [ 71.845749][ T5029] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.851383][ T5055] EXT4-fs: Mount option(s) incompatible with ext2 [ 71.854885][ T5029] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.870352][ T5029] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.879348][ T5029] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.912100][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.003721][ T5063] loop0: detected capacity change from 0 to 512 [ 72.028324][ T5063] ext4: Unknown parameter 'permit_directio' [ 72.298667][ T5077] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 72.307662][ T5077] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 72.316836][ T5077] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 72.325892][ T5077] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 72.367233][ T5077] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 72.462007][ T5088] loop1: detected capacity change from 0 to 512 [ 72.479418][ T5088] EXT4-fs (loop1): orphan cleanup on readonly fs [ 72.492017][ T5088] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.497: bg 0: block 248: padding at end of block bitmap is not set [ 72.509401][ T5088] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.497: Failed to acquire dquot type 1 [ 72.521650][ T5088] EXT4-fs (loop1): 1 truncate cleaned up [ 72.529093][ T5088] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 72.646309][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.662001][ T5098] loop4: detected capacity change from 0 to 1024 [ 72.686396][ T5098] EXT4-fs: Ignoring removed nomblk_io_submit option [ 72.695025][ T5098] EXT4-fs: Mount option(s) incompatible with ext2 [ 72.719741][ T5103] loop3: detected capacity change from 0 to 512 [ 72.762667][ T5103] ext4: Unknown parameter 'permit_directio' [ 72.936872][ T5115] FAULT_INJECTION: forcing a failure. [ 72.936872][ T5115] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 72.940814][ T5117] loop1: detected capacity change from 0 to 2048 [ 72.950942][ T5115] CPU: 0 UID: 0 PID: 5115 Comm: syz.0.508 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 72.951047][ T5115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 72.951066][ T5115] Call Trace: [ 72.951076][ T5115] [ 72.951088][ T5115] __dump_stack+0x1d/0x30 [ 72.951118][ T5115] dump_stack_lvl+0xe8/0x140 [ 72.951199][ T5115] dump_stack+0x15/0x1b [ 72.951241][ T5115] should_fail_ex+0x265/0x280 [ 72.951287][ T5115] should_fail+0xb/0x20 [ 72.951407][ T5115] should_fail_usercopy+0x1a/0x20 [ 72.951586][ T5115] _copy_from_user+0x1c/0xb0 [ 72.951617][ T5115] xsk_setsockopt+0x2ad/0x510 [ 72.951654][ T5115] ? __pfx_xsk_setsockopt+0x10/0x10 [ 72.951689][ T5115] __sys_setsockopt+0x181/0x200 [ 72.951811][ T5115] __x64_sys_setsockopt+0x64/0x80 [ 72.951850][ T5115] x64_sys_call+0x2bd5/0x2fb0 [ 72.951873][ T5115] do_syscall_64+0xd0/0x1a0 [ 72.951962][ T5115] ? clear_bhb_loop+0x25/0x80 [ 72.951993][ T5115] ? clear_bhb_loop+0x25/0x80 [ 72.952025][ T5115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.952076][ T5115] RIP: 0033:0x7f063213e969 [ 72.952099][ T5115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.952178][ T5115] RSP: 002b:00007f06307a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 72.952226][ T5115] RAX: ffffffffffffffda RBX: 00007f0632365fa0 RCX: 00007f063213e969 [ 72.952243][ T5115] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000005 [ 72.952260][ T5115] RBP: 00007f06307a7090 R08: 0000000000000020 R09: 0000000000000000 [ 72.952277][ T5115] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 72.952294][ T5115] R13: 0000000000000000 R14: 00007f0632365fa0 R15: 00007ffed72ddea8 [ 72.952322][ T5115] [ 73.190142][ T5117] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.569064][ T5146] loop4: detected capacity change from 0 to 1024 [ 73.597117][ T5148] loop3: detected capacity change from 0 to 512 [ 73.598778][ T5146] EXT4-fs: Ignoring removed i_version option [ 73.604749][ T5148] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 73.686770][ T5146] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 73.705323][ T5146] JBD2: no valid journal superblock found [ 73.711355][ T5146] EXT4-fs (loop4): Could not load journal inode [ 73.791798][ T5150] netlink: 4 bytes leftover after parsing attributes in process `syz.3.522'. [ 73.851254][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.898349][ T5156] loop2: detected capacity change from 0 to 1024 [ 73.931362][ T5156] EXT4-fs: Ignoring removed nomblk_io_submit option [ 73.938386][ T5164] loop4: detected capacity change from 0 to 512 [ 73.971595][ T5156] EXT4-fs: Mount option(s) incompatible with ext2 [ 73.986295][ T5164] EXT4-fs (loop4): orphan cleanup on readonly fs [ 74.014139][ T5164] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.529: bg 0: block 248: padding at end of block bitmap is not set [ 74.082180][ T5174] loop0: detected capacity change from 0 to 2048 [ 74.089867][ T5164] EXT4-fs error (device loop4): ext4_acquire_dquot:6935: comm syz.4.529: Failed to acquire dquot type 1 [ 74.117356][ T5164] EXT4-fs (loop4): 1 truncate cleaned up [ 74.124602][ T5174] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.147210][ T5164] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 74.175937][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.229460][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.306446][ T5188] Invalid ELF header magic: != ELF [ 74.589866][ T5199] loop0: detected capacity change from 0 to 1024 [ 74.598084][ T5199] EXT4-fs: Ignoring removed nobh option [ 74.603905][ T5199] EXT4-fs: Ignoring removed bh option [ 74.678959][ T5199] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.808808][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.903842][ T5208] loop1: detected capacity change from 0 to 2048 [ 74.952257][ T5208] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.011997][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.036877][ T5216] loop2: detected capacity change from 0 to 1024 [ 75.068025][ T5216] EXT4-fs: Ignoring removed bh option [ 75.091150][ T5203] loop4: detected capacity change from 0 to 512 [ 75.092069][ T5218] loop1: detected capacity change from 0 to 1024 [ 75.105413][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 75.119007][ T10] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 75.134821][ T5218] EXT4-fs: Ignoring removed nomblk_io_submit option [ 75.135175][ T5218] EXT4-fs: Mount option(s) incompatible with ext2 [ 75.154252][ T5216] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 75.211684][ T5224] FAULT_INJECTION: forcing a failure. [ 75.211684][ T5224] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 75.211715][ T5224] CPU: 0 UID: 0 PID: 5224 Comm: syz.0.546 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 75.211741][ T5224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 75.211752][ T5224] Call Trace: [ 75.211758][ T5224] [ 75.211792][ T5224] __dump_stack+0x1d/0x30 [ 75.211817][ T5224] dump_stack_lvl+0xe8/0x140 [ 75.211842][ T5224] dump_stack+0x15/0x1b [ 75.211863][ T5224] should_fail_ex+0x265/0x280 [ 75.211980][ T5224] should_fail+0xb/0x20 [ 75.212063][ T5224] should_fail_usercopy+0x1a/0x20 [ 75.212086][ T5224] _copy_from_iter+0xcf/0xdd0 [ 75.212119][ T5224] ? alloc_pages_mpol+0x202/0x250 [ 75.212210][ T5224] copy_page_from_iter+0x15a/0x290 [ 75.212237][ T5224] tun_get_user+0x5c7/0x24d0 [ 75.212270][ T5224] ? ref_tracker_alloc+0x1f2/0x2f0 [ 75.212368][ T5224] tun_chr_write_iter+0x15e/0x210 [ 75.212398][ T5224] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 75.212426][ T5224] vfs_write+0x49d/0x8d0 [ 75.212462][ T5224] ksys_write+0xda/0x1a0 [ 75.212571][ T5224] __x64_sys_write+0x40/0x50 [ 75.212610][ T5224] x64_sys_call+0x2cdd/0x2fb0 [ 75.212630][ T5224] do_syscall_64+0xd0/0x1a0 [ 75.212654][ T5224] ? clear_bhb_loop+0x25/0x80 [ 75.212691][ T5224] ? clear_bhb_loop+0x25/0x80 [ 75.212718][ T5224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.212804][ T5224] RIP: 0033:0x7f063213d41f [ 75.212818][ T5224] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 75.212836][ T5224] RSP: 002b:00007f0630786000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 75.212857][ T5224] RAX: ffffffffffffffda RBX: 00007f0632366080 RCX: 00007f063213d41f [ 75.212872][ T5224] RDX: 0000000000000076 RSI: 0000200000000040 RDI: 00000000000000c8 [ 75.212887][ T5224] RBP: 00007f0630786090 R08: 0000000000000000 R09: 0000000000000000 [ 75.212955][ T5224] R10: 0000000000000076 R11: 0000000000000293 R12: 0000000000000001 [ 75.212970][ T5224] R13: 0000000000000000 R14: 00007f0632366080 R15: 00007ffed72ddea8 [ 75.212995][ T5224] [ 75.226901][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 75.373545][ T5226] netdevsim netdevsim2: Direct firmware load for ..