last executing test programs: 2.557187214s ago: executing program 4 (id=4082): bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) io_pgetevents(0x0, 0x6, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4f0000006800e97800000000000000000a000000000000000400040014000600fc000000000000000000000000000001"], 0x30}}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$sock_timeval(r1, 0x1, 0x48, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000000130000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000010000008500000086000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='sched_switch\x00', r3}, 0x10) socket$inet(0x2, 0x3, 0x2) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4, 0x2}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xfffffffffffffffe}}}]}, {0x25}, {0xffffff06}, {0xc}}}]}]}, 0x8c}}, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x3804402, &(0x7f0000000240), 0x1, 0x55f, &(0x7f0000000c80)="$eJzs3d9rW+UbAPDnpO1+77sOxvgqIoVdOJlL19YfE7yYl6LDgd7PkmRlNFlGk461Dtwu3I03MgQRB+K1eu/l8B/wrxjoYMgoingTOelJl7VJm3XZmpnPB077vuec9D1Pznnevm9OQgIYWhPpj1zECxHxZRJxqG3baGQbJ1b3W3lwrZAuSTQaH/2RRJKta+2fZL/3Z5X/R8Qvn0ecyG1st7a0PD9bLpcWsvpkvXJ5sra0fPJiZXauNFe6ND0zc/qNmem333qzb7G+eu6vbz68897pL46tfP3TvcO3kjgTB7Jt7XE8gevtlYmYyJ6TsTizbsepPjQ2SJKdPgC2ZSTL87FI+4BDMZJlPfDf91lENIAhlch/GFKtcUBrbt+nefBz4/67qxOgjfGPrr42Enuac6N9K8kjM6N0vjveh/bTNn7+/fatdIn+vQ4BsKXrNyLi1Ojoxv4vyfq/7TvVwz7r29D/wbNzJx3/vNZp/JNbG/9Eh/HP/g65ux1b53/uXh+a6Sod/73Tcfy7dtNqfCSrHWyO+caSCxfLpbRv+19EHI+x3Wl9s/s5p1fuNrptax//pUvafmssmB3HvdHdjz6mOFuffZKY292/EfFix/Fvsnb+kw7nP30+zvXYxtHS7Ze7bds6/qer8X3EKx3P/8M7Wsnm9ycnm9fDZOuq2OjPm0d/7db+Tsefnv99q/H/nU0J18c/nrTfr609fhvf7fmn1G3bdq//XcnHzfKubN3V2Xp9YSpiV/LBxvXTDx/bqrf2T+M/fmzz/q/T9b83Ij7pMf6bR358afvxP11p/MXNr/915//xC3ff//Tbbu33dv5fb5aOZ2t66f96PcAnee4AAAAAAABg0OQi4kAkufxaOZfL51ff33Ek9uXK1Vr9xIXq4qViND8rOx5judad7kNt74eYyt4P26pPr6vPRMThiPhqZG+zni9Uy8WdDh4AAAAAAAAAAAAAAAAAAAAGxP4un/9P/Tay00cHPHW+8huG15b5349vegIGkv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX507ezZdGisPrhXSevHK0uJ89crJYqk2n68sFvKF6sLl/Fy1Olcu5QvVylZ/r1ytXp6ajsWrk/VSrT5ZW1o+X6kuXqqfv1j54WBEaeyZRAUAAAAAAAAAAAAAAAAAAADPl9rS8vxsuVxaUGgWdsdAHMZzVBgdjMNQ6HNhp3smAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjo3wAAAP//waw5Ug==") r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r6 = open_tree(r5, &(0x7f0000000040)='\x00', 0x89901) move_mount(r6, 0x0, r5, 0x0, 0x46) ioctl$TUNSETLINK(r5, 0x400454cd, 0x207) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r7}, 0x18) open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20) r8 = socket$pppl2tp(0x18, 0x1, 0x1) r9 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r8, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r9, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) 2.188354234s ago: executing program 4 (id=4094): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200000000000000"], 0x0, 0x3, 0x0, 0x0, 0x41100, 0x4}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) semget$private(0x0, 0x4, 0x29b) 1.809637895s ago: executing program 4 (id=4098): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000240)=ANY=[@ANYBLOB="0380c2000000bbbbbbbbbbbb0800450000300000000200019078ac1e0001ac1414aa0b009078000100004529000400688001020201ffac141436ac1414bb"], 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000003ef0001800e000100636f6e6e6c696d69740000000c000280080001400000e41f08000340000001"], 0xd0}, 0x1, 0x0, 0x0, 0x60000800}, 0x4000024) 1.785642566s ago: executing program 2 (id=4099): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x7fff}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, &(0x7f0000000200), &(0x7f0000000240)=r2}, 0x20) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000) 1.764943728s ago: executing program 4 (id=4100): openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x8200, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r1, 0x0, 0x486, 0x0, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, &(0x7f00000004c0)=""/139, &(0x7f0000000100)=0x8b) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='wg0\x00', 0x10) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) memfd_secret(0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) r4 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r3, 0xffffffffffffffff, 0x2e, 0x4608, @void}, 0x10) bpf$LINK_DETACH(0x22, &(0x7f0000000080)=r4, 0x4) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000000c0)='rpc_request\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) syz_emit_ethernet(0x3a, &(0x7f0000000040)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @empty}, {0x1, 0x37c1, 0x18, 0x0, @wg=@data}}}}}, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) getsockopt$llc_int(r2, 0x10c, 0x3, &(0x7f00000006c0), &(0x7f0000000700)=0x4) socket$phonet_pipe(0x23, 0x5, 0x2) 1.734174801s ago: executing program 2 (id=4102): mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001440)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = dup(r0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) 1.646962368s ago: executing program 4 (id=4105): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) r4 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) r5 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000000)=0x655e, 0x4) r6 = dup2(r5, r5) write$tun(r6, &(0x7f0000000180)=ANY=[@ANYRES64, @ANYRESHEX=r0], 0x46) recvmmsg(r6, &(0x7f00000049c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2000, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 1.623288869s ago: executing program 2 (id=4106): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) r4 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) r5 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000000)=0x655e, 0x4) r6 = dup2(r5, r5) write$tun(r6, &(0x7f0000000180)=ANY=[@ANYRES64, @ANYRESHEX=r0], 0x46) recvmmsg(r6, &(0x7f00000049c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2000, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x50, 0x0, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x2}, {0x5}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x50}}, 0x0) 1.507931309s ago: executing program 1 (id=4109): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x7fff}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000) 1.431849585s ago: executing program 1 (id=4110): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000240)=ANY=[@ANYBLOB="0380c2000000bbbbbbbbbbbb0800450000300000000200019078ac1e0001ac1414aa0b009078000100004529000400688001020201ffac141436ac1414bb"], 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000003ef0001800e000100636f6e6e6c696d69740000000c000280080001400000e41f08000340000001"], 0xd0}, 0x1, 0x0, 0x0, 0x60000800}, 0x4000024) 1.423170256s ago: executing program 0 (id=4111): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) get_mempolicy(0x0, 0x0, 0x2, &(0x7f0000000000/0x4000)=nil, 0x1) 1.276766298s ago: executing program 0 (id=4112): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x7fff}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, &(0x7f0000000200), &(0x7f0000000240)=r2}, 0x20) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000) 1.053020735s ago: executing program 1 (id=4113): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x7fff}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000) 1.011871459s ago: executing program 3 (id=4114): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000680)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f00000000c0)="ea3d8100", 0x4, 0xb01, &(0x7f0000000080)={0x11, 0x8100, r2}, 0x14) 980.175061ms ago: executing program 0 (id=4115): openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x8200, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r1, 0x0, 0x486, 0x0, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, &(0x7f00000004c0)=""/139, &(0x7f0000000100)=0x8b) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='wg0\x00', 0x10) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) memfd_secret(0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) r4 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r3, 0xffffffffffffffff, 0x2e, 0x4608, @void}, 0x10) bpf$LINK_DETACH(0x22, &(0x7f0000000080)=r4, 0x4) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000000c0)='rpc_request\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) syz_emit_ethernet(0x3a, &(0x7f0000000040)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @empty}, {0x1, 0x37c1, 0x18, 0x0, @wg=@data}}}}}, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) getsockopt$llc_int(r2, 0x10c, 0x3, &(0x7f00000006c0), &(0x7f0000000700)=0x4) socket$phonet_pipe(0x23, 0x5, 0x2) 907.604417ms ago: executing program 1 (id=4116): mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001440)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) r4 = dup(r1) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 866.630271ms ago: executing program 0 (id=4117): r0 = syz_io_uring_setup(0x684e, &(0x7f00000000c0)={0x0, 0x79af, 0x1, 0x8000, 0x183}, &(0x7f0000000340)=0x0, &(0x7f0000000140)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0) 824.690294ms ago: executing program 3 (id=4118): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) setreuid(0x0, 0xffffffffffffffff) 799.000136ms ago: executing program 1 (id=4119): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200000000000000"], 0x0, 0x3, 0x0, 0x0, 0x41100, 0x4}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) semget$private(0x0, 0x4, 0x29b) 751.66974ms ago: executing program 0 (id=4120): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x7fff}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000) 743.392941ms ago: executing program 1 (id=4121): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) r4 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) r5 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r5, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000000)=0x655e, 0x4) r6 = dup2(r5, r5) write$tun(r6, &(0x7f0000000180)=ANY=[@ANYRES64, @ANYRESHEX=r0], 0x46) recvmmsg(r6, &(0x7f00000049c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2000, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r7) sendmsg$NLBL_CIPSOV4_C_ADD(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x50, r8, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x2}, {0x5}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x50}}, 0x0) 731.569661ms ago: executing program 2 (id=4122): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) get_mempolicy(0x0, 0x0, 0x2, &(0x7f0000000000/0x4000)=nil, 0x1) 694.955975ms ago: executing program 3 (id=4123): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xe7fd}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0, 0x3, 0x0, 0x0, 0x41100, 0x4}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r2}, 0x10) r3 = semget$private(0x0, 