€ failed with error -2 [ 75.561008][ T5231] loop2: detected capacity change from 0 to 1024 [ 75.570069][ T5231] EXT4-fs: Ignoring removed nobh option [ 75.575692][ T5231] EXT4-fs: Ignoring removed bh option [ 75.594532][ T5231] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.624662][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.674403][ T5242] nfs: Unknown parameter 'GPL' [ 75.705826][ T5245] loop2: detected capacity change from 0 to 2048 [ 75.719318][ T5245] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.745590][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.774309][ T5249] loop2: detected capacity change from 0 to 1024 [ 75.783220][ T5249] EXT4-fs: Ignoring removed nomblk_io_submit option [ 75.791244][ T5249] EXT4-fs: Mount option(s) incompatible with ext2 [ 76.069915][ T5253] netlink: 100 bytes leftover after parsing attributes in process `syz.1.560'. [ 76.088595][ T5255] FAULT_INJECTION: forcing a failure. [ 76.088595][ T5255] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 76.102080][ T5255] CPU: 0 UID: 0 PID: 5255 Comm: syz.4.561 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 76.102134][ T5255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 76.102147][ T5255] Call Trace: [ 76.102153][ T5255] [ 76.102160][ T5255] __dump_stack+0x1d/0x30 [ 76.102184][ T5255] dump_stack_lvl+0xe8/0x140 [ 76.102209][ T5255] dump_stack+0x15/0x1b [ 76.102230][ T5255] should_fail_ex+0x265/0x280 [ 76.102334][ T5255] should_fail+0xb/0x20 [ 76.102368][ T5255] should_fail_usercopy+0x1a/0x20 [ 76.102441][ T5255] _copy_from_user+0x1c/0xb0 [ 76.102462][ T5255] ___sys_sendmsg+0xc1/0x1d0 [ 76.102495][ T5255] __x64_sys_sendmsg+0xd4/0x160 [ 76.102528][ T5255] x64_sys_call+0x2999/0x2fb0 [ 76.102555][ T5255] do_syscall_64+0xd0/0x1a0 [ 76.102724][ T5255] ? clear_bhb_loop+0x25/0x80 [ 76.102744][ T5255] ? clear_bhb_loop+0x25/0x80 [ 76.102767][ T5255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.102789][ T5255] RIP: 0033:0x7f061befe969 [ 76.102868][ T5255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.102890][ T5255] RSP: 002b:00007f061a567038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.102909][ T5255] RAX: ffffffffffffffda RBX: 00007f061c125fa0 RCX: 00007f061befe969 [ 76.102962][ T5255] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 76.102975][ T5255] RBP: 00007f061a567090 R08: 0000000000000000 R09: 0000000000000000 [ 76.102990][ T5255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 76.103013][ T5255] R13: 0000000000000000 R14: 00007f061c125fa0 R15: 00007ffc971d5dd8 [ 76.103076][ T5255] [ 76.403595][ T29] kauditd_printk_skb: 76 callbacks suppressed [ 76.403711][ T29] audit: type=1400 audit(1746791990.257:1003): avc: denied { create } for pid=5267 comm="syz.4.566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 76.433101][ T29] audit: type=1400 audit(1746791990.297:1004): avc: denied { bind } for pid=5267 comm="syz.4.566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 76.466109][ T29] audit: type=1400 audit(1746791990.297:1005): avc: denied { write } for pid=5267 comm="syz.4.566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 76.509695][ T5261] loop1: detected capacity change from 0 to 512 [ 76.531369][ T5261] EXT4-fs (loop1): orphan cleanup on readonly fs [ 76.567932][ T5261] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.564: bg 0: block 248: padding at end of block bitmap is not set [ 76.590658][ T5261] Quota error (device loop1): write_blk: dquota write failed [ 76.602491][ T5261] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 76.613738][ T5261] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.564: Failed to acquire dquot type 1 [ 76.632301][ T5277] loop0: detected capacity change from 0 to 512 [ 76.642023][ T5261] EXT4-fs (loop1): 1 truncate cleaned up [ 76.643625][ T5273] loop3: detected capacity change from 0 to 512 [ 76.674797][ T5277] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.687479][ T5277] ext4 filesystem being mounted at /101/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 76.698822][ T29] audit: type=1400 audit(1746791990.557:1006): avc: denied { read } for pid=5276 comm="syz.0.568" name="file2" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 76.722583][ T29] audit: type=1400 audit(1746791990.577:1007): avc: denied { ioctl } for pid=5276 comm="syz.0.568" path="/101/bus/file2" dev="loop0" ino=16 ioctlcmd=0x660f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 76.745102][ T5261] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 76.776167][ T5273] ext4: Unknown parameter 'permit_directio' [ 76.837550][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.858406][ T5282] FAULT_INJECTION: forcing a failure. [ 76.858406][ T5282] name failslab, interval 1, probability 0, space 0, times 0 [ 76.871236][ T5282] CPU: 1 UID: 0 PID: 5282 Comm: syz.1.571 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 76.871321][ T5282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 76.871336][ T5282] Call Trace: [ 76.871342][ T5282] [ 76.871352][ T5282] __dump_stack+0x1d/0x30 [ 76.871381][ T5282] dump_stack_lvl+0xe8/0x140 [ 76.871405][ T5282] dump_stack+0x15/0x1b [ 76.871423][ T5282] should_fail_ex+0x265/0x280 [ 76.871533][ T5282] ? v9fs_mount+0x51/0x590 [ 76.871558][ T5282] should_failslab+0x8c/0xb0 [ 76.871645][ T5282] __kmalloc_cache_noprof+0x4c/0x320 [ 76.871673][ T5282] v9fs_mount+0x51/0x590 [ 76.871699][ T5282] ? __pfx_v9fs_mount+0x10/0x10 [ 76.871731][ T5282] legacy_get_tree+0x75/0xd0 [ 76.871803][ T5282] vfs_get_tree+0x54/0x1d0 [ 76.871869][ T5282] do_new_mount+0x207/0x680 [ 76.871901][ T5282] path_mount+0x4a4/0xb20 [ 76.871926][ T5282] ? user_path_at+0x109/0x130 [ 76.871944][ T5282] __se_sys_mount+0x28f/0x2e0 [ 76.871966][ T5282] ? fput+0x8f/0xc0 [ 76.871988][ T5282] __x64_sys_mount+0x67/0x80 [ 76.872061][ T5282] x64_sys_call+0xd36/0x2fb0 [ 76.872088][ T5282] do_syscall_64+0xd0/0x1a0 [ 76.872111][ T5282] ? clear_bhb_loop+0x25/0x80 [ 76.872204][ T5282] ? clear_bhb_loop+0x25/0x80 [ 76.872274][ T5282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.872299][ T5282] RIP: 0033:0x7f42cb80e969 [ 76.872330][ T5282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.872403][ T5282] RSP: 002b:00007f42c9e77038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 76.872435][ T5282] RAX: ffffffffffffffda RBX: 00007f42cba35fa0 RCX: 00007f42cb80e969 [ 76.872451][ T5282] RDX: 0000200000000280 RSI: 0000200000000300 RDI: 0000000000000000 [ 76.872464][ T5282] RBP: 00007f42c9e77090 R08: 0000200000000600 R09: 0000000000000000 [ 76.872476][ T5282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 76.872487][ T5282] R13: 0000000000000000 R14: 00007f42cba35fa0 R15: 00007fff973d4658 [ 76.872506][ T5282] [ 77.158830][ T29] audit: type=1326 audit(1746791991.017:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5287 comm="syz.1.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42cb80e969 code=0x7ffc0000 [ 77.193501][ T5288] loop1: detected capacity change from 0 to 512 [ 77.214327][ T29] audit: type=1326 audit(1746791991.037:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5287 comm="syz.1.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f42cb80e969 code=0x7ffc0000 [ 77.238164][ T29] audit: type=1326 audit(1746791991.037:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5287 comm="syz.1.574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42cb80e969 code=0x7ffc0000 [ 77.261757][ T5292] loop3: detected capacity change from 0 to 2048 [ 77.269017][ T5288] journal_path: Lookup failure for './file0/../file0' [ 77.275909][ T5288] EXT4-fs: error: could not find journal device path [ 77.312341][ T5292] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.417188][ T5301] netlink: 8 bytes leftover after parsing attributes in process `syz.3.575'. [ 77.496914][ T5305] netlink: 'syz.1.580': attribute type 10 has an invalid length. [ 77.503646][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.537102][ T5307] netlink: 4 bytes leftover after parsing attributes in process `syz.4.581'. [ 77.573599][ T5307] team0 (unregistering): Port device team_slave_0 removed [ 77.586421][ T5307] team0 (unregistering): Port device team_slave_1 removed [ 77.651989][ T5315] loop4: detected capacity change from 0 to 1024 [ 77.659239][ T5315] EXT4-fs: Ignoring removed nomblk_io_submit option [ 77.675160][ T5315] EXT4-fs: Mount option(s) incompatible with ext2 [ 77.785637][ T5320] dvmrp0: entered allmulticast mode [ 77.792094][ T5320] dvmrp0: left allmulticast mode [ 78.004170][ T5329] loop0: detected capacity change from 0 to 2048 [ 78.067829][ T5329] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.081268][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.103807][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.330489][ T5343] netlink: 14 bytes leftover after parsing attributes in process `syz.2.595'. [ 78.424109][ T5348] dvmrp0: entered allmulticast mode [ 78.430331][ T5348] dvmrp0: left allmulticast mode [ 78.560894][ T5358] loop1: detected capacity change from 0 to 2048 [ 78.610924][ T5358] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.645468][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.727081][ T5368] loop2: detected capacity change from 0 to 1024 [ 78.739587][ T5368] EXT4-fs: Ignoring removed nobh option [ 78.745414][ T5368] EXT4-fs: Ignoring removed bh option [ 78.773583][ T5372] FAULT_INJECTION: forcing a failure. [ 78.773583][ T5372] name failslab, interval 1, probability 0, space 0, times 0 [ 78.780159][ T5368] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.786385][ T5372] CPU: 0 UID: 0 PID: 5372 Comm: syz.4.607 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 78.786418][ T5372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 78.786435][ T5372] Call Trace: [ 78.786445][ T5372] [ 78.786456][ T5372] __dump_stack+0x1d/0x30 [ 78.786486][ T5372] dump_stack_lvl+0xe8/0x140 [ 78.786563][ T5372] dump_stack+0x15/0x1b [ 78.786585][ T5372] should_fail_ex+0x265/0x280 [ 78.786626][ T5372] should_failslab+0x8c/0xb0 [ 78.786665][ T5372] kmem_cache_alloc_noprof+0x50/0x310 [ 78.786732][ T5372] ? audit_log_start+0x365/0x6c0 [ 78.786773][ T5372] audit_log_start+0x365/0x6c0 [ 78.786845][ T5372] audit_seccomp+0x48/0x100 [ 78.786956][ T5372] ? __seccomp_filter+0x68c/0x10d0 [ 78.786984][ T5372] __seccomp_filter+0x69d/0x10d0 [ 78.787012][ T5372] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 78.787087][ T5372] ? vfs_write+0x75e/0x8d0 [ 78.787117][ T5372] ? __rcu_read_unlock+0x4f/0x70 [ 78.787213][ T5372] ? __fget_files+0x184/0x1c0 [ 78.787303][ T5372] __secure_computing+0x82/0x150 [ 78.787330][ T5372] syscall_trace_enter+0xcf/0x1e0 [ 78.787419][ T5372] do_syscall_64+0xaa/0x1a0 [ 78.787495][ T5372] ? clear_bhb_loop+0x25/0x80 [ 78.787531][ T5372] ? clear_bhb_loop+0x25/0x80 [ 78.787559][ T5372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.787624][ T5372] RIP: 0033:0x7f061befe969 [ 78.787644][ T5372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.787666][ T5372] RSP: 002b:00007f061a567038 EFLAGS: 00000246 ORIG_RAX: 0000000000000094 [ 78.787690][ T5372] RAX: ffffffffffffffda RBX: 00007f061c125fa0 RCX: 00007f061befe969 [ 78.787707][ T5372] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000000 [ 78.787766][ T5372] RBP: 00007f061a567090 R08: 0000000000000000 R09: 0000000000000000 [ 78.787781][ T5372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 78.787815][ T5372] R13: 0000000000000000 R14: 00007f061c125fa0 R15: 00007ffc971d5dd8 [ 78.787839][ T5372] [ 78.929761][ T5382] loop4: detected capacity change from 0 to 1024 [ 79.020548][ T5382] EXT4-fs: Ignoring removed bh option [ 79.024495][ T5386] FAULT_INJECTION: forcing a failure. [ 79.024495][ T5386] name failslab, interval 1, probability 0, space 0, times 0 [ 79.038911][ T5386] CPU: 1 UID: 0 PID: 5386 Comm: syz.3.612 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 79.038940][ T5386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 79.038952][ T5386] Call Trace: [ 79.038960][ T5386] [ 79.038968][ T5386] __dump_stack+0x1d/0x30 [ 79.038989][ T5386] dump_stack_lvl+0xe8/0x140 [ 79.039009][ T5386] dump_stack+0x15/0x1b [ 79.039076][ T5386] should_fail_ex+0x265/0x280 [ 79.039109][ T5386] should_failslab+0x8c/0xb0 [ 79.039139][ T5386] __kmalloc_cache_node_noprof+0x54/0x320 [ 79.039200][ T5386] ? __get_vm_area_node+0x106/0x1c0 [ 79.039224][ T5386] __get_vm_area_node+0x106/0x1c0 [ 79.039252][ T5386] get_vm_area+0x46/0x60 [ 79.039274][ T5386] ? arena_map_alloc+0x1e6/0x370 [ 79.039352][ T5386] arena_map_alloc+0x1e6/0x370 [ 79.039371][ T5386] map_create+0x840/0xb90 [ 79.039399][ T5386] ? security_bpf+0x2b/0x90 [ 79.039426][ T5386] __sys_bpf+0x5ab/0x790 [ 79.039555][ T5386] __x64_sys_bpf+0x41/0x50 [ 79.039581][ T5386] x64_sys_call+0x2478/0x2fb0 [ 79.039602][ T5386] do_syscall_64+0xd0/0x1a0 [ 79.039625][ T5386] ? clear_bhb_loop+0x25/0x80 [ 79.039691][ T5386] ? clear_bhb_loop+0x25/0x80 [ 79.039716][ T5386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.039802][ T5386] RIP: 0033:0x7f90bc28e969 [ 79.039817][ T5386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.039834][ T5386] RSP: 002b:00007f90ba8f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 79.039853][ T5386] RAX: ffffffffffffffda RBX: 00007f90bc4b5fa0 RCX: 00007f90bc28e969 [ 79.039865][ T5386] RDX: 0000000000000050 RSI: 0000200000000480 RDI: 0000000000000000 [ 79.039877][ T5386] RBP: 00007f90ba8f7090 R08: 0000000000000000 R09: 0000000000000000 [ 79.039952][ T5386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 79.039964][ T5386] R13: 0000000000000000 R14: 00007f90bc4b5fa0 R15: 00007ffd1d7eb078 [ 79.039983][ T5386] [ 79.043435][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.122949][ T5389] loop3: detected capacity change from 0 to 512 [ 79.184110][ T5394] loop0: detected capacity change from 0 to 2048 [ 79.205652][ T5389] ext4: Unknown parameter 'permit_directio' [ 79.214172][ T5382] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 79.320426][ T5394] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.351471][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.363344][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 79.470871][ T5418] loop3: detected capacity change from 0 to 1024 [ 79.481496][ T5418] EXT4-fs: Ignoring removed nobh option [ 79.486716][ T5416] bond1: entered promiscuous mode [ 79.487258][ T5418] EXT4-fs: Ignoring removed bh option [ 79.492221][ T5416] bond1: entered allmulticast mode [ 79.492438][ T5416] 8021q: adding VLAN 0 to HW filter on device bond1 [ 79.513587][ T5416] bond1 (unregistering): Released all slaves [ 79.522679][ T5418] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.582880][ T5424] netlink: 14 bytes leftover after parsing attributes in process `syz.0.623'. [ 79.631530][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.689941][ T5433] loop1: detected capacity change from 0 to 2048 [ 79.714718][ T5436] loop3: detected capacity change from 0 to 512 [ 79.721835][ T5436] ext4: Unknown parameter 'permit_directio' [ 79.778798][ T5433] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.826764][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.011220][ T5458] loop3: detected capacity change from 0 to 1024 [ 80.021438][ T5458] EXT4-fs: Ignoring removed nobh option [ 80.027300][ T5458] EXT4-fs: Ignoring removed bh option [ 80.047792][ T5458] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.135213][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.159582][ T5464] loop3: detected capacity change from 0 to 512 [ 80.169933][ T5464] ext4: Unknown parameter 'permit_directio' [ 80.214499][ T5467] loop2: detected capacity change from 0 to 2048 [ 80.251605][ T5476] FAULT_INJECTION: forcing a failure. [ 80.251605][ T5476] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 80.265238][ T5476] CPU: 0 UID: 0 PID: 5476 Comm: syz.3.643 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 80.265271][ T5476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 80.265285][ T5476] Call Trace: [ 80.265292][ T5476] [ 80.265301][ T5476] __dump_stack+0x1d/0x30 [ 80.265388][ T5476] dump_stack_lvl+0xe8/0x140 [ 80.265411][ T5476] dump_stack+0x15/0x1b [ 80.265431][ T5476] should_fail_ex+0x265/0x280 [ 80.265463][ T5476] should_fail+0xb/0x20 [ 80.265569][ T5476] should_fail_usercopy+0x1a/0x20 [ 80.265589][ T5476] _copy_from_iter+0xcf/0xdd0 [ 80.265683][ T5476] ? __build_skb_around+0x1a0/0x200 [ 80.265781][ T5476] ? __alloc_skb+0x223/0x320 [ 80.265877][ T5476] netlink_sendmsg+0x471/0x6b0 [ 80.265920][ T5476] ? __pfx_netlink_sendmsg+0x10/0x10 [ 80.265959][ T5476] __sock_sendmsg+0x142/0x180 [ 80.266067][ T5476] ____sys_sendmsg+0x31e/0x4e0 [ 80.266118][ T5476] ___sys_sendmsg+0x17b/0x1d0 [ 80.266171][ T5476] __x64_sys_sendmsg+0xd4/0x160 [ 80.266196][ T5476] x64_sys_call+0x2999/0x2fb0 [ 80.266332][ T5476] do_syscall_64+0xd0/0x1a0 [ 80.266360][ T5476] ? clear_bhb_loop+0x25/0x80 [ 80.266457][ T5476] ? clear_bhb_loop+0x25/0x80 [ 80.266481][ T5476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.266507][ T5476] RIP: 0033:0x7f90bc28e969 [ 80.266527][ T5476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.266610][ T5476] RSP: 002b:00007f90ba8f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 80.266634][ T5476] RAX: ffffffffffffffda RBX: 00007f90bc4b5fa0 RCX: 00007f90bc28e969 [ 80.266648][ T5476] RDX: 0000000000000000 RSI: 0000200000001540 RDI: 0000000000000003 [ 80.266660][ T5476] RBP: 00007f90ba8f7090 R08: 0000000000000000 R09: 0000000000000000 [ 80.266672][ T5476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 80.266688][ T5476] R13: 0000000000000000 R14: 00007f90bc4b5fa0 R15: 00007ffd1d7eb078 [ 80.266714][ T5476] [ 80.290797][ T5467] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.496932][ T5489] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 80.540973][ T5494] netlink: 28 bytes leftover after parsing attributes in process `syz.3.650'. [ 80.550733][ T5494] netlink: 28 bytes leftover after parsing attributes in process `syz.3.650'. [ 80.574411][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.593191][ T5494] syz_tun: entered promiscuous mode [ 80.621230][ T5494] gretap0: entered promiscuous mode [ 80.724331][ T5499] loop3: detected capacity change from 0 to 512 [ 80.761902][ T5499] ext4: Unknown parameter 'permit_directio' [ 80.923416][ T5511] netlink: 'syz.3.658': attribute type 10 has an invalid length. [ 80.940682][ T5507] netlink: 28 bytes leftover after parsing attributes in process `syz.1.656'. [ 80.968773][ T5509] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1 [ 80.977766][ T5509] ref_ctr increment failed for inode: 0x284 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888119aba100 [ 81.008337][ T5516] FAULT_INJECTION: forcing a failure. [ 81.008337][ T5516] name failslab, interval 1, probability 0, space 0, times 0 [ 81.021295][ T5516] CPU: 1 UID: 0 PID: 5516 Comm: syz.3.659 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 81.021405][ T5516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 81.021421][ T5516] Call Trace: [ 81.021428][ T5516] [ 81.021436][ T5516] __dump_stack+0x1d/0x30 [ 81.021460][ T5516] dump_stack_lvl+0xe8/0x140 [ 81.021484][ T5516] dump_stack+0x15/0x1b [ 81.021536][ T5516] should_fail_ex+0x265/0x280 [ 81.021601][ T5516] ? __ipv6_dev_mc_inc+0x2b0/0x760 [ 81.021633][ T5516] should_failslab+0x8c/0xb0 [ 81.021667][ T5516] __kmalloc_cache_noprof+0x4c/0x320 [ 81.021694][ T5516] __ipv6_dev_mc_inc+0x2b0/0x760 [ 81.021770][ T5516] ipv6_dev_mc_inc+0x1f/0x30 [ 81.021798][ T5516] br_multicast_join_snoopers+0x125/0x190 [ 81.021869][ T5516] br_dev_open+0xa4/0xc0 [ 81.021890][ T5516] __dev_open+0x2d2/0x530 [ 81.021922][ T5516] ? __pfx_br_dev_change_rx_flags+0x10/0x10 [ 81.021946][ T5516] __dev_change_flags+0x163/0x400 [ 81.021982][ T5516] netif_change_flags+0x5a/0xd0 [ 81.022050][ T5516] dev_change_flags+0xce/0x180 [ 81.022083][ T5516] dev_ifsioc+0x44b/0xaa0 [ 81.022103][ T5516] ? __rcu_read_unlock+0x4f/0x70 [ 81.022131][ T5516] dev_ioctl+0x70a/0x960 [ 81.022224][ T5516] sock_do_ioctl+0x197/0x220 [ 81.022258][ T5516] sock_ioctl+0x41b/0x610 [ 81.022414][ T5516] ? __pfx_sock_ioctl+0x10/0x10 [ 81.022441][ T5516] __se_sys_ioctl+0xcb/0x140 [ 81.022469][ T5516] __x64_sys_ioctl+0x43/0x50 [ 81.022571][ T5516] x64_sys_call+0x19a8/0x2fb0 [ 81.022597][ T5516] do_syscall_64+0xd0/0x1a0 [ 81.022647][ T5516] ? clear_bhb_loop+0x25/0x80 [ 81.022674][ T5516] ? clear_bhb_loop+0x25/0x80 [ 81.022701][ T5516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.022783][ T5516] RIP: 0033:0x7f90bc28e969 [ 81.022802][ T5516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.022841][ T5516] RSP: 002b:00007f90ba8f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 81.022866][ T5516] RAX: ffffffffffffffda RBX: 00007f90bc4b5fa0 RCX: 00007f90bc28e969 [ 81.022882][ T5516] RDX: 0000200000000080 RSI: 0000000000008914 RDI: 0000000000000008 [ 81.022897][ T5516] RBP: 00007f90ba8f7090 R08: 0000000000000000 R09: 0000000000000000 [ 81.022911][ T5516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 81.022951][ T5516] R13: 0000000000000000 R14: 00007f90bc4b5fa0 R15: 00007ffd1d7eb078 [ 81.022976][ T5516] [ 81.023314][ T5516] syzkaller0: entered promiscuous mode [ 81.283519][ T5516] syzkaller0: entered allmulticast mode [ 81.318373][ T5526] SELinux: syz.1.662 (5526) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 81.354930][ T5526] loop1: detected capacity change from 0 to 512 [ 81.373976][ T5526] EXT4-fs: Ignoring removed nobh option [ 81.413836][ T5526] EXT4-fs error (device loop1): ext4_do_update_inode:5211: inode #16: comm syz.1.662: corrupted inode contents [ 81.430000][ T5526] EXT4-fs (loop1): Remounting filesystem read-only [ 81.437742][ T5526] EXT4-fs (loop1): 1 truncate cleaned up [ 81.454726][ T5535] loop3: detected capacity change from 0 to 1024 [ 81.463743][ T3990] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 81.474709][ T3990] __quota_error: 174 callbacks suppressed [ 81.474720][ T3990] Quota error (device loop1): write_blk: dquota write failed [ 81.488127][ T3990] Quota error (device loop1): remove_free_dqentry: Can't write block (5) with free entries [ 81.498311][ T3990] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 81.509088][ T3990] Quota error (device loop1): write_blk: dquota write failed [ 81.517029][ T3990] Quota error (device loop1): free_dqentry: Can't move quota data block (5) to free list [ 81.535727][ T5526] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.539490][ T5540] IPv6: NLM_F_CREATE should be specified when creating new route [ 81.550283][ T5535] EXT4-fs: Ignoring removed nomblk_io_submit option [ 81.563594][ T5526] ext4 filesystem being mounted at /142/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 81.577130][ T3990] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started [ 81.587638][ T3990] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 81.598127][ T3990] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 81.666246][ T5526] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.687553][ T5535] EXT4-fs: Mount option(s) incompatible with ext2 [ 81.730884][ T29] audit: type=1400 audit(1746791995.587:1183): avc: denied { ioctl } for pid=5542 comm="syz.2.668" path="/dev/uhid" dev="devtmpfs" ino=252 ioctlcmd=0x7202 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 81.753674][ T5544] vhci_hcd: invalid port number 23 [ 81.782551][ T29] audit: type=1400 audit(1746791995.637:1184): avc: denied { read write } for pid=5542 comm="syz.2.668" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 81.806421][ T29] audit: type=1400 audit(1746791995.637:1185): avc: denied { open } for pid=5542 comm="syz.2.668" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 82.091676][ T5556] loop1: detected capacity change from 0 to 512 [ 82.137101][ T5556] EXT4-fs (loop1): orphan cleanup on readonly fs [ 82.144232][ T5556] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.672: bg 0: block 248: padding at end of block bitmap is not set [ 82.164471][ T5556] Quota error (device loop1): write_blk: dquota write failed [ 82.171997][ T5556] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.672: Failed to acquire dquot type 1 [ 82.189534][ T5556] EXT4-fs (loop1): 1 truncate cleaned up [ 82.203137][ T5556] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 82.231414][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.289262][ T5565] netlink: 4 bytes leftover after parsing attributes in process `syz.2.674'. [ 82.301442][ T5565] macvtap1: entered promiscuous mode [ 82.306827][ T5565] gretap0: entered promiscuous mode [ 82.312241][ T5565] macvtap1: entered allmulticast mode [ 82.317751][ T5565] gretap0: entered allmulticast mode [ 82.563420][ T5580] SELinux: syz.0.681 (5580) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 82.606981][ T5580] loop0: detected capacity change from 0 to 512 [ 82.613641][ T5580] EXT4-fs: Ignoring removed nobh option [ 82.663598][ T5580] EXT4-fs error (device loop0): ext4_do_update_inode:5211: inode #16: comm syz.0.681: corrupted inode contents [ 82.663773][ T5585] loop3: detected capacity change from 0 to 2048 [ 82.689024][ T5580] EXT4-fs (loop0): Remounting filesystem read-only [ 82.699907][ T5580] EXT4-fs (loop0): 1 truncate cleaned up [ 82.706266][ T5580] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.719891][ T5580] ext4 filesystem being mounted at /122/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.721487][ T4017] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 82.741156][ T4017] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 82.766731][ T5580] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.800201][ T5589] loop1: detected capacity change from 0 to 512 [ 82.810323][ T5585] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.823255][ T5589] ext4: Unknown parameter 'permit_directio' [ 82.829304][ T4017] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 82.907248][ T5595] loop1: detected capacity change from 0 to 512 [ 82.928895][ T5595] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.944669][ T5600] netlink: 'syz.4.687': attribute type 11 has an invalid length. [ 82.972885][ T5595] ext4 filesystem being mounted at /149/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.993567][ T5603] netlink: 3 bytes leftover after parsing attributes in process `syz.0.688'. [ 83.007910][ T5597] netlink: 8 bytes leftover after parsing attributes in process `syz.3.682'. [ 83.024125][ T5603] 0ªX¹¦À: renamed from caif0 [ 83.035127][ T5603] 0ªX¹¦À: entered allmulticast mode [ 83.040532][ T5603] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 83.159263][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.238326][ T5611] loop1: detected capacity change from 0 to 1024 [ 83.251414][ T5611] EXT4-fs: Ignoring removed nomblk_io_submit option [ 83.266111][ T5611] EXT4-fs: Mount option(s) incompatible with ext2 [ 83.620303][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.710751][ T5634] FAULT_INJECTION: forcing a failure. [ 83.710751][ T5634] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 83.724011][ T5634] CPU: 1 UID: 0 PID: 5634 Comm: syz.0.701 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 83.724052][ T5634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 83.724079][ T5634] Call Trace: [ 83.724086][ T5634] [ 83.724094][ T5634] __dump_stack+0x1d/0x30 [ 