0x4, 0x29b) semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000000240)={{0x0, 0xee00, 0x0, 0x0, 0x0, 0x150, 0xd49}, 0xfffffffffffffffc, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x1}) 593.155882ms ago: executing program 3 (id=4124): bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) io_pgetevents(0x0, 0x6, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4f0000006800e97800000000000000000a000000000000000400040014000600fc000000000000000000000000000001"], 0x30}}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$sock_timeval(r1, 0x1, 0x48, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000000001300"/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000010000008500000086000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='sched_switch\x00', r3}, 0x10) socket$inet(0x2, 0x3, 0x2) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4, 0x2}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xfffffffffffffffe}}}]}, {0x25}, {0xffffff06}, {0xc}}}]}]}, 0x8c}}, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x3804402, &(0x7f0000000240), 0x1, 0x55f, &(0x7f0000000c80)="$eJzs3d9rW+UbAPDnpO1+77sOxvgqIoVdOJlL19YfE7yYl6LDgd7PkmRlNFlGk461Dtwu3I03MgQRB+K1eu/l8B/wrxjoYMgoingTOelJl7VJm3XZmpnPB077vuec9D1Pznnevm9OQgIYWhPpj1zECxHxZRJxqG3baGQbJ1b3W3lwrZAuSTQaH/2RRJKta+2fZL/3Z5X/R8Qvn0ecyG1st7a0PD9bLpcWsvpkvXJ5sra0fPJiZXauNFe6ND0zc/qNmem333qzb7G+eu6vbz68897pL46tfP3TvcO3kjgTB7Jt7XE8gevtlYmYyJ6TsTizbsepPjQ2SJKdPgC2ZSTL87FI+4BDMZJlPfDf91lENIAhlch/GFKtcUBrbt+nefBz4/67qxOgjfGPrr42Enuac6N9K8kjM6N0vjveh/bTNn7+/fatdIn+vQ4BsKXrNyLi1Ojoxv4vyfq/7TvVwz7r29D/wbNzJx3/vNZp/JNbG/9Eh/HP/g65ux1b53/uXh+a6Sod/73Tcfy7dtNqfCSrHWyO+caSCxfLpbRv+19EHI+x3Wl9s/s5p1fuNrptax//pUvafmssmB3HvdHdjz6mOFuffZKY292/EfFix/Fvsnb+kw7nP30+zvXYxtHS7Ze7bds6/qer8X3EKx3P/8M7Wsnm9ycnm9fDZOuq2OjPm0d/7db+Tsefnv99q/H/nU0J18c/nrTfr609fhvf7fmn1G3bdq//XcnHzfKubN3V2Xp9YSpiV/LBxvXTDx/bqrf2T+M/fmzz/q/T9b83Ij7pMf6bR358afvxP11p/MXNr/915//xC3ff//Tbbu33dv5fb5aOZ2t66f96PcAnee4AAAAAAABg0OQi4kAkufxaOZfL51ff33Ek9uXK1Vr9xIXq4qViND8rOx5judad7kNt74eYyt4P26pPr6vPRMThiPhqZG+zni9Uy8WdDh4AAAAAAAAAAAAAAAAAAAAGxP4un/9P/Tay00cHPHW+8huG15b5349vegIGkv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX507ezZdGisPrhXSevHK0uJ89crJYqk2n68sFvKF6sLl/Fy1Olcu5QvVylZ/r1ytXp6ajsWrk/VSrT5ZW1o+X6kuXqqfv1j54WBEaeyZRAUAAAAAAAAAAAAAAAAAAADPl9rS8vxsuVxaUGgWdsdAHMZzVBgdjMNQ6HNhp3smAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjo3wAAAP//waw5Ug==") r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r6 = open_tree(r5, &(0x7f0000000040)='\x00', 0x89901) move_mount(r6, 0x0, r5, 0x0, 0x46) ioctl$TUNSETLINK(r5, 0x400454cd, 0x207) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r7}, 0x18) open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20) r8 = socket$pppl2tp(0x18, 0x1, 0x1) r9 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r8, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r9, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) 549.238426ms ago: executing program 2 (id=4125): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x7fff}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, &(0x7f0000000200), &(0x7f0000000240)=r2}, 0x20) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000) 547.228386ms ago: executing program 0 (id=4126): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000280)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@lazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x451, &(0x7f0000002240)="$eJzs28trXFUYAPDv3pmk9mXGUh99qNEqFh9JM33YhQsVBRcKgi7qMiZpqZ020kSwpWgUqUspuC8uBf8CV7oRdSW4VddSKJJNq1AYuTN3ksl0Jk3ipBMzvx9M55x7T3rOl3vOzDn35AbQt4azf5KIHRHxW0QM1bNLCwzX327OX5r4e/7SRBLV6lt/JbVyN+YvTTSKNn5ueyNTjEg/S2Jfm3pnLlw8M16pTJ3P86OzZ98fnblw8bnTZ8dPTZ2aOlc+fvzI4bFbx8pHuxJnFteNvR9N79/z2jtX3pg4ceXdn75JGvG3xNElw22PFutvT1arXa6ut3Y2pZNiDxvCqhTyLjlQG/9DUYjFizcUr37a08YB66parVYf6Hx6rgpsYkn0ugVAbzS+6LP1b+N1l6YeG8L1l+oLoCzum/mrfqYYaV5moGV9203DEXFi7p+rJ25Vr0brfYit61QpANDXvsvmP8+2m/+l0Xxf6N58D6UUEfdFxK6IOBYRuyPi/oha2Qcj4qFV1t+6SXL7/DO9tqbAViib/72Q720tnf81Zn9RKuS5nbX4B5KTpytTh/LfycEY2JLlx5ap4/tXfv2i07mF+V/+yurP3hdLpNeKW5b+zOT47Ph/ibnZ9U8i9hbbxZ8s7AQkEbEnIl5cYx2nn/56f6dzHeIfXNF/3IV9pupXEU/Vr/9ctMSfy7p9p/3J54+Vj47eE5WpQ6ONXnG7n3+5/Gan+u98/Zt1f0GQXf9tbft/I/4/Sknzfu3M6uu4/PvnHdeUa+3/g8nbS459OD47e34sYjB5vZYvNR8vt5QrL5bP4j94oP343xWLv4l9EZF14ocj4pGIeDRv+2MR8XhEHFgm/h9ffuK9tce/vrL4J5e9/tFy/RcTg9F6pH2icOaHb5dUWlpN/Nn1P1JLHcyPrOTzbyXtWltvBgAAgP+fNCJ2RJKOLKTTdGSk/jf8u2NbWpmemX3m5PQH5ybrzwiUYiBt3OkaarofOpYv6xv5ckv+cH7f+MvC1lp+ZGK6Mtnr4KHPbe8w/jN/FnrdOmDdeV4L+pfxD/3L+If+ZfxD/2oz/j16Bn2i3ff/xz1oB3D3tYz/Zbf9TAxgc7H+h/5l/EP/Mv6hL81sjTs/JL85EmlEbIBmbJZEpBuiGRLrlOj1JxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB3/BsAAP//nobm9w==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff27}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') fsopen(0x0, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000440)={[{@noblock_validity}, {@stripe={'stripe', 0x3d, 0x2}}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x71d}}, {@abort}], [{@uid_lt}, {@smackfsroot={'smackfsroot', 0x3d, '\x00'}}, {@measure}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}]}, 0x1, 0x610, &(0x7f0000000a40)="$eJzs3c9rFGcfAPDvTH6avO+bKC+8rz3UQCkKrYmJWqQUau5F7I9/IDVRxGgkSaFRwQjtsfTSQ6GnHmr/i1borfTQaw+9F0FK8VCL1C2zOxs3m93Nz/3h7ucDa+aZmczznTXfPM88eWY2gJ41kf2TRhyNiJtJxFjFtv7IN06U9nv8x51L2SuJQuH935O4czdZrzxWkn8dzb/577FIfk4jjvRtrXdl7da1ucXFheW8PLV6/ebUytqtk1evz11ZuLJwY+aNmXNnz5w9N31qX+c3UGPdN189Taa//fVCEufjWR5bdl7V+w3tq+bsPZuIQsmTyvXZ+3pun8fuFH+OlX9OnkuqV9CxLud5m+XJ/2Is+ir+N8fi03fbGhzQVIUkym0U0HOSOvn/42yj3wzDTYsHaJVyP6B8bV/rOnirtMm9EqAVHs2WBqRKuT8QEeX87y+NDcZwcWxg5HGyaZwniYj9jcyVZHX89MOFT7JX1BmHA5pj/V55lLu6/U+KuTkew8XSyON0c/6vFwpp3hPI1r+3x/onqsryH1pn/V5E/D9v/wdjx/mf5rlbzv8P91i//AcAAAAAAICD82A2Il6vNf8v3Zj/M1hj/s9oRJw/gPq3//tf+jBfSKp2HTyA6qGnPZqNeKvm/N+NOb7jfXnp38X5ALeTy1cXF05FxH8i4kQMDGXl6arjVs4QPvnZkS/r1V85/y97ZfWX5wLmR3rYX3Uj7vzc6tx+zxuIeHQv4qXi/N9j+ZrN83+y9j+p0f5n+X1zh3UcefX+xXrbts9/oFkKX0ccr9n+P+9uJ42fzzFV7A9MlXsFW718+/Pv6tVfnf9NOEWgjqz9H2mc/0NJ5fN6VnZ3/Owi/fRaf6He9r32/weTD/qiYhDg47nV1eXpiMHkna3rZ3YXM3SrPB+ORZ4vWf6feKXx+N9G/78iDw9FxPoO6hveZrv+P7RPlv/zjdv/8c3t/+4XZu6Pf1+v/os7av/PFNv0E/ka439QaevzOHaaoG0JFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABecGlE/CuSdHJjOU0nJyNGI+K/MZIuLq2svnZ56aMb89m2iPEYSMuf9DtWKiflz/8fryjPVJVPR8ThiPii71CxPHlpaXG+3ScPAAAAAAAAAAAAAAAAAAAAHWK0eM9/Yaj6/v/Mb33tjg5ouv78q3yH3tO/5+8sDB1oIEDL7T3/gRdYds2/i/wfaGYsQBvUz/8nTwtFLQ0HaCH9f+hde8x/fy6ALqD9h161wzG94WbHAbSD9h8AAAAAALrK4WMPfkkiYv3NQ8VXZjDfZrI/dLe03QEAbWMOL/Su/qV2RwC0i2t8INlY+qvmzf71Z/8nzQkIAAAAAAAAAAAAANji+FH3/0Ovanz/v7n90M0a3P9fK/k9LgC6SP2P/tD2Q7dzjQ9s19q7/x8AAAAAAAAAAAAAOsDwrWtzi4sLyytrL97C250Rxu4W1uc6IoxdLBTuRjTe51lzah+IiE55E5ZXsmhaVVf5ERxtPOU2/14CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2/BMAAP//cdEbCg==") sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$tipc(0x1e, 0x5, 0x0) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r3, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000001c0)=""/3, 0x3, 0x3, 0x4, 0x0, 0x0, 0xfffff97c}}, 0x120) readv(r3, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}], 0x1) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140), 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write(r1, &(0x7f00000009c0)="3bf58d", 0x3) bpf$PROG_LOAD(0x5, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0x3ffff) bpf$MAP_CREATE(0x0, 0x0, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18) setfsgid(0x0) sendfile(r1, r0, 0x0, 0x7fffeffd) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="b400000000000000731139000000000020000000000000009500200000000000", @ANYRES32=r5, @ANYRESOCT=r5, @ANYRES8=0x0], &(0x7f0000003ff6)='GPL\x00', 0xa, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) 333.399174ms ago: executing program 2 (id=4127): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000280)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@lazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x451, &(0x7f0000002240)="$eJzs28trXFUYAPDv3pmk9mXGUh99qNEqFh9JM33YhQsVBRcKgi7qMiZpqZ020kSwpWgUqUspuC8uBf8CV7oRdSW4VddSKJJNq1AYuTN3ksl0Jk3ipBMzvx9M55x7T3rOl3vOzDn35AbQt4azf5KIHRHxW0QM1bNLCwzX327OX5r4e/7SRBLV6lt/JbVyN+YvTTSKNn5ueyNTjEg/S2Jfm3pnLlw8M16pTJ3P86OzZ98fnblw8bnTZ8dPTZ2aOlc+fvzI4bFbx8pHuxJnFteNvR9N79/z2jtX3pg4ceXdn75JGvG3xNElw22PFutvT1arXa6ut3Y2pZNiDxvCqhTyLjlQG/9DUYjFizcUr37a08YB66parVYf6Hx6rgpsYkn0ugVAbzS+6LP1b+N1l6YeG8L1l+oLoCzum/mrfqYYaV5moGV9203DEXFi7p+rJ25Vr0brfYit61QpANDXvsvmP8+2m/+l0Xxf6N58D6UUEfdFxK6IOBYRuyPi/oha2Qcj4qFV1t+6SXL7/DO9tqbAViib/72Q720tnf81Zn9RKuS5nbX4B5KTpytTh/LfycEY2JLlx5ap4/tXfv2i07mF+V/+yurP3hdLpNeKW5b+zOT47Ph/ibnZ9U8i9hbbxZ8s7AQkEbEnIl5cYx2nn/56f6dzHeIfXNF/3IV9pupXEU/Vr/9ctMSfy7p9p/3J54+Vj47eE5WpQ6ONXnG7n3+5/Gan+u98/Zt1f0GQXf9tbft/I/4/Sknzfu3M6uu4/PvnHdeUa+3/g8nbS459OD47e34sYjB5vZYvNR8vt5QrL5bP4j94oP343xWLv4l9EZF14ocj4pGIeDRv+2MR8XhEHFgm/h9ffuK9tce/vrL4J5e9/tFy/RcTg9F6pH2icOaHb5dUWlpN/Nn1P1JLHcyPrOTzbyXtWltvBgAAgP+fNCJ2RJKOLKTTdGSk/jf8u2NbWpmemX3m5PQH5ybrzwiUYiBt3OkaarofOpYv6xv5ckv+cH7f+MvC1lp+ZGK6Mtnr4KHPbe8w/jN/FnrdOmDdeV4L+pfxD/3L+If+ZfxD/2oz/j16Bn2i3ff/xz1oB3D3tYz/Zbf9TAxgc7H+h/5l/EP/Mv6hL81sjTs/JL85EmlEbIBmbJZEpBuiGRLrlOj1JxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB3/BsAAP//nobm9w==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f00000009c0)="3bf58d", 0x3) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7fffeffd) 234.496652ms ago: executing program 3 (id=4128): syz_open_procfs(0x0, &(0x7f00000000c0)='oom_adj\x00') r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x2) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0xfc, 0xfd, 0x10001}]}) 19.794599ms ago: executing program 3 (id=4129): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000240)=ANY=[@ANYBLOB="0380c2000000bbbbbbbbbbbb0800450000300000000200019078ac1e0001ac1414aa0b009078000100004529000400688001020201ffac141436ac1414bb"], 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000003ef0001800e000100636f6e6e6c696d69740000000c000280080001400000e41f08000340000001"], 0xd0}, 0x1, 0x0, 0x0, 0x60000800}, 0x4000024) 0s ago: executing program 4 (id=4130): socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) syz_open_dev$evdev(&(0x7f00000000c0), 0x3, 0x40) kernel console output (not intermixed with test programs): error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.3089: Allocating blocks 497-513 which overlap fs metadata [ 210.199856][T13957] bond0: (slave bond_slave_1): Releasing backup interface [ 210.218036][T13957] team0: Port device team_slave_0 removed [ 210.228796][T13969] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 210.230869][T13957] team0: Port device team_slave_1 removed [ 210.246141][T13969] EXT4-fs (loop1): mount failed [ 210.257251][T13957] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 210.265302][T13957] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 210.275972][T13957] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 210.283837][T13957] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 210.322118][T13265] bridge_slave_1: left allmulticast mode [ 210.328244][T13265] bridge_slave_1: left promiscuous mode [ 210.334296][T13265] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.354324][T13265] bridge_slave_0: left allmulticast mode [ 210.360097][T13265] bridge_slave_0: left promiscuous mode [ 210.366579][T13265] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.451145][T13985] 9pnet_fd: Insufficient options for proto=fd [ 210.489906][T13265] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 210.500288][T13265] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 210.510642][T13265] bond0 (unregistering): Released all slaves [ 210.520829][T13989] loop3: detected capacity change from 0 to 128 [ 210.532789][T13963] lo speed is unknown, defaulting to 1000 [ 210.535772][T13989] ext4 filesystem being mounted at /36/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 210.569377][T13265] tipc: Left network mode [ 210.604520][T13989] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621 [ 210.663816][T13265] hsr_slave_0: left promiscuous mode [ 210.671055][T13265] hsr_slave_1: left promiscuous mode [ 210.676832][T13265] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 210.684833][T13265] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 210.693172][T13265] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 210.701262][T13265] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 210.711911][T14003] netlink: 360 bytes leftover after parsing attributes in process `syz.4.3185'. [ 210.725711][T13265] veth1_macvtap: left promiscuous mode [ 210.732026][T13265] veth0_macvtap: left promiscuous mode [ 210.738756][T13265] veth1_vlan: left promiscuous mode [ 210.746574][T13265] veth0_vlan: left promiscuous mode [ 210.810672][T13265] team0 (unregistering): Port device team_slave_1 removed [ 210.821967][T13265] team0 (unregistering): Port device team_slave_0 removed [ 210.831963][T14016] netlink: 'syz.3.3188': attribute type 4 has an invalid length. [ 210.875298][T14009] loop3: detected capacity change from 0 to 512 [ 210.893037][T14009] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 210.931396][T14009] EXT4-fs (loop3): mount failed [ 210.966306][T14028] loop1: detected capacity change from 0 to 512 [ 210.987256][T14028] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 211.002703][T14028] EXT4-fs (loop1): 1 truncate cleaned up [ 211.101642][T14034] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3194'. [ 211.111190][T14034] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3194'. [ 211.142725][T13986] chnl_net:caif_netlink_parms(): no params data found [ 211.154529][T14038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 211.163734][T14038] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 211.209247][T13986] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.216748][T13986] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.224459][T13986] bridge_slave_0: entered allmulticast mode [ 211.240354][T13986] bridge_slave_0: entered promiscuous mode [ 211.252426][T13986] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.259827][T13986] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.267394][T13986] bridge_slave_1: entered allmulticast mode [ 211.275591][T13986] bridge_slave_1: entered promiscuous mode [ 211.314978][T13986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 211.328561][T13986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.355932][T14061] bridge_slave_0: left allmulticast mode [ 211.361870][T14061] bridge_slave_0: left promiscuous mode [ 211.367666][T14061] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.382061][T14064] loop3: detected capacity change from 0 to 512 [ 211.386814][T14061] bridge_slave_1: left allmulticast mode [ 211.395353][T14061] bridge_slave_1: left promiscuous mode [ 211.395459][T14064] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 211.401210][T14061] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.424621][T14061] bond0: (slave bond_slave_0): Releasing backup interface [ 211.432521][T14064] EXT4-fs (loop3): 1 truncate cleaned up [ 211.441453][T14061] bond0: (slave bond_slave_1): Releasing backup interface [ 211.453330][T14061] team0: Port device team_slave_0 removed [ 211.462034][T14061] team0: Port device team_slave_1 removed [ 211.470294][T14061] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 211.478375][T14061] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 211.487475][T14061] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 211.495205][T14061] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 211.566317][T13986] team0: Port device team_slave_0 added [ 211.576188][T13986] team0: Port device team_slave_1 added [ 211.582477][T14073] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3208'. [ 211.591996][T14073] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3208'. [ 211.603275][T14070] netlink: 'syz.2.3207': attribute type 4 has an invalid length. [ 211.611937][T14073] loop3: detected capacity change from 0 to 1024 [ 211.635547][T13986] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 211.643081][T13986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.643229][T14070] loop2: detected capacity change from 0 to 512 [ 211.670498][T13986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.671832][T13986] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.695715][T13986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.722827][T13986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.744603][T14070] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 211.760618][T14070] EXT4-fs (loop2): mount failed [ 211.780014][T13986] hsr_slave_0: entered promiscuous mode [ 211.786501][T13986] hsr_slave_1: entered promiscuous mode [ 211.793085][T13986] debugfs: 'hsr0' already exists in 'hsr' [ 211.799170][T13986] Cannot create hsr debugfs directory [ 211.800678][T14084] loop3: detected capacity change from 0 to 1024 [ 211.818060][T14084] EXT4-fs: Ignoring removed nobh option [ 211.823709][T14084] EXT4-fs: Ignoring removed bh option [ 211.852491][T14084] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.3212: Allocating blocks 497-513 which overlap fs metadata [ 211.872858][T14084] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.3212: Allocating blocks 497-513 which overlap fs metadata [ 211.931912][T14099] IPVS: length: 139 != 8 [ 211.991395][T13986] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.051718][T13986] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.114435][T13986] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.189824][T13986] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.230365][T14107] FAULT_INJECTION: forcing a failure. [ 212.230365][T14107] name failslab, interval 1, probability 0, space 0, times 0 [ 212.244025][T14107] CPU: 1 UID: 0 PID: 14107 Comm: syz.1.3220 Not tainted syzkaller #0 PREEMPT(voluntary) [ 212.244056][T14107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 212.244069][T14107] Call Trace: [ 212.244075][T14107] [ 212.244083][T14107] __dump_stack+0x1d/0x30 [ 212.244105][T14107] dump_stack_lvl+0xe8/0x140 [ 212.244184][T14107] dump_stack+0x15/0x1b [ 212.244201][T14107] should_fail_ex+0x265/0x280 [ 212.244225][T14107] should_failslab+0x8c/0xb0 [ 212.244251][T14107] kmem_cache_alloc_lru_noprof+0x55/0x310 [ 212.244281][T14107] ? __d_alloc+0x3d/0x340 [ 212.244312][T14107] __d_alloc+0x3d/0x340 [ 212.244379][T14107] ? from_vfsgid+0x70/0xa0 [ 212.244406][T14107] d_alloc_pseudo+0x1e/0x80 [ 212.244436][T14107] alloc_file_pseudo+0x71/0x160 [ 212.244500][T14107] hugetlb_file_setup+0x2a6/0x3d0 [ 212.244526][T14107] ksys_mmap_pgoff+0x157/0x310 [ 212.244561][T14107] x64_sys_call+0x14a3/0x2ff0 [ 212.244635][T14107] do_syscall_64+0xd2/0x200 [ 212.244664][T14107] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 212.244689][T14107] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 212.244758][T14107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.244781][T14107] RIP: 0033:0x7f6b79b8ebe9 [ 212.244798][T14107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.244817][T14107] RSP: 002b:00007f6b785ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 212.244837][T14107] RAX: ffffffffffffffda RBX: 00007f6b79db5fa0 RCX: 00007f6b79b8ebe9 [ 212.244851][T14107] RDX: 0000000000000000 RSI: 0000000000c00000 RDI: 0000200000000000 [ 212.244880][T14107] RBP: 00007f6b785ef090 R08: ffffffffffffffff R09: 0000000000000000 [ 212.244892][T14107] R10: 0000000000042073 R11: 0000000000000246 R12: 0000000000000001 [ 212.244905][T14107] R13: 00007f6b79db6038 R14: 00007f6b79db5fa0 R15: 00007ffcc8c2aea8 [ 212.244924][T14107] [ 212.474944][T14113] netlink: 'syz.4.3223': attribute type 4 has an invalid length. [ 212.490073][T14113] loop4: detected capacity change from 0 to 512 [ 212.538076][T14113] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 212.540942][T13986] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 212.562011][T14113] EXT4-fs (loop4): mount failed [ 212.568377][T13986] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 212.582199][T13986] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 212.596727][T13986] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 212.663801][T14131] loop4: detected capacity change from 0 to 512 [ 212.687810][T14131] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 212.705693][T13986] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.735069][T14131] EXT4-fs (loop4): 1 truncate cleaned up [ 212.758477][T13986] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.772336][T12402] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.779858][T12402] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.136144][T14135] lo speed is unknown, defaulting to 1000 [ 213.142192][T14135] lo speed is unknown, defaulting to 1000 [ 213.148694][T14135] lo speed is unknown, defaulting to 1000 [ 213.154464][T12402] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.155390][T14135] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 213.161794][T12402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.189902][T13986] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 213.200800][T13986] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 213.242279][T14135] lo speed is unknown, defaulting to 1000 [ 213.248402][T14135] lo speed is unknown, defaulting to 1000 [ 213.254897][T14135] lo speed is unknown, defaulting to 1000 [ 213.261177][T14135] lo speed is unknown, defaulting to 1000 [ 213.267347][T14135] lo speed is unknown, defaulting to 1000 [ 213.273421][T14135] lo speed is unknown, defaulting to 1000 [ 213.279347][T14134] siw: device registration error -23 [ 