83.724116][ T5634] dump_stack_lvl+0xe8/0x140 [ 83.724139][ T5634] dump_stack+0x15/0x1b [ 83.724159][ T5634] should_fail_ex+0x265/0x280 [ 83.724242][ T5634] should_fail+0xb/0x20 [ 83.724274][ T5634] should_fail_usercopy+0x1a/0x20 [ 83.724291][ T5634] _copy_from_user+0x1c/0xb0 [ 83.724366][ T5634] ___sys_sendmsg+0xc1/0x1d0 [ 83.724401][ T5634] __x64_sys_sendmsg+0xd4/0x160 [ 83.724429][ T5634] x64_sys_call+0x2999/0x2fb0 [ 83.724483][ T5631] dvmrp0: entered allmulticast mode [ 83.724501][ T5634] do_syscall_64+0xd0/0x1a0 [ 83.724527][ T5634] ? clear_bhb_loop+0x25/0x80 [ 83.724607][ T5634] ? clear_bhb_loop+0x25/0x80 [ 83.724656][ T5634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.724684][ T5634] RIP: 0033:0x7f063213e969 [ 83.724746][ T5634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.724768][ T5634] RSP: 002b:00007f06307a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.724792][ T5634] RAX: ffffffffffffffda RBX: 00007f0632365fa0 RCX: 00007f063213e969 [ 83.724809][ T5634] RDX: 0000000020004000 RSI: 0000200000000040 RDI: 0000000000000005 [ 83.724824][ T5634] RBP: 00007f06307a7090 R08: 0000000000000000 R09: 0000000000000000 [ 83.724840][ T5634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 83.724855][ T5634] R13: 0000000000000000 R14: 00007f0632365fa0 R15: 00007ffed72ddea8 [ 83.724944][ T5634] [ 83.905298][ T5631] dvmrp0: left allmulticast mode [ 84.023978][ T5647] netlink: 4 bytes leftover after parsing attributes in process `syz.1.705'. [ 84.090386][ T5651] loop0: detected capacity change from 0 to 2048 [ 84.120697][ T5651] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.142859][ T5662] FAULT_INJECTION: forcing a failure. [ 84.142859][ T5662] name failslab, interval 1, probability 0, space 0, times 0 [ 84.155680][ T5662] CPU: 0 UID: 0 PID: 5662 Comm: gtp Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 84.155710][ T5662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 84.155723][ T5662] Call Trace: [ 84.155731][ T5662] [ 84.155741][ T5662] __dump_stack+0x1d/0x30 [ 84.155771][ T5662] dump_stack_lvl+0xe8/0x140 [ 84.155863][ T5662] dump_stack+0x15/0x1b [ 84.155879][ T5662] should_fail_ex+0x265/0x280 [ 84.155912][ T5662] should_failslab+0x8c/0xb0 [ 84.155945][ T5662] __kvmalloc_node_noprof+0x126/0x4d0 [ 84.156017][ T5662] ? vmemdup_user+0x26/0xd0 [ 84.156045][ T5662] ? should_fail_usercopy+0x1a/0x20 [ 84.156066][ T5662] vmemdup_user+0x26/0xd0 [ 84.156083][ T5662] path_setxattrat+0x1b6/0x310 [ 84.156190][ T5662] __x64_sys_fsetxattr+0x6b/0x80 [ 84.156302][ T5662] x64_sys_call+0x2f7c/0x2fb0 [ 84.156328][ T5662] do_syscall_64+0xd0/0x1a0 [ 84.156354][ T5662] ? clear_bhb_loop+0x25/0x80 [ 84.156385][ T5662] ? clear_bhb_loop+0x25/0x80 [ 84.156416][ T5662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.156461][ T5662] RIP: 0033:0x7f061befe969 [ 84.156476][ T5662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.156493][ T5662] RSP: 002b:00007f061a567038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be [ 84.156527][ T5662] RAX: ffffffffffffffda RBX: 00007f061c125fa0 RCX: 00007f061befe969 [ 84.156554][ T5662] RDX: 0000200000000040 RSI: 0000200000000140 RDI: 0000000000000004 [ 84.156566][ T5662] RBP: 00007f061a567090 R08: 0000000000000000 R09: 0000000000000000 [ 84.156580][ T5662] R10: 0000000000000024 R11: 0000000000000246 R12: 0000000000000001 [ 84.156594][ T5662] R13: 0000000000000000 R14: 00007f061c125fa0 R15: 00007ffc971d5dd8 [ 84.156614][ T5662] [ 84.348623][ T5663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.706'. [ 84.529205][ T5674] netlink: 4 bytes leftover after parsing attributes in process `syz.1.715'. [ 84.620627][ T5674] bond0: (slave bond_slave_0): Releasing backup interface [ 84.705570][ T5682] netlink: 'syz.1.718': attribute type 10 has an invalid length. [ 84.961157][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.971589][ T5699] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65511 sclass=netlink_route_socket pid=5699 comm=syz.1.722 [ 85.382262][ T5711] netlink: 35 bytes leftover after parsing attributes in process `syz.2.729'. [ 85.391358][ T5711] netlink: 8 bytes leftover after parsing attributes in process `syz.2.729'. [ 85.417518][ T5713] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 85.442355][ T5713] loop3: detected capacity change from 0 to 164 [ 85.450898][ T5713] Unable to read rock-ridge attributes [ 85.482679][ T5720] FAULT_INJECTION: forcing a failure. [ 85.482679][ T5720] name failslab, interval 1, probability 0, space 0, times 0 [ 85.495691][ T5720] CPU: 1 UID: 0 PID: 5720 Comm: syz.1.733 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 85.495721][ T5720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 85.495797][ T5720] Call Trace: [ 85.495805][ T5720] [ 85.495814][ T5720] __dump_stack+0x1d/0x30 [ 85.495834][ T5720] dump_stack_lvl+0xe8/0x140 [ 85.495871][ T5720] dump_stack+0x15/0x1b [ 85.495890][ T5720] should_fail_ex+0x265/0x280 [ 85.495938][ T5720] should_failslab+0x8c/0xb0 [ 85.496014][ T5720] kmem_cache_alloc_noprof+0x50/0x310 [ 85.496100][ T5720] ? getname_flags+0x80/0x3b0 [ 85.496143][ T5720] getname_flags+0x80/0x3b0 [ 85.496180][ T5720] user_path_at+0x28/0x130 [ 85.496204][ T5720] do_fchownat+0xb0/0x210 [ 85.496341][ T5720] __x64_sys_chown+0x47/0x60 [ 85.496377][ T5720] x64_sys_call+0x800/0x2fb0 [ 85.496402][ T5720] do_syscall_64+0xd0/0x1a0 [ 85.496465][ T5720] ? clear_bhb_loop+0x25/0x80 [ 85.496490][ T5720] ? clear_bhb_loop+0x25/0x80 [ 85.496526][ T5720] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.496561][ T5720] RIP: 0033:0x7f42cb80e969 [ 85.496605][ T5720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.496621][ T5720] RSP: 002b:00007f42c9e77038 EFLAGS: 00000246 ORIG_RAX: 000000000000005c [ 85.496640][ T5720] RAX: ffffffffffffffda RBX: 00007f42cba35fa0 RCX: 00007f42cb80e969 [ 85.496656][ T5720] RDX: ffffffffffffffff RSI: 000000000000ee01 RDI: 0000200000000280 [ 85.496672][ T5720] RBP: 00007f42c9e77090 R08: 0000000000000000 R09: 0000000000000000 [ 85.496693][ T5720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 85.496770][ T5720] R13: 0000000000000000 R14: 00007f42cba35fa0 R15: 00007fff973d4658 [ 85.496798][ T5720] [ 85.660974][ T5721] netlink: 14601 bytes leftover after parsing attributes in process `syz.3.730'. [ 85.669114][ T5718] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.732'. [ 85.696518][ T5718] netlink: zone id is out of range [ 85.696539][ T5718] netlink: zone id is out of range [ 85.696547][ T5718] netlink: zone id is out of range [ 85.696558][ T5718] netlink: zone id is out of range [ 85.696567][ T5718] netlink: zone id is out of range [ 85.696575][ T5718] netlink: zone id is out of range [ 85.696592][ T5718] netlink: zone id is out of range [ 85.696603][ T5718] netlink: zone id is out of range [ 85.696608][ T5718] netlink: zone id is out of range [ 85.786165][ T5713] Unable to read rock-ridge attributes [ 85.820611][ T5724] SELinux: syz.1.735 (5724) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 85.890505][ T5724] loop1: detected capacity change from 0 to 512 [ 85.919094][ T5724] EXT4-fs: Ignoring removed nobh option [ 85.946069][ T5730] loop0: detected capacity change from 0 to 2048 [ 85.967783][ T5724] EXT4-fs error (device loop1): ext4_do_update_inode:5211: inode #16: comm syz.1.735: corrupted inode contents [ 86.040155][ T5724] EXT4-fs (loop1): Remounting filesystem read-only [ 86.048604][ T5730] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.077764][ T5724] EXT4-fs (loop1): 1 truncate cleaned up [ 86.096006][ T4007] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 86.107010][ T4007] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 86.119562][ T5724] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.145581][ T5740] netlink: 8 bytes leftover after parsing attributes in process `syz.0.737'. [ 86.157341][ T5724] ext4 filesystem being mounted at /165/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 86.166011][ T4007] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started [ 86.225393][ T5724] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.292903][ T5744] vhci_hcd: default hub control req: 800f v0000 i0000 l31125 [ 86.337294][ T5746] netlink: 35 bytes leftover after parsing attributes in process `syz.1.742'. [ 86.346496][ T5746] netlink: 8 bytes leftover after parsing attributes in process `syz.1.742'. [ 86.360885][ T5744] infiniband srz1: RDMA CMA: cma_listen_on_dev, error -98 [ 86.434316][ T5748] netlink: 24 bytes leftover after parsing attributes in process `syz.1.743'. [ 86.521319][ T3391] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 86.535472][ T3391] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 86.584342][ T5752] fido_id[5752]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 86.628462][ T5754] syz.1.745 uses obsolete (PF_INET,SOCK_PACKET) [ 86.767959][ T29] kauditd_printk_skb: 164 callbacks suppressed [ 86.767979][ T29] audit: type=1400 audit(1746792000.627:1337): avc: denied { read write } for pid=5759 