213.363366][T13986] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.441424][T14152] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3231'. [ 213.450568][T14152] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3231'. [ 213.495969][T13986] veth0_vlan: entered promiscuous mode [ 213.496305][T14164] loop3: detected capacity change from 0 to 1024 [ 213.502751][T14162] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3234'. [ 213.517553][T14162] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3234'. [ 213.530287][T14167] netlink: 'syz.1.3236': attribute type 4 has an invalid length. [ 213.531353][T13986] veth1_vlan: entered promiscuous mode [ 213.558419][T14167] loop1: detected capacity change from 0 to 512 [ 213.570794][T14162] loop4: detected capacity change from 0 to 1024 [ 213.572844][T13986] veth0_macvtap: entered promiscuous mode [ 213.596638][T13986] veth1_macvtap: entered promiscuous mode [ 213.607703][T13986] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 213.625537][ T29] kauditd_printk_skb: 2011 callbacks suppressed [ 213.625554][ T29] audit: type=1326 audit(1756497819.919:23069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14161 comm="syz.4.3234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fa871b5d84a code=0x7ffc0000 [ 213.630211][T14171] bridge_slave_0: left allmulticast mode [ 213.633613][ T29] audit: type=1326 audit(1756497819.930:23070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14161 comm="syz.4.3234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fa871b5d84a code=0x7ffc0000 [ 213.656453][T14171] bridge_slave_0: left promiscuous mode [ 213.666121][ T29] audit: type=1326 audit(1756497819.962:23071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14161 comm="syz.4.3234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fa871b5d457 code=0x7ffc0000 [ 213.686609][T14171] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.692127][ T29] audit: type=1326 audit(1756497819.962:23072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14161 comm="syz.4.3234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fa871b6038a code=0x7ffc0000 [ 213.725533][T14167] Quota error (device loop1): v2_read_file_info: Free block number 1 out of range (1, 6). [ 213.754856][ T29] audit: type=1326 audit(1756497820.025:23073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14161 comm="syz.4.3234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa871b5d550 code=0x7ffc0000 [ 213.759868][T14167] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 213.782205][ T29] audit: type=1326 audit(1756497820.025:23074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14161 comm="syz.4.3234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7fa871b5d937 code=0x7ffc0000 [ 213.782236][ T29] audit: type=1326 audit(1756497820.025:23075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14161 comm="syz.4.3234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa871b5d550 code=0x7ffc0000 [ 213.782263][ T29] audit: type=1326 audit(1756497820.025:23076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14161 comm="syz.4.3234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa871b5ebe9 code=0x7ffc0000 [ 213.801063][T14167] EXT4-fs (loop1): mount failed [ 213.821873][ T29] audit: type=1326 audit(1756497820.025:23077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14161 comm="syz.4.3234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa871b5ebe9 code=0x7ffc0000 [ 213.873367][T14180] IPVS: length: 139 != 8 [ 213.914034][T14171] bridge_slave_1: left allmulticast mode [ 213.919949][T14171] bridge_slave_1: left promiscuous mode [ 213.926479][T14171] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.939531][T14171] bond0: (slave bond_slave_0): Releasing backup interface [ 213.958946][T14171] bond0: (slave bond_slave_1): Releasing backup interface [ 213.993635][T14171] team0: Port device team_slave_0 removed [ 214.006753][T14171] team0: Port device team_slave_1 removed [ 214.022742][T14171] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.030712][T14171] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 214.042461][T14171] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 214.050232][T14171] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 214.083063][T13986] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 214.118521][T13265] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.130325][T13265] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.144024][T13265] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.153330][T13265] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.173910][T14195] loop1: detected capacity change from 0 to 512 [ 214.219867][T14195] ext4 filesystem being mounted at /83/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 214.233830][T14194] EXT4-fs (loop1): shut down requested (0) [ 214.265737][T14213] netlink: 'syz.3.3248': attribute type 1 has an invalid length. [ 214.353224][T14217] loop4: detected capacity change from 0 to 512 [ 214.360466][T14217] EXT4-fs: Ignoring removed bh option [ 214.366080][T14217] EXT4-fs: Ignoring removed mblk_io_submit option [ 214.376972][T14217] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 214.390666][T14217] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 214.400362][T14217] EXT4-fs (loop4): orphan cleanup on readonly fs [ 214.412438][T14224] netlink: 'syz.3.3253': attribute type 4 has an invalid length. [ 214.434359][T14217] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.3250: Failed to acquire dquot type 1 [ 214.445958][T14224] loop3: detected capacity change from 0 to 512 [ 214.449543][T14217] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.3250: Invalid block bitmap block 0 in block_group 0 [ 214.473178][T14217] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.3250: Invalid block bitmap block 0 in block_group 0 [ 214.494480][T14224] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 214.511390][T14217] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.3250: Invalid block bitmap block 0 in block_group 0 [ 214.511637][T14224] EXT4-fs (loop3): mount failed [ 214.526661][T14217] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.3250: Failed to acquire dquot type 1 [ 214.543568][T14217] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.3250: Failed to acquire dquot type 1 [ 214.555852][T14217] EXT4-fs (loop4): 1 orphan inode deleted [ 214.592017][T14217] syz.4.3250 (14217) used greatest stack depth: 9072 bytes left [ 214.605779][T14234] loop0: detected capacity change from 0 to 512 [ 214.612872][T14234] EXT4-fs: Ignoring removed orlov option [ 214.620326][T14234] EXT4-fs (loop0): unsupported inode size: 4096 [ 214.626904][T14234] EXT4-fs (loop0): blocksize: 2048 [ 214.771564][T14249] netlink: 'syz.4.3262': attribute type 1 has an invalid length. [ 214.867057][T14261] netlink: 'syz.3.3268': attribute type 4 has an invalid length. [ 214.884942][T14261] loop3: detected capacity change from 0 to 512 [ 214.902690][T14261] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 214.919584][T14261] EXT4-fs (loop3): mount failed [ 214.928499][T14275] syzkaller1: entered promiscuous mode [ 214.934072][T14275] syzkaller1: entered allmulticast mode [ 214.974557][T14281] 9pnet_fd: Insufficient options for proto=fd [ 214.982132][T14281] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3275'. [ 215.023027][T14278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 215.032218][T14278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 215.180051][T14298] netlink: 'syz.2.3283': attribute type 4 has an invalid length. [ 215.199634][T14298] loop2: detected capacity change from 0 to 512 [ 215.219113][T14298] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 215.236275][T14298] EXT4-fs (loop2): mount failed [ 215.281209][T14307] FAULT_INJECTION: forcing a failure. [ 215.281209][T14307] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 215.294532][T14307] CPU: 0 UID: 0 PID: 14307 Comm: syz.2.3286 Not tainted syzkaller #0 PREEMPT(voluntary) [ 215.294559][T14307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 215.294567][T14307] Call Trace: [ 215.294571][T14307] [ 215.294576][T14307] __dump_stack+0x1d/0x30 [ 215.294636][T14307] dump_stack_lvl+0xe8/0x140 [ 215.294648][T14307] dump_stack+0x15/0x1b [ 215.294720][T14307] should_fail_ex+0x265/0x280 [ 215.294734][T14307] should_fail+0xb/0x20 [ 215.294745][T14307] should_fail_usercopy+0x1a/0x20 [ 215.294758][T14307] _copy_from_user+0x1c/0xb0 [ 215.294848][T14307] __sys_connect+0xd0/0x2b0 [ 215.294863][T14307] __x64_sys_connect+0x3f/0x50 [ 215.294874][T14307] x64_sys_call+0x2c08/0x2ff0 [ 215.294950][T14307] do_syscall_64+0xd2/0x200 [ 215.294972][T14307] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 215.295037][T14307] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 215.295054][T14307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.295083][T14307] RIP: 0033:0x7f6d58b5ebe9 [ 215.295094][T14307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.295184][T14307] RSP: 002b:00007f6d575bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 215.295199][T14307] RAX: ffffffffffffffda RBX: 00007f6d58d85fa0 RCX: 00007f6d58b5ebe9 [ 215.295207][T14307] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 0000000000000003 [ 215.295215][T14307] RBP: 00007f6d575bf090 R08: 0000000000000000 R09: 0000000000000000 [ 215.295223][T14307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.295230][T14307] R13: 00007f6d58d86038 R14: 00007f6d58d85fa0 R15: 00007ffd515987a8 [ 215.295302][T14307] [ 215.515637][T14313] syzkaller1: entered promiscuous mode [ 215.521435][T14313] syzkaller1: entered allmulticast mode [ 215.536983][T14311] loop0: detected capacity change from 0 to 1024 [ 215.545169][T14311] EXT4-fs: Ignoring removed nobh option [ 215.551004][T14311] EXT4-fs: Ignoring removed bh option [ 215.583072][T14311] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.3288: Allocating blocks 481-513 which overlap fs metadata [ 215.731587][T14333] netlink: 'syz.0.3296': attribute type 4 has an invalid length. [ 215.759831][T14335] FAULT_INJECTION: forcing a failure. [ 215.759831][T14335] name failslab, interval 1, probability 0, space 0, times 0 [ 215.773197][T14335] CPU: 1 UID: 0 PID: 14335 Comm: syz.2.3299 Not tainted syzkaller #0 PREEMPT(voluntary) [ 215.773226][T14335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 215.773382][T14335] Call Trace: [ 215.773389][T14335] [ 215.773397][T14335] __dump_stack+0x1d/0x30 [ 215.773421][T14335] dump_stack_lvl+0xe8/0x140 [ 215.773440][T14335] dump_stack+0x15/0x1b [ 215.773458][T14335] should_fail_ex+0x265/0x280 [ 215.773480][T14335] should_failslab+0x8c/0xb0 [ 215.773575][T14335] kmem_cache_alloc_noprof+0x50/0x310 [ 215.773599][T14335] ? security_file_alloc+0x32/0x100 [ 215.773647][T14335] security_file_alloc+0x32/0x100 [ 215.773674][T14335] init_file+0x5c/0x1d0 [ 215.773708][T14335] alloc_empty_file+0x8b/0x200 [ 215.773802][T14335] alloc_file_pseudo+0xc6/0x160 [ 215.773833][T14335] anon_inode_getfile_fmode+0xa5/0x140 [ 215.773867][T14335] do_signalfd4+0x162/0x2b0 [ 215.773924][T14335] __x64_sys_signalfd4+0xce/0x100 [ 215.773959][T14335] x64_sys_call+0x259c/0x2ff0 [ 215.773978][T14335] do_syscall_64+0xd2/0x200 [ 215.774003][T14335] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 215.774027][T14335] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 215.774109][T14335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.774192][T14335] RIP: 0033:0x7f6d58b5ebe9 [ 215.774207][T14335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.774223][T14335] RSP: 002b:00007f6d575bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000121 [ 215.774241][T14335] RAX: ffffffffffffffda RBX: 00007f6d58d85fa0 RCX: 00007f6d58b5ebe9 [ 215.774252][T14335] RDX: 0000000000000008 RSI: 0000200000000500 RDI: ffffffffffffffff [ 215.774284][T14335] RBP: 00007f6d575bf090 R08: 0000000000000000 R09: 0000000000000000 [ 215.774371][T14335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.774384][T14335] R13: 00007f6d58d86038 R14: 00007f6d58d85fa0 R15: 00007ffd515987a8 [ 215.774401][T14335] [ 215.977654][T14333] loop0: detected capacity change from 0 to 512 [ 215.997591][T14337] loop3: detected capacity change from 0 to 1024 [ 216.015708][T14339] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3298'. [ 216.024844][T14333] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 216.041207][T14337] EXT4-fs: Ignoring removed nobh option [ 216.047141][T14337] EXT4-fs: Ignoring removed bh option [ 216.055011][T14333] EXT4-fs (loop0): mount failed [ 216.078843][T14337] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.3297: Allocating blocks 481-513 which overlap fs metadata [ 216.086532][T14349] lo speed is unknown, defaulting to 1000 [ 216.109436][T14351] loop1: detected capacity change from 0 to 128 [ 216.163151][T14354] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3304'. [ 216.172386][T14354] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3304'. [ 216.227226][T14364] netlink: 'syz.2.3309': attribute type 4 has an invalid length. [ 216.262306][T14366] netlink: 360 bytes leftover after parsing attributes in process `syz.0.3311'. [ 216.280987][T14359] siw: device registration error -23 [ 216.302056][T14366] loop0: detected capacity change from 0 to 1024 [ 216.309361][T14366] EXT4-fs: dax option not supported [ 216.367322][T14372] FAULT_INJECTION: forcing a failure. [ 216.367322][T14372] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 216.380875][T14372] CPU: 1 UID: 0 PID: 14372 Comm: syz.1.3312 Not tainted syzkaller #0 PREEMPT(voluntary) [ 216.380906][T14372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 216.380919][T14372] Call Trace: [ 216.380926][T14372] [ 216.380934][T14372] __dump_stack+0x1d/0x30 [ 216.380968][T14372] dump_stack_lvl+0xe8/0x140 [ 216.381014][T14372] dump_stack+0x15/0x1b [ 216.381032][T14372] should_fail_ex+0x265/0x280 [ 216.381055][T14372] should_fail+0xb/0x20 [ 216.381075][T14372] should_fail_usercopy+0x1a/0x20 [ 216.381100][T14372] _copy_from_iter+0xd2/0xe80 [ 216.381166][T14372] ? __build_skb_around+0x1a0/0x200 [ 216.381270][T14372] ? __alloc_skb+0x223/0x320 [ 216.381293][T14372] netlink_sendmsg+0x471/0x6b0 [ 216.381323][T14372] ? __pfx_netlink_sendmsg+0x10/0x10 [ 216.381346][T14372] __sock_sendmsg+0x145/0x180 [ 216.381454][T14372] __sys_sendto+0x268/0x330 [ 216.381497][T14372] __x64_sys_sendto+0x76/0x90 [ 216.381518][T14372] x64_sys_call+0x2d05/0x2ff0 [ 216.381542][T14372] do_syscall_64+0xd2/0x200 [ 216.381597][T14372] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 216.381658][T14372] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 216.381685][T14372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.381719][T14372] RIP: 0033:0x7f6b79b8ebe9 [ 216.381792][T14372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 216.381810][T14372] RSP: 002b:00007f6b785ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 216.381832][T14372] RAX: ffffffffffffffda RBX: 00007f6b79db5fa0 RCX: 00007f6b79b8ebe9 [ 216.381847][T14372] RDX: 0000000000000090 RSI: 00002000000000c0 RDI: 0000000000000004 [ 216.381861][T14372] RBP: 00007f6b785ef090 R08: 0000000000000000 R09: 0000000000000000 [ 216.381879][T14372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 216.381892][T14372] R13: 00007f6b79db6038 R14: 00007f6b79db5fa0 R15: 00007ffcc8c2aea8 [ 216.381964][T14372] [ 216.617808][T14382] lo speed is unknown, defaulting to 1000 [ 216.619202][T14384] netlink: 'syz.2.3318': attribute type 4 has an invalid length. [ 216.646770][T14384] loop2: detected capacity change from 0 to 512 [ 216.650637][T14385] netlink: 'syz.0.3314': attribute type 1 has an invalid length. [ 216.673252][T14378] lo speed is unknown, defaulting to 1000 [ 216.691121][T14384] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 216.737624][T14385] bridge_slave_0: left allmulticast mode [ 216.743422][T14385] bridge_slave_0: left promiscuous mode [ 216.749178][T14385] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.761472][T14384] EXT4-fs (loop2): mount failed [ 216.768317][T14385] bridge_slave_1: left allmulticast mode [ 216.774141][T14385] bridge_slave_1: left promiscuous mode [ 216.780038][T14385] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.794152][T14385] bond0: (slave bond_slave_0): Releasing backup interface [ 216.805415][T14385] bond0: (slave bond_slave_1): Releasing backup interface [ 216.820230][T14385] team0: Port device team_slave_0 removed [ 216.831844][T14385] team0: Port device team_slave_1 removed [ 216.840549][T14385] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 216.848133][T14385] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 216.859184][T14385] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 216.866640][T14385] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 217.155143][T14413] FAULT_INJECTION: forcing a failure. [ 217.155143][T14413] name failslab, interval 1, probability 0, space 0, times 0 [ 217.168198][T14413] CPU: 0 UID: 0 PID: 14413 Comm: syz.1.3329 Not tainted syzkaller #0 PREEMPT(voluntary) [ 217.168277][T14413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 217.168291][T14413] Call Trace: [ 217.168298][T14413] [ 217.168304][T14413] __dump_stack+0x1d/0x30 [ 217.168325][T14413] dump_stack_lvl+0xe8/0x140 [ 217.168344][T14413] dump_stack+0x15/0x1b [ 217.168363][T14413] should_fail_ex+0x265/0x280 [ 217.168400][T14413] should_failslab+0x8c/0xb0 [ 217.168427][T14413] kmem_cache_alloc_noprof+0x50/0x310 [ 217.168454][T14413] ? dst_alloc+0xbd/0x100 [ 217.168474][T14413] ? __rcu_read_unlock+0x4f/0x70 [ 217.168566][T14413] dst_alloc+0xbd/0x100 [ 217.168595][T14413] ip_route_input_rcu+0xd88/0x1d00 [ 217.168625][T14413] ? obj_cgroup_charge_account+0xba/0x1a0 [ 217.168728][T14413] ? xas_load+0x413/0x430 [ 217.168756][T14413] ip_route_input_noref+0x5f/0x90 [ 217.168867][T14413] ip_rcv_finish_core+0x315/0xb40 [ 217.168892][T14413] ip_rcv_finish+0x100/0x1c0 [ 217.168917][T14413] ip_rcv+0x62/0x140 [ 217.168939][T14413] ? __pfx_ip_rcv_finish+0x10/0x10 [ 217.168973][T14413] ? __pfx_ip_rcv+0x10/0x10 [ 217.169077][T14413] __netif_receive_skb+0xff/0x270 [ 217.169107][T14413] ? tun_rx_batched+0xc7/0x430 [ 217.169133][T14413] netif_receive_skb+0x4b/0x2e0 [ 217.169165][T14413] ? tun_rx_batched+0xc7/0x430 [ 217.169204][T14413] tun_rx_batched+0xfc/0x430 [ 217.169302][T14413] tun_get_user+0x1eb6/0x2680 [ 217.169359][T14413] ? ref_tracker_alloc+0x1f2/0x2f0 [ 217.169384][T14413] tun_chr_write_iter+0x15e/0x210 [ 217.169410][T14413] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 217.169445][T14413] vfs_write+0x52a/0x960 [ 217.169476][T14413] ksys_write+0xda/0x1a0 [ 217.169497][T14413] __x64_sys_write+0x40/0x50 [ 217.169521][T14413] x64_sys_call+0x27fe/0x2ff0 [ 217.169543][T14413] do_syscall_64+0xd2/0x200 [ 217.169651][T14413] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 217.169685][T14413] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 217.169712][T14413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.169774][T14413] RIP: 0033:0x7f6b79b8d69f [ 217.169790][T14413] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 217.169807][T14413] RSP: 002b:00007f6b785ef000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 217.169828][T14413] RAX: ffffffffffffffda RBX: 00007f6b79db5fa0 RCX: 00007f6b79b8d69f [ 217.169843][T14413] RDX: 0000000000000086 RSI: 00002000000001c0 RDI: 00000000000000c8 [ 217.169915][T14413] RBP: 00007f6b785ef090 R08: 0000000000000000 R09: 0000000000000000 [ 217.170009][T14413] R10: 0000000000000086 R11: 0000000000000293 R12: 0000000000000001 [ 217.170022][T14413] R13: 00007f6b79db6038 R14: 00007f6b79db5fa0 R15: 00007ffcc8c2aea8 [ 217.170043][T14413] [ 217.476813][T14415] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3328'. [ 217.488383][T14414] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=14414 comm=syz.0.3328 [ 217.548228][T14423] netlink: 'syz.1.3333': attribute type 1 has an invalid length. [ 217.577697][T14423] bridge_slave_0: left promiscuous mode [ 217.584623][T14423] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.596354][T14423] bridge_slave_1: left allmulticast mode [ 217.602792][T14423] bridge_slave_1: left promiscuous mode [ 217.608597][T14423] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.638165][T14430] loop0: detected capacity change from 0 to 1024 [ 217.645556][T14430] EXT4-fs: Ignoring removed nobh option [ 217.646517][T14431] siw: device registration error -23 [ 217.651456][T14430] EXT4-fs: Ignoring removed bh option [ 217.667746][T14423] bond0: (slave bond_slave_0): Releasing backup interface [ 217.678171][T14434] netlink: 'syz.3.3334': attribute type 4 has an invalid length. [ 217.695118][T14430] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.3335: Allocating blocks 481-513 which overlap fs metadata [ 217.713026][T14423] bond0: (slave bond_slave_1): Releasing backup interface [ 217.750620][T14423] team0: Port device team_slave_0 removed [ 217.789233][T14437] loop3: detected capacity change from 0 to 512 [ 217.801989][T14437] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 217.820163][T14423] team0: Port device team_slave_1 removed [ 217.829293][T14423] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 217.836832][T14423] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 217.844690][T14437] EXT4-fs (loop3): mount failed [ 217.851700][T14423] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 217.859262][T14423] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 217.938034][T14445] binfmt_misc: register: failed to install interpreter file ./file0 [ 