comm="syz.1.748" name="rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 86.811015][ T5758] loop2: detected capacity change from 0 to 2048 [ 86.819934][ T29] audit: type=1400 audit(1746792000.627:1338): avc: denied { open } for pid=5759 comm="syz.1.748" path="/dev/rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 86.844143][ T29] audit: type=1400 audit(1746792000.667:1339): avc: denied { ioctl } for pid=5759 comm="syz.1.748" path="/dev/rtc0" dev="devtmpfs" ino=244 ioctlcmd=0x700a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 86.871537][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.899007][ T5758] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.972462][ T5769] loop0: detected capacity change from 0 to 1024 [ 86.980408][ T5769] EXT4-fs: Ignoring removed nomblk_io_submit option [ 86.989082][ T5769] EXT4-fs: Mount option(s) incompatible with ext2 [ 86.995834][ T5771] loop3: detected capacity change from 0 to 128 [ 87.013769][ T29] audit: type=1400 audit(1746792000.857:1340): avc: denied { mounton } for pid=5770 comm="syz.3.751" path="/syzcgroup/unified/syz3/file1" dev="cgroup2" ino=177 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 87.032186][ T5773] SELinux: syz.4.753 (5773) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 87.060535][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.076546][ T29] audit: type=1400 audit(1746792000.927:1341): avc: denied { bind } for pid=5775 comm="syz.3.755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 87.101089][ T5773] loop4: detected capacity change from 0 to 512 [ 87.119174][ T5773] EXT4-fs: Ignoring removed nobh option [ 87.136824][ T5776] netlink: 64 bytes leftover after parsing attributes in process `syz.3.755'. [ 87.163487][ T5773] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #16: comm syz.4.753: corrupted inode contents [ 87.197452][ T5773] EXT4-fs (loop4): Remounting filesystem read-only [ 87.204174][ T5784] loop3: detected capacity change from 0 to 4096 [ 87.204256][ T5773] EXT4-fs (loop4): 1 truncate cleaned up [ 87.219411][ T3990] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 87.230292][ T3990] Quota error (device loop4): write_blk: dquota write failed [ 87.237965][ T3990] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries [ 87.248307][ T3990] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 87.259166][ T3990] Quota error (device loop4): write_blk: dquota write failed [ 87.266780][ T3990] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list [ 87.283636][ T5773] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.297716][ T5773] ext4 filesystem being mounted at /140/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 87.309564][ T5773] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.320173][ T3990] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 87.330598][ T3990] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 87.356251][ T5789] binfmt_misc: register: failed to install interpreter file ./file2 [ 87.417158][ T5789] netlink: 16 bytes leftover after parsing attributes in process `syz.0.758'. [ 87.451358][ T5792] loop4: detected capacity change from 0 to 2048 [ 87.659388][ T5805] loop3: detected capacity change from 0 to 1024 [ 87.974109][ T5824] IPVS: set_ctl: invalid protocol: 137 224.0.0.2:20000 [ 88.578983][ T5859] bridge0: entered promiscuous mode [ 88.584516][ T5859] macvlan2: entered promiscuous mode [ 88.594082][ T5859] bridge0: port 3(macvlan2) entered blocking state [ 88.600702][ T5859] bridge0: port 3(macvlan2) entered disabled state [ 88.607678][ T5859] macvlan2: entered allmulticast mode [ 88.613234][ T5859] bridge0: entered allmulticast mode [ 88.695001][ T5859] macvlan2: left allmulticast mode [ 88.700289][ T5859] bridge0: left allmulticast mode [ 88.706136][ T5859] bridge0: left promiscuous mode [ 89.054829][ T5864] loop1: detected capacity change from 0 to 2048 [ 89.158038][ T5869] netlink: 'syz.0.789': attribute type 10 has an invalid length. [ 89.278765][ T5874] loop0: detected capacity change from 0 to 2048 [ 89.317034][ T3306] loop0: p1 < > p3 [ 89.325034][ T3306] loop0: p3 size 134217728 extends beyond EOD, truncated [ 89.365484][ T5874] loop0: p1 < > p3 [ 89.372466][ T5874] loop0: p3 size 134217728 extends beyond EOD, truncated [ 89.451775][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 89.457579][ T4315] udevd[4315]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 89.478233][ T5888] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 89.558768][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 89.571461][ T5892] loop4: detected capacity change from 0 to 4096 [ 89.592381][ T4315] udevd[4315]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 89.809538][ T5898] netlink: 'syz.3.801': attribute type 10 has an invalid length. [ 90.670847][ T5910] net_ratelimit: 1 callbacks suppressed [ 90.670862][ T5910] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 90.692741][ T23] IPVS: starting estimator thread 0... [ 90.788329][ T5915] IPVS: using max 2496 ests per chain, 124800 per kthread [ 91.282328][ T5927] loop1: detected capacity change from 0 to 2048 [ 91.430213][ T5933] loop3: detected capacity change from 0 to 2048 [ 91.549266][ T5941] FAULT_INJECTION: forcing a failure. [ 91.549266][ T5941] name failslab, interval 1, probability 0, space 0, times 0 [ 91.561991][ T5941] CPU: 1 UID: 0 PID: 5941 Comm: syz.1.817 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 91.562023][ T5941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 91.562039][ T5941] Call Trace: [ 91.562046][ T5941] [ 91.562056][ T5941] __dump_stack+0x1d/0x30 [ 91.562099][ T5941] dump_stack_lvl+0xe8/0x140 [ 91.562123][ T5941] dump_stack+0x15/0x1b [ 91.562143][ T5941] should_fail_ex+0x265/0x280 [ 91.562191][ T5941] ? alloc_pipe_info+0xae/0x350 [ 91.562242][ T5941] should_failslab+0x8c/0xb0 [ 91.562292][ T5941] __kmalloc_cache_noprof+0x4c/0x320 [ 91.562335][ T5941] alloc_pipe_info+0xae/0x350 [ 91.562367][ T5941] splice_direct_to_actor+0x592/0x680 [ 91.562392][ T5941] ? kstrtouint_from_user+0x9f/0xf0 [ 91.562439][ T5941] ? __pfx_direct_splice_actor+0x10/0x10 [ 91.562462][ T5941] ? __rcu_read_unlock+0x4f/0x70 [ 91.562515][ T5941] ? get_pid_task+0x96/0xd0 [ 91.562540][ T5941] ? avc_policy_seqno+0x15/0x30 [ 91.562573][ T5941] do_splice_direct+0xda/0x150 [ 91.562614][ T5941] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 91.562648][ T5941] do_sendfile+0x380/0x640 [ 91.562692][ T5941] __x64_sys_sendfile64+0x105/0x150 [ 91.562729][ T5941] x64_sys_call+0xb39/0x2fb0 [ 91.562812][ T5941] do_syscall_64+0xd0/0x1a0 [ 91.562840][ T5941] ? clear_bhb_loop+0x25/0x80 [ 91.562861][ T5941] ? clear_bhb_loop+0x25/0x80 [ 91.562902][ T5941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.562928][ T5941] RIP: 0033:0x7f42cb80e969 [ 91.562946][ T5941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.563039][ T5941] RSP: 002b:00007f42c9e77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 91.563099][ T5941] RAX: ffffffffffffffda RBX: 00007f42cba35fa0 RCX: 00007f42cb80e969 [ 91.563115][ T5941] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006 [ 91.563133][ T5941] RBP: 00007f42c9e77090 R08: 0000000000000000 R09: 0000000000000000 [ 91.563148][ T5941] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001 [ 91.563160][ T5941] R13: 0000000000000000 R14: 00007f42cba35fa0 R15: 00007fff973d4658 [ 91.563318][ T5941] [ 91.799626][ T5948] __nla_validate_parse: 13 callbacks suppressed [ 91.799645][ T5948] netlink: 8 bytes leftover after parsing attributes in process `syz.3.813'. [ 91.815979][ T29] kauditd_printk_skb: 34 callbacks suppressed [ 91.815992][ T29] audit: type=1326 audit(1746792005.647:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5944 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fda0457e969 code=0x7ffc0000 [ 91.845673][ T29] audit: type=1326 audit(1746792005.647:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5944 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda0457e969 code=0x7ffc0000 [ 91.869205][ T29] audit: type=1326 audit(1746792005.647:1375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5944 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda0457e969 code=0x7ffc0000 [ 91.892775][ T29] audit: type=1326 audit(1746792005.647:1376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5944 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fda0457e969 code=0x7ffc0000 [ 91.916364][ T29] audit: type=1326 audit(1746792005.647:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5944 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda0457e969 code=0x7ffc0000 [ 92.000056][ T5956] loop1: detected capacity change from 0 to 512 [ 92.021147][ T29] audit: type=1400 audit(1746792005.877:1378): avc: denied { mounton } for pid=5953 comm="syz.0.822" path="/153/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 92.045929][ T29] audit: type=1400 audit(1746792005.907:1379): avc: denied { mount } for pid=5953 comm="syz.0.822" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 92.068402][ T29] audit: type=1400 