218.087702][T14461] FAULT_INJECTION: forcing a failure. [ 218.087702][T14461] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 218.101129][T14461] CPU: 0 UID: 0 PID: 14461 Comm: syz.0.3343 Not tainted syzkaller #0 PREEMPT(voluntary) [ 218.101192][T14461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 218.101202][T14461] Call Trace: [ 218.101208][T14461] [ 218.101215][T14461] __dump_stack+0x1d/0x30 [ 218.101296][T14461] dump_stack_lvl+0xe8/0x140 [ 218.101318][T14461] dump_stack+0x15/0x1b [ 218.101333][T14461] should_fail_ex+0x265/0x280 [ 218.101352][T14461] should_fail+0xb/0x20 [ 218.101415][T14461] should_fail_usercopy+0x1a/0x20 [ 218.101442][T14461] _copy_to_user+0x20/0xa0 [ 218.101466][T14461] simple_read_from_buffer+0xb5/0x130 [ 218.101491][T14461] proc_fail_nth_read+0x10e/0x150 [ 218.101529][T14461] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 218.101618][T14461] vfs_read+0x1a8/0x770 [ 218.101641][T14461] ? __rcu_read_unlock+0x4f/0x70 [ 218.101681][T14461] ? __fget_files+0x184/0x1c0 [ 218.101709][T14461] ksys_read+0xda/0x1a0 [ 218.101850][T14461] __x64_sys_read+0x40/0x50 [ 218.101875][T14461] x64_sys_call+0x27bc/0x2ff0 [ 218.101932][T14461] do_syscall_64+0xd2/0x200 [ 218.101962][T14461] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 218.101988][T14461] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 218.102088][T14461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.102110][T14461] RIP: 0033:0x7fb5c98bd5fc [ 218.102128][T14461] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 218.102148][T14461] RSP: 002b:00007fb5c8327030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 218.102170][T14461] RAX: ffffffffffffffda RBX: 00007fb5c9ae5fa0 RCX: 00007fb5c98bd5fc [ 218.102262][T14461] RDX: 000000000000000f RSI: 00007fb5c83270a0 RDI: 0000000000000005 [ 218.102275][T14461] RBP: 00007fb5c8327090 R08: 0000000000000000 R09: 0000000000000000 [ 218.102288][T14461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 218.102301][T14461] R13: 00007fb5c9ae6038 R14: 00007fb5c9ae5fa0 R15: 00007ffdd23b8418 [ 218.102340][T14461] [ 218.312076][ T144] bond0 (unregistering): Released all slaves [ 218.321315][ T144] bond1 (unregistering): Released all slaves [ 218.340715][T14473] netlink: 'syz.0.3348': attribute type 4 has an invalid length. [ 218.356587][T14473] loop0: detected capacity change from 0 to 512 [ 218.369581][ T144] tipc: Disabling bearer [ 218.375087][ T144] tipc: Left network mode [ 218.383015][T14473] __quota_error: 412 callbacks suppressed [ 218.383034][T14473] Quota error (device loop0): v2_read_file_info: Free block number 1 out of range (1, 6). [ 218.446384][ T144] hsr_slave_0: left promiscuous mode [ 218.452923][ T144] hsr_slave_1: left promiscuous mode [ 218.471118][T14473] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 218.489440][ T144] veth1_macvtap: left promiscuous mode [ 218.506205][ T144] veth0_macvtap: left promiscuous mode [ 218.527961][T14473] EXT4-fs (loop0): mount failed [ 218.536893][ T144] veth1_vlan: left promiscuous mode [ 218.549243][ T144] veth0_vlan: left promiscuous mode [ 218.602754][ T29] audit: type=1400 audit(1756497825.153:23478): avc: denied { setopt } for pid=14483 comm="syz.2.3351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 218.622753][ T29] audit: type=1400 audit(1756497825.153:23479): avc: denied { bind } for pid=14483 comm="syz.2.3351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 218.643358][ T29] audit: type=1400 audit(1756497825.153:23480): avc: denied { name_bind } for pid=14483 comm="syz.2.3351" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 218.666225][ T29] audit: type=1400 audit(1756497825.153:23481): avc: denied { node_bind } for pid=14483 comm="syz.2.3351" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 218.719909][T14487] loop2: detected capacity change from 0 to 1024 [ 218.731328][T14487] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 218.775520][ T29] audit: type=1400 audit(1756497825.332:23482): avc: denied { mount } for pid=14483 comm="syz.2.3351" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 218.798099][ T29] audit: type=1400 audit(1756497825.332:23483): avc: denied { read write } for pid=14483 comm="syz.2.3351" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 218.822573][ T29] audit: type=1400 audit(1756497825.332:23484): avc: denied { open } for pid=14483 comm="syz.2.3351" path="/dev/loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 218.848520][ T29] audit: type=1400 audit(1756497825.332:23485): avc: denied { mount } for pid=14485 comm="syz.3.3352" name="/" dev="configfs" ino=2060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 218.872374][ T29] audit: type=1400 audit(1756497825.332:23486): avc: denied { prog_load } for pid=14485 comm="syz.3.3352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 219.001192][T14495] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3353'. [ 219.044546][T14501] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 219.074195][T14503] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3356'. [ 219.083603][T14503] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3356'. [ 219.093637][T14505] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3357'. [ 219.121540][T14505] loop4: detected capacity change from 0 to 1024 [ 219.121584][T14503] loop0: detected capacity change from 0 to 1024 [ 219.148714][T14505] EXT4-fs mount: 53 callbacks suppressed [ 219.148734][T14505] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 219.150425][T14503] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 219.201806][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.216966][ T144] IPVS: stop unused estimator thread 0... [ 219.280670][T13280] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.745355][T14532] loop1: detected capacity change from 0 to 1024 [ 219.758843][T14516] siw: device registration error -23 [ 219.775204][T14532] EXT4-fs: Ignoring removed nobh option [ 219.780937][T14532] EXT4-fs: Ignoring removed bh option [ 219.790345][T14534] loop0: detected capacity change from 0 to 256 [ 219.800457][T14536] __nla_validate_parse: 1 callbacks suppressed [ 219.800474][T14536] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3368'. [ 219.815971][T14536] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3368'. [ 219.892652][T14540] loop3: detected capacity change from 0 to 1024 [ 219.926401][T14532] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 219.956329][T14540] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 219.956672][T13716] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.979461][T14532] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.3367: Allocating blocks 481-513 which overlap fs metadata [ 220.003111][T14547] netlink: 'syz.0.3370': attribute type 1 has an invalid length. [ 220.116707][T12836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.173524][T12638] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.200511][T14550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.214526][T14550] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.461648][T14565] IPVS: length: 139 != 8 [ 220.468579][T14562] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3377'. [ 220.492168][T14564] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3378'. [ 220.592041][T14573] netlink: 'syz.2.3382': attribute type 4 has an invalid length. [ 220.611175][T14573] loop2: detected capacity change from 0 to 512 [ 220.629341][T14573] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 220.645444][T14573] EXT4-fs (loop2): mount failed [ 220.689790][T14580] netlink: 'syz.4.3384': attribute type 1 has an invalid length. [ 220.798760][T14584] loop0: detected capacity change from 0 to 512 [ 220.814405][T14584] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 220.830964][T14584] EXT4-fs (loop0): 1 truncate cleaned up [ 220.902011][T14584] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.013957][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.161945][T14602] siw: device registration error -23 [ 221.217698][T14604] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3393'. [ 221.227204][T14604] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3393'. [ 221.250928][T14604] loop0: detected capacity change from 0 to 1024 [ 221.313398][T14604] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 221.397181][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.526715][T14611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 221.537025][T14611] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 222.083249][T14634] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3405'. [ 222.092934][T14634] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3405'. [ 222.113376][T14634] loop2: detected capacity change from 0 to 1024 [ 222.142078][T14634] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 222.197755][T13716] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.247460][T14647] loop0: detected capacity change from 0 to 512 [ 222.261535][T14647] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 222.368235][T14656] netlink: 'syz.2.3409': attribute type 1 has an invalid length. [ 222.399291][T14656] bridge_slave_0: left allmulticast mode [ 222.401314][T14655] siw: device registration error -23 [ 222.405283][T14656] bridge_slave_0: left promiscuous mode [ 222.405401][T14656] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.460464][T14647] EXT4-fs (loop0): 1 truncate cleaned up [ 222.467119][T14647] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 222.493815][T14656] bridge_slave_1: left allmulticast mode [ 222.499548][T14656] bridge_slave_1: left promiscuous mode [ 222.505543][T14656] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.517990][T14656] bond0: (slave bond_slave_0): Releasing backup interface [ 222.529989][T14656] bond0: (slave bond_slave_1): Releasing backup interface [ 223.545171][T14661] siw: device registration error -23 [ 223.756810][T14667] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 223.765532][ T29] kauditd_printk_skb: 840 callbacks suppressed [ 223.765549][ T29] audit: type=1400 audit(1756497830.565:24326): avc: denied { read } for pid=14665 comm="syz.4.3418" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 223.794991][ T29] audit: type=1400 audit(1756497830.565:24327): avc: denied { open } for pid=14665 comm="syz.4.3418" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 223.819599][ T29] audit: type=1400 audit(1756497830.565:24328): avc: denied { ioctl } for pid=14666 comm="syz.1.3417" path="socket:[40281]" dev="sockfs" ino=40281 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 223.846215][ T29] audit: type=1326 audit(1756497830.575:24329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14666 comm="syz.1.3417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 223.870542][ T29] audit: type=1326 audit(1756497830.575:24330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14666 comm="syz.1.3417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 223.895878][ T29] audit: type=1326 audit(1756497830.575:24331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14666 comm="syz.1.3417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 223.920068][ T29] audit: type=1326 audit(1756497830.575:24332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14666 comm="syz.1.3417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 223.944028][ T29] audit: type=1326 audit(1756497830.575:24333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14666 comm="syz.1.3417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 223.968599][ T29] audit: type=1326 audit(1756497830.575:24334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14666 comm="syz.1.3417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 223.992587][ T29] audit: type=1326 audit(1756497830.575:24335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14666 comm="syz.1.3417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 224.029275][T14656] team0: Port device team_slave_0 removed [ 224.036461][T14667] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.049309][T14656] team0: Port device team_slave_1 removed [ 224.056212][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.058831][T14656] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 224.073604][T14656] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 224.086955][T14656] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 224.094399][T14656] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 224.101609][T14673] loop0: detected capacity change from 0 to 1024 [ 224.115985][T14673] EXT4-fs: Ignoring removed nobh option [ 224.121697][T14673] EXT4-fs: Ignoring removed bh option [ 224.212504][T14683] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3424'. [ 224.289379][T14687] IPVS: length: 139 != 8 [ 224.306712][T14673] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.331765][T14673] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.3420: Allocating blocks 481-513 which overlap fs metadata [ 224.381523][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.402412][T14693] siw: device registration error -23 [ 224.444817][T14692] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3426'. [ 224.889232][T14701] netlink: 'syz.1.3431': attribute type 4 has an invalid length. [ 224.919200][T14703] loop0: detected capacity change from 0 to 512 [ 224.931734][T14701] loop1: detected capacity change from 0 to 512 [ 224.965086][T14703] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 224.979913][T14703] EXT4-fs (loop0): 1 truncate cleaned up [ 224.986446][T14703] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 225.018329][T14701] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 225.034132][T14701] EXT4-fs (loop1): mount failed [ 225.069874][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.070040][T14711] loop4: detected capacity change from 0 to 512 [ 225.088352][T14711] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 225.129291][T14717] __nla_validate_parse: 1 callbacks suppressed [ 225.129387][T14717] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3436'. [ 225.144853][T14717] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3436'. [ 225.148402][T14721] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3438'. [ 225.159338][T14717] loop2: detected capacity change from 0 to 1024 [ 225.163100][T14721] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3438'. [ 225.174640][T14711] EXT4-fs (loop4): 1 truncate cleaned up [ 225.185563][T14711] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 225.187310][T14717] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 225.247704][T13716] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.272547][T14729] loop2: detected capacity change from 0 to 1024 [ 225.281093][T13280] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.294162][T14732] netlink: 'syz.1.3442': attribute type 4 has an invalid length. [ 225.299693][T14729] EXT4-fs: Ignoring removed nobh option [ 225.302878][T14731] IPVS: length: 139 != 8 [ 225.307768][T14729] EXT4-fs: Ignoring removed bh option [ 225.317037][T14732] loop1: detected capacity change from 0 to 512 [ 225.331824][T14732] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 225.348768][T14732] EXT4-fs (loop1): mount failed [ 225.359129][T14729] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 225.492973][T14742] loop1: detected capacity change from 0 to 256 [ 225.515190][T14729] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.3440: Allocating blocks 497-513 which overlap fs metadata [ 225.588906][T14748] loop4: detected capacity change from 0 to 512 [ 225.600002][T14748] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 225.619932][T13716] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.634417][T14748] EXT4-fs (loop4): 1 truncate cleaned up [ 225.641361][T14748] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 225.840007][T14755] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3449'. [ 225.849060][T14755] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3449'. [ 225.954133][T13280] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.167383][T14763] netlink: 'syz.2.3454': attribute type 4 has an invalid length. [ 226.209452][T14763] loop2: detected capacity change from 0 to 512 [ 226.218618][T14767] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3451'. [ 226.228281][T14767] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3451'. [ 226.235369][T14763] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 226.253522][T14767] loop4: detected capacity change from 0 to 1024 [ 226.261343][T14763] EXT4-fs (loop2): mount failed [ 226.273854][T14773] loop0: detected capacity change from 0 to 1024 [ 226.280910][T14767] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 226.288178][T14773] EXT4-fs: Ignoring removed orlov option [ 226.307144][T14778] 9pnet_fd: Insufficient options for proto=fd [ 226.312331][T14773] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 226.328802][T14778] 9pnet_fd: Insufficient options for proto=fd [ 226.341747][T14778] FAULT_INJECTION: forcing a failure. [ 226.341747][T14778] name failslab, interval 1, probability 0, space 0, times 0 [ 226.354462][T14778] CPU: 1 UID: 0 PID: 14778 Comm: syz.2.3458 Not tainted syzkaller #0 PREEMPT(voluntary) [ 226.354488][T14778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 226.354498][T14778] Call Trace: [ 226.354504][T14778] [ 226.354554][T14778] __dump_stack+0x1d/0x30 [ 226.354579][T14778] dump_stack_lvl+0xe8/0x140 [ 226.354600][T14778] dump_stack+0x15/0x1b [ 226.354618][T14778] should_fail_ex+0x265/0x280 [ 226.354640][T14778] ? __se_sys_mount+0xef/0x2e0 [ 226.354664][T14778] should_failslab+0x8c/0xb0 [ 226.354704][T14778] __kmalloc_cache_noprof+0x4c/0x320 [ 226.354785][T14778] ? memdup_user+0x99/0xd0 [ 226.354811][T14778] __se_sys_mount+0xef/0x2e0 [ 226.354878][T14778] ? fput+0x8f/0xc0 [ 226.355001][T14778] ? ksys_write+0x192/0x1a0 [ 226.355085][T14778] __x64_sys_mount+0x67/0x80 [ 226.355109][T14778] x64_sys_call+0x2b4d/0x2ff0 [ 226.355132][T14778] do_syscall_64+0xd2/0x200 [ 226.355160][T14778] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 226.355185][T14778] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 226.355267][T14778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.355290][T14778] RIP: 0033:0x7f6d58b5ebe9 [ 226.355313][T14778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.355331][T14778] RSP: 002b:00007f6d575bf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 226.355354][T14778] RAX: ffffffffffffffda RBX: 00007f6d58d85fa0 RCX: 00007f6d58b5ebe9 [ 226.355367][T14778] RDX: 00002000000002c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 226.355427][T14778] RBP: 00007f6d575bf090 R08: 00002000000003c0 R09: 0000000000000000 [ 226.355475][T14778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.355486][T14778] R13: 00007f6d58d86038 R14: 00007f6d58d85fa0 R15: 00007ffd515987a8 [ 226.355503][T14778] [ 226.559624][T13280] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.591999][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.594778][T14781] IPVS: length: 139 != 8 [ 227.139709][T14803] loop3: detected capacity change from 0 to 512 [ 227.201264][T14803] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 227.280953][T14803] EXT4-fs (loop3): 1 truncate cleaned up [ 227.287512][T14803] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 227.413169][T14814] netlink: 'syz.1.3473': attribute type 1 has an invalid length. [ 227.535959][T12836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.668619][T14839] siw: device registration error -23 [ 228.412443][T14854] loop3: detected capacity change from 0 to 512 [ 228.419679][T14854] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 228.433559][T14854] EXT4-fs (loop3): 1 truncate cleaned up [ 228.441947][T14854] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.485043][T14863] netlink: 'syz.1.3494': attribute type 1 has an invalid length. [ 228.508281][T14865] netlink: 'syz.4.3495': attribute type 4 has an invalid length. [ 228.521862][T14865] loop4: detected capacity change from 0 to 512 [ 228.537132][T12836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.548662][T14865] __quota_error: 768 callbacks suppressed [ 228.548679][T14865] Quota error (device loop4): v2_read_file_info: Free block number 1 out of range (1, 6). [ 228.590329][T14865] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 228.616368][ T29] audit: type=1400 audit(1756497835.691:25101): avc: denied { read write } for pid=13986 comm="syz-executor" name="loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 228.622992][T14865] EXT4-fs (loop4): mount failed [ 228.641368][ T29] audit: type=1400 audit(1756497835.691:25102): avc: denied { open } for pid=13986 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 228.672639][ T29] audit: type=1400 audit(1756497835.691:25103): avc: denied { mount } for pid=14855 comm="syz.2.3490" name="/" dev="configfs" ino=2060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 228.697119][ T29] audit: type=1400 audit(1756497835.691:25104): avc: denied { prog_load } for pid=14855 comm="syz.2.3490" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 228.717175][ T29] audit: type=1400 audit(1756497835.691:25105): avc: denied { bpf } for pid=14855 comm="syz.2.3490" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 228.738726][ T29] audit: type=1400 audit(1756497835.691:25106): avc: denied { perfmon } for pid=14855 comm="syz.2.3490" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 228.760286][ T29] audit: type=1400 