audit(1746792005.907:1380): avc: denied { unmount } for pid=5953 comm="syz.0.822" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 92.088708][ T29] audit: type=1400 audit(1746792005.907:1381): avc: denied { mount } for pid=5953 comm="syz.0.822" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 92.114539][ T5959] loop0: detected capacity change from 0 to 512 [ 92.121562][ T5959] EXT4-fs: dax option not supported [ 92.132940][ T29] audit: type=1400 audit(1746792005.977:1382): avc: denied { ioctl } for pid=5953 comm="syz.0.822" path="time:[4026531834]" dev="nsfs" ino=4026531834 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 92.171409][ T5956] EXT4-fs (loop1): orphan cleanup on readonly fs [ 92.187076][ T5956] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.821: bg 0: block 248: padding at end of block bitmap is not set [ 92.234527][ T5956] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.821: Failed to acquire dquot type 1 [ 92.263191][ T5964] loop0: detected capacity change from 0 to 1024 [ 92.276303][ T5956] EXT4-fs (loop1): 1 truncate cleaned up [ 92.289340][ T5966] loop3: detected capacity change from 0 to 2048 [ 92.307500][ T5964] ext4 filesystem being mounted at /154/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.331985][ T5964] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.823: bg 0: block 393: padding at end of block bitmap is not set [ 92.497917][ T5979] netlink: 8 bytes leftover after parsing attributes in process `syz.3.825'. [ 92.711291][ T5984] loop1: detected capacity change from 0 to 8192 [ 92.846617][ T5988] netlink: 4 bytes leftover after parsing attributes in process `syz.2.832'. [ 93.167729][ T5997] netlink: 35 bytes leftover after parsing attributes in process `syz.2.836'. [ 93.176681][ T5997] netlink: 8 bytes leftover after parsing attributes in process `syz.2.836'. [ 93.293081][ T6010] SELinux: syz.0.841 (6010) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 93.311234][ T6004] bond1: entered promiscuous mode [ 93.316417][ T6004] bond1: entered allmulticast mode [ 93.346332][ T6004] 8021q: adding VLAN 0 to HW filter on device bond1 [ 93.381897][ T6004] bond1 (unregistering): Released all slaves [ 93.400521][ T6013] loop0: detected capacity change from 0 to 512 [ 93.408884][ T6013] EXT4-fs: Ignoring removed nobh option [ 93.451925][ T6013] EXT4-fs error (device loop0): ext4_do_update_inode:5211: inode #16: comm syz.0.841: corrupted inode contents [ 93.470520][ T6013] EXT4-fs (loop0): Remounting filesystem read-only [ 93.482782][ T6013] EXT4-fs (loop0): 1 truncate cleaned up [ 93.503235][ T3990] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 93.513868][ T3990] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 93.536468][ T6013] ext4 filesystem being mounted at /156/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.599803][ T3990] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 93.634721][ T6021] 9pnet: p9_errstr2errno: server reported unknown error [ 93.724948][ T6028] loop2: detected capacity change from 0 to 2048 [ 93.731834][ T6032] netlink: 35 bytes leftover after parsing attributes in process `syz.4.849'. [ 93.740793][ T6032] netlink: 8 bytes leftover after parsing attributes in process `syz.4.849'. [ 93.918149][ T6048] netlink: 8 bytes leftover after parsing attributes in process `syz.2.848'. [ 94.029326][ T6053] loop1: detected capacity change from 0 to 512 [ 94.045295][ T6053] EXT4-fs (loop1): orphan cleanup on readonly fs [ 94.054446][ T6053] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.855: bg 0: block 248: padding at end of block bitmap is not set [ 94.082954][ T6053] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.855: Failed to acquire dquot type 1 [ 94.114128][ T6053] EXT4-fs (loop1): 1 truncate cleaned up [ 94.546073][ T6064] 9pnet: p9_errstr2errno: server reported unknown error [ 94.690045][ T6072] netlink: 35 bytes leftover after parsing attributes in process `syz.1.863'. [ 94.699117][ T6072] netlink: 8 bytes leftover after parsing attributes in process `syz.1.863'. [ 94.726218][ T6075] loop0: detected capacity change from 0 to 128 [ 94.763190][ T6075] ext4 filesystem being mounted at /160/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.878929][ T6078] can0: slcan on ttyS3. [ 95.053870][ T6095] loop1: detected capacity change from 0 to 2048 [ 95.536328][ T6069] can0 (unregistered): slcan off ttyS3. [ 95.690089][ T6115] loop2: detected capacity change from 0 to 2048 [ 95.729208][ T6121] FAULT_INJECTION: forcing a failure. [ 95.729208][ T6121] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 95.742380][ T6121] CPU: 1 UID: 0 PID: 6121 Comm: syz.0.880 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 95.742409][ T6121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 95.742425][ T6121] Call Trace: [ 95.742433][ T6121] [ 95.742487][ T6121] __dump_stack+0x1d/0x30 [ 95.742513][ T6121] dump_stack_lvl+0xe8/0x140 [ 95.742537][ T6121] dump_stack+0x15/0x1b [ 95.742556][ T6121] should_fail_ex+0x265/0x280 [ 95.742665][ T6121] should_fail+0xb/0x20 [ 95.742702][ T6121] should_fail_usercopy+0x1a/0x20 [ 95.742725][ T6121] _copy_to_user+0x20/0xa0 [ 95.742754][ T6121] simple_read_from_buffer+0xb5/0x130 [ 95.742785][ T6121] proc_fail_nth_read+0x100/0x140 [ 95.742893][ T6121] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 95.742973][ T6121] vfs_read+0x19d/0x6f0 [ 95.743004][ T6121] ? __rcu_read_unlock+0x4f/0x70 [ 95.743029][ T6121] ? __fget_files+0x184/0x1c0 [ 95.743088][ T6121] ksys_read+0xda/0x1a0 [ 95.743181][ T6121] __x64_sys_read+0x40/0x50 [ 95.743278][ T6121] x64_sys_call+0x2d77/0x2fb0 [ 95.743306][ T6121] do_syscall_64+0xd0/0x1a0 [ 95.743334][ T6121] ? clear_bhb_loop+0x25/0x80 [ 95.743384][ T6121] ? clear_bhb_loop+0x25/0x80 [ 95.743412][ T6121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.743437][ T6121] RIP: 0033:0x7f063213d37c [ 95.743456][ T6121] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 95.743479][ T6121] RSP: 002b:00007f06307a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 95.743531][ T6121] RAX: ffffffffffffffda RBX: 00007f0632365fa0 RCX: 00007f063213d37c [ 95.743548][ T6121] RDX: 000000000000000f RSI: 00007f06307a70a0 RDI: 0000000000000007 [ 95.743563][ T6121] RBP: 00007f06307a7090 R08: 0000000000000000 R09: 0000000000000000 [ 95.743631][ T6121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 95.743646][ T6121] R13: 0000000000000000 R14: 00007f0632365fa0 R15: 00007ffed72ddea8 [ 95.743671][ T6121] [ 96.319779][ T6141] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 32 [ 96.336197][ T6141] 9pnet_fd: Insufficient options for proto=fd [ 96.347778][ T6141] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 96.698131][ T6151] FAULT_INJECTION: forcing a failure. [ 96.698131][ T6151] name failslab, interval 1, probability 0, space 0, times 0 [ 96.710903][ T6151] CPU: 0 UID: 0 PID: 6151 Comm: syz.0.892 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 96.710939][ T6151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 96.710956][ T6151] Call Trace: [ 96.710965][ T6151] [ 96.711050][ T6151] __dump_stack+0x1d/0x30 [ 96.711073][ T6151] dump_stack_lvl+0xe8/0x140 [ 96.711093][ T6151] dump_stack+0x15/0x1b [ 96.711114][ T6151] should_fail_ex+0x265/0x280 [ 96.711205][ T6151] ? alloc_fdtable+0x74/0x1b0 [ 96.711235][ T6151] should_failslab+0x8c/0xb0 [ 96.711271][ T6151] __kmalloc_cache_noprof+0x4c/0x320 [ 96.711297][ T6151] alloc_fdtable+0x74/0x1b0 [ 96.711360][ T6151] dup_fd+0x4c7/0x540 [ 96.711471][ T6151] copy_files+0x98/0xf0 [ 96.711503][ T6151] copy_process+0xc44/0x1f90 [ 96.711622][ T6151] kernel_clone+0x16c/0x5b0 [ 96.711655][ T6151] ? vfs_write+0x75e/0x8d0 [ 96.711696][ T6151] __x64_sys_clone+0xe6/0x120 [ 96.711762][ T6151] x64_sys_call+0x2c59/0x2fb0 [ 96.711788][ T6151] do_syscall_64+0xd0/0x1a0 [ 96.711814][ T6151] ? clear_bhb_loop+0x25/0x80 [ 96.711842][ T6151] ? clear_bhb_loop+0x25/0x80 [ 96.711925][ T6151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.712005][ T6151] RIP: 0033:0x7f063213e969 [ 96.712094][ T6151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.712112][ T6151] RSP: 002b:00007f06307a6fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 96.712130][ T6151] RAX: ffffffffffffffda RBX: 00007f0632365fa0 RCX: 00007f063213e969 [ 96.712142][ T6151] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000640c7000 [ 96.712153][ T6151] RBP: 00007f06307a7090 R08: 0000000000000000 R09: 0000000000000000 [ 96.712165][ T6151] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 96.712179][ T6151] R13: 0000000000000000 R14: 00007f0632365fa0 R15: 00007ffed72ddea8 [ 96.712254][ T6151] [ 96.924071][ T6156] FAULT_INJECTION: forcing a failure. [ 96.924071][ T6156] name failslab, interval 1, probability 0, space 0, times 0 [ 96.936801][ T6156] CPU: 1 UID: 0 PID: 6156 Comm: syz.2.894 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 96.936841][ T6156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 96.936863][ T6156] Call Trace: [ 96.936871][ T6156] [ 96.936880][ T6156] __dump_stack+0x1d/0x30 [ 96.936912][ T6156] dump_stack_lvl+0xe8/0x140 [ 96.936939][ T6156] dump_stack+0x15/0x1b [ 96.936962][ T6156] should_fail_ex+0x265/0x280 [ 96.937006][ T6156] should_failslab+0x8c/0xb0 [ 96.937058][ T6156] kmem_cache_alloc_noprof+0x50/0x310 [ 96.937105][ T6156] ? getname_flags+0x80/0x3b0 [ 96.937213][ T6156] getname_flags+0x80/0x3b0 [ 96.937250][ T6156] user_path_create+0x27/0x130 [ 96.937279][ T6156] bpf_obj_pin_user+0xe0/0x230 [ 96.937317][ T6156] bpf_obj_pin+0xac/0xd0 [ 96.937369][ T6156] __sys_bpf+0x6a7/0x790 [ 96.937419][ T6156] __x64_sys_bpf+0x41/0x50 [ 96.937454][ T6156] x64_sys_call+0x2478/0x2fb0 [ 96.937484][ T6156] do_syscall_64+0xd0/0x1a0 [ 96.937581][ T6156] ? clear_bhb_loop+0x25/0x80 [ 96.937610][ T6156] ? clear_bhb_loop+0x25/0x80 [ 96.937642][ T6156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.937675][ T6156] RIP: 0033:0x7fda0457e969 [ 96.937691][ T6156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.937710][ T6156] RSP: 002b:00007fda02be7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 96.937731][ T6156] RAX: ffffffffffffffda RBX: 00007fda047a5fa0 RCX: 00007fda0457e969 [ 96.937749][ T6156] RDX: 0000000000000018 RSI: 00002000000000c0 RDI: 0000000000000006 [ 96.937767][ T6156] RBP: 00007fda02be7090 R08: 0000000000000000 R09: 0000000000000000 [ 96.937858][ T6156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 96.937870][ T6156] R13: 0000000000000000 R14: 00007fda047a5fa0 R15: 00007ffea5f182e8 [ 96.937893][ T6156] [ 97.322311][ T29] kauditd_printk_skb: 73 callbacks suppressed [ 97.322328][ T29] audit: type=1404 audit(1746792011.177:1445): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1 [ 97.343819][ T29] audit: type=1404 audit(1746792011.177:1446): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1 [ 97.427341][ T29] audit: type=1400 audit(1746792011.277:1447): avc: denied { map_create } for pid=6172 comm="syz.1.902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 97.446489][ T29] audit: type=1400 audit(1746792011.277:1448): avc: denied { bpf } for pid=6172 comm="syz.1.902" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 97.467198][ T29] audit: type=1400 audit(1746792011.277:1449): avc: denied { map_read map_write } for pid=6172 comm="syz.1.902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 97.486965][ T29] audit: type=1400 audit(1746792011.277:1450): avc: denied { prog_load } for pid=6172 comm="syz.1.902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 97.505979][ T29] audit: type=1400 audit(1746792011.277:1451): avc: denied { perfmon } for pid=6172 comm="syz.1.902" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 97.526797][ T29] audit: type=1400 audit(1746792011.277:1452): avc: denied { prog_run } for pid=6172 comm="syz.1.902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 97.545894][ T29] audit: type=1400 audit(1746792011.277:1453): avc: denied { name_bind } for pid=6172 comm="syz.1.902" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 97.567498][ T29] audit: type=1400 audit(1746792011.277:1454): avc: denied { node_bind } for pid=6172 comm="syz.1.902" saddr=fc00:: src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 97.720822][ T6187] __nla_validate_parse: 2 callbacks suppressed [ 97.720837][ T6187] netlink: 4 bytes leftover after parsing attributes in process `syz.3.907'. [ 97.731213][ T6189] loop1: detected capacity change from 0 to 512 [ 97.792811][ T6189] EXT4-fs (loop1): orphan cleanup on readonly fs [ 97.800263][ T6189] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.906: bg 0: block 248: padding at end of block bitmap is not set [ 97.815193][ T6189] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.906: Failed to acquire dquot type 1 [ 97.827468][ T6189] EXT4-fs (loop1): 1 truncate cleaned up [ 97.879243][ T6200] FAULT_INJECTION: forcing a failure. [ 97.879243][ T6200] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 97.892422][ T6200] CPU: 1 UID: 0 PID: 6200 Comm: syz.3.908 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 97.892453][ T6200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 97.892491][ T6200] Call Trace: [ 97.892499][ T6200] [ 97.892509][ T6200] __dump_stack+0x1d/0x30 [ 97.892536][ T6200] dump_stack_lvl+0xe8/0x140 [ 97.892555][ T6200] dump_stack+0x15/0x1b [ 97.892570][ T6200] should_fail_ex+0x265/0x280 [ 97.892653][ T6200] should_fail+0xb/0x20 [ 97.892680][ T6200] should_fail_usercopy+0x1a/0x20 [ 97.892700][ T6200] _copy_from_user+0x1c/0xb0 [ 97.892726][ T6200] ___sys_sendmsg+0xc1/0x1d0 [ 97.892829][ T6200] __x64_sys_sendmsg+0xd4/0x160 [ 97.892925][ T6200] x64_sys_call+0x2999/0x2fb0 [ 97.892952][ T6200] do_syscall_64+0xd0/0x1a0 [ 97.892977][ T6200] ? clear_bhb_loop+0x25/0x80 [ 97.892997][ T6200] ? clear_bhb_loop+0x25/0x80 [ 97.893017][ T6200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.893116][ T6200] RIP: 0033:0x7f90bc28e969 [ 97.893134][ T6200] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.893154][ T6200] RSP: 002b:00007f90ba8b5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 97.893177][ T6200] RAX: ffffffffffffffda RBX: 00007f90bc4b6160 RCX: 00007f90bc28e969 [ 97.893193][ T6200] RDX: 0000000000000040 RSI: 0000200000000780 RDI: 0000000000000006 [ 97.893261][ T6200] RBP: 00007f90ba8b5090 R08: 0000000000000000 R09: 0000000000000000 [ 97.893276][ T6200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.893288][ T6200] R13: 0000000000000000 R14: 00007f90bc4b6160 R15: 00007ffd1d7eb078 [ 97.893307][ T6200] [ 98.184233][ T6209] netlink: 35 bytes leftover after parsing attributes in process `syz.0.913'. [ 98.193311][ T6209] netlink: 8 bytes leftover after parsing attributes in process `syz.0.913'. [ 98.345170][ T6219] SELinux: syz.4.918 (6219) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 98.420232][ T6220] loop4: detected capacity change from 0 to 512 [ 98.428154][ T6220] EXT4-fs: Ignoring removed nobh option [ 98.461572][ T6220] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #16: comm syz.4.918: corrupted inode contents [ 98.492302][ T6220] EXT4-fs (loop4): Remounting filesystem read-only [ 98.512171][ T6220] EXT4-fs (loop4): 1 truncate cleaned up [ 98.528258][ T6220] ext4 filesystem being mounted at /158/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.528387][ T3990] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 98.549442][ T3990] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 98.569421][ T3990] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 98.757946][ T6230] loop3: detected capacity change from 0 to 512 [ 98.780497][ T6230] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 98.830550][ T6230] EXT4-fs (loop3): 1 truncate cleaned up [ 98.879717][ T6244] netlink: 35 bytes leftover after parsing attributes in process `syz.1.927'. [ 98.888739][ T6244] netlink: 8 bytes leftover after parsing attributes in process `syz.1.927'. [ 98.908557][ T6245] loop4: detected capacity change from 0 to 2048 [ 98.924976][ T6234] ================================================================== [ 98.933113][ T6234] BUG: KCSAN: data-race in page_pool_put_unrefed_netmem / page_pool_release [ 98.941830][ T6234] [ 98.944167][ T6234] write to 0xffff888119551080 of 8 bytes by task 6233 on cpu 0: [ 98.951820][ T6234] page_pool_release+0x2fb/0x4a0 [ 98.956787][ T6234] page_pool_destroy+0x202/0x370 [ 98.961764][ T6234] bpf_test_run_xdp_live+0xf5d/0xfd0 [ 98.967087][ T6234] bpf_prog_test_run_xdp+0x4f5/0x8f0 [ 98.972662][ T6234] bpf_prog_test_run+0x207/0x390 [ 98.977621][ T6234] __sys_bpf+0x3dc/0x790 [ 98.981888][ T6234] __x64_sys_bpf+0x41/0x50 [ 98.986409][ T6234] x64_sys_call+0x2478/0x2fb0 [ 98.991109][ T6234] do_syscall_64+0xd0/0x1a0 [ 98.995623][ T6234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.001528][ T6234] [ 99.003856][ T6234] read to 0xffff888119551080 of 8 bytes by task 6234 on cpu 1: [ 99.011408][ T6234] page_pool_put_unrefed_netmem+0x398/0x540 [ 99.017329][ T6234] napi_pp_put_page+0xe3/0x200 [ 99.022114][ T6234] skb_release_data+0x5d3/0x620 [ 99.026990][ T6234] __kfree_skb+0x44/0x150 [ 99.031342][ T6234] sk_skb_reason_drop+0xbd/0x270 [ 99.036303][ T6234] udpv6_recvmsg+0x1d1/0xc30 [ 99.040922][ T6234] inet6_recvmsg+0x143/0x290 [ 99.045547][ T6234] sock_recvmsg+0x95/0x170 [ 99.049986][ T6234] ____sys_recvmsg+0xf5/0x280 [ 99.054678][ T6234] ___sys_recvmsg+0x11f/0x370 [ 99.059372][ T6234] do_recvmmsg+0x1ef/0x540 [ 99.063806][ T6234] __x64_sys_recvmmsg+0xe5/0x170 [ 99.068760][ T6234] x64_sys_call+0x1c6a/0x2fb0 [ 99.073468][ T6234] do_syscall_64+0xd0/0x1a0 [ 99.077986][ T6234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.083892][ T6234] [ 99.086221][ T6234] value changed: 0xffffea0004685b00 -> 0x0000000000000000 [ 99.093331][ T6234] [ 99.095657][ T6234] Reported by Kernel Concurrency Sanitizer on: [ 99.101815][ T6234] CPU: 1 UID: 0 PID: 6234 Comm: syz.2.922 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 99.114155][ T6234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 99.124314][ T6234] ==================================================================