audit(1756497835.691:25107): avc: denied { search } for pid=14855 comm="syz.2.3490" name="/" dev="configfs" ino=2060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 228.782678][ T29] audit: type=1400 audit(1756497835.691:25108): avc: denied { search } for pid=14855 comm="syz.2.3490" name="/" dev="configfs" ino=2060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 228.787259][T14874] loop1: detected capacity change from 0 to 512 [ 228.805482][ T29] audit: type=1400 audit(1756497835.691:25109): avc: denied { read open } for pid=14855 comm="syz.2.3490" path="/" dev="configfs" ino=2060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 228.844804][T14874] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 228.855852][T14870] loop0: detected capacity change from 0 to 512 [ 228.866048][T14870] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 228.880930][T14874] EXT4-fs (loop1): 1 truncate cleaned up [ 228.888173][T14870] EXT4-fs (loop0): 1 truncate cleaned up [ 228.894294][T14870] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.905580][T14874] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.953458][T14886] loop4: detected capacity change from 0 to 256 [ 228.972169][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.974040][T12638] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.007589][T14884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 229.016495][T14884] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.033571][T14896] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3507'. [ 229.042675][T14896] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3507'. [ 229.058010][T14896] loop0: detected capacity change from 0 to 1024 [ 229.086143][T14896] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 229.145520][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.165518][T14911] netlink: 'syz.0.3512': attribute type 4 has an invalid length. [ 229.194917][T14911] loop0: detected capacity change from 0 to 512 [ 229.229308][T14909] loop2: detected capacity change from 0 to 512 [ 229.238135][T14909] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 229.266255][T14909] EXT4-fs (loop2): 1 truncate cleaned up [ 229.370024][T14911] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 229.386047][T14909] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 229.402727][T14911] EXT4-fs (loop0): mount failed [ 229.557674][T13716] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.649108][T14928] IPVS: length: 139 != 8 [ 229.676814][T14935] loop2: detected capacity change from 0 to 1024 [ 229.689477][T14941] netlink: 'syz.4.3526': attribute type 4 has an invalid length. [ 229.693993][T14935] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 229.709989][T14941] loop4: detected capacity change from 0 to 512 [ 229.734839][T14941] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 229.750879][T14941] EXT4-fs (loop4): mount failed [ 229.757051][T13716] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.766778][T14946] loop3: detected capacity change from 0 to 512 [ 229.775210][T14946] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 229.800347][T14946] EXT4-fs (loop3): 1 truncate cleaned up [ 229.862973][T14944] 9pnet_fd: Insufficient options for proto=fd [ 229.902205][T14946] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 230.026423][T14970] netlink: 'syz.2.3537': attribute type 1 has an invalid length. [ 230.026668][T14968] IPVS: length: 139 != 8 [ 230.053322][T12836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.142140][T14973] __nla_validate_parse: 3 callbacks suppressed [ 230.142155][T14973] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3538'. [ 230.157557][T14973] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3538'. [ 230.189512][T14977] netlink: 'syz.4.3540': attribute type 4 has an invalid length. [ 230.198979][T14973] loop3: detected capacity change from 0 to 1024 [ 230.214203][T14977] loop4: detected capacity change from 0 to 512 [ 230.225394][T14973] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 230.257816][T14990] IPVS: length: 139 != 8 [ 230.263701][T14977] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 230.323511][T14977] EXT4-fs (loop4): mount failed [ 230.329724][T12836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.492620][T15009] netlink: 'syz.1.3554': attribute type 1 has an invalid length. [ 230.583773][T15021] IPVS: length: 139 != 8 [ 230.601247][T15019] loop4: detected capacity change from 0 to 256 [ 230.614648][T14938] Process accounting resumed [ 230.637027][T15025] loop1: detected capacity change from 0 to 256 [ 230.771679][T15047] netlink: 'syz.0.3573': attribute type 1 has an invalid length. [ 230.783272][T15049] netlink: 'syz.1.3574': attribute type 1 has an invalid length. [ 231.057438][T15067] siw: device registration error -23 [ 231.083272][T15058] loop0: detected capacity change from 0 to 256 [ 231.258179][T15073] loop1: detected capacity change from 0 to 512 [ 231.289641][T15073] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 231.378633][T15082] netlink: 'syz.3.3589': attribute type 1 has an invalid length. [ 231.388153][T15073] EXT4-fs (loop1): 1 truncate cleaned up [ 231.394736][T15073] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 231.434535][T15089] IPVS: length: 139 != 8 [ 231.481408][T12638] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.585672][T15102] IPVS: length: 139 != 8 [ 231.976360][T15155] IPVS: length: 139 != 8 [ 232.177707][T15173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 232.188222][T15173] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 232.599881][T15208] siw: device registration error -23 [ 232.679820][T15200] 9pnet_fd: Insufficient options for proto=fd [ 233.161404][T15235] IPVS: length: 139 != 8 [ 233.178522][T15236] IPVS: length: 139 != 8 [ 233.304292][ T29] kauditd_printk_skb: 1667 callbacks suppressed [ 233.304311][ T29] audit: type=1326 audit(1756497840.637:26774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15244 comm="syz.1.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 233.332811][T15245] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3658'. [ 233.344726][T15245] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3658'. [ 233.401992][T15251] netlink: 'syz.0.3661': attribute type 4 has an invalid length. [ 233.403994][ T29] audit: type=1326 audit(1756497840.637:26775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15244 comm="syz.1.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 233.422499][T15251] loop0: detected capacity change from 0 to 512 [ 233.434079][ T29] audit: type=1326 audit(1756497840.637:26776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15244 comm="syz.1.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 233.464412][ T29] audit: type=1326 audit(1756497840.669:26777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15244 comm="syz.1.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 233.488717][ T29] audit: type=1400 audit(1756497840.669:26778): avc: denied { create } for pid=15244 comm="syz.1.3658" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 233.509420][ T29] audit: type=1326 audit(1756497840.669:26779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15244 comm="syz.1.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 233.533757][ T29] audit: type=1326 audit(1756497840.669:26780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15244 comm="syz.1.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 233.535439][T15245] loop1: detected capacity change from 0 to 1024 [ 233.557491][ T29] audit: type=1326 audit(1756497840.669:26781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15244 comm="syz.1.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 233.588348][ T29] audit: type=1326 audit(1756497840.669:26782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15244 comm="syz.1.3658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 233.612113][ T29] audit: type=1326 audit(1756497840.690:26783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15242 comm="syz.4.3657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa871b5ebe9 code=0x7ffc0000 [ 233.690845][T15251] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 233.707147][T15251] EXT4-fs (loop0): mount failed [ 233.715642][T15245] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 233.804007][T12638] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 233.846765][T15268] netlink: 'syz.1.3666': attribute type 4 has an invalid length. [ 233.869555][T15209] Process accounting resumed [ 233.870764][T15266] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3667'. [ 233.884386][T15266] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3667'. [ 233.947541][T15272] IPVS: length: 139 != 8 [ 233.955708][T15266] loop4: detected capacity change from 0 to 1024 [ 234.014356][T15278] loop0: detected capacity change from 0 to 512 [ 234.026120][T15266] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 234.038920][T15278] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 234.059810][T15278] EXT4-fs (loop0): 1 truncate cleaned up [ 234.067873][T15278] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 234.152043][T13280] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.191895][T15288] netlink: 'syz.1.3674': attribute type 4 has an invalid length. [ 234.198097][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.209599][T15288] loop1: detected capacity change from 0 to 512 [ 234.228491][T15288] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 234.254418][T15288] EXT4-fs (loop1): mount failed [ 234.459431][T15303] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.496343][T15303] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.739622][T15312] loop2: detected capacity change from 0 to 512 [ 234.748238][T15312] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 234.773009][T15312] EXT4-fs (loop2): 1 truncate cleaned up [ 234.779205][T15315] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3683'. [ 234.788390][T15315] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3683'. [ 234.791509][T15312] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 234.810785][T15315] loop4: detected capacity change from 0 to 1024 [ 234.853209][T13716] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.873091][T15315] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 234.913593][T15321] loop2: detected capacity change from 0 to 256 [ 234.972142][T13280] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.006378][T15326] loop1: detected capacity change from 0 to 256 [ 235.019512][T15332] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3690'. [ 235.028843][T15332] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3690'. [ 235.038715][T15334] loop3: detected capacity change from 0 to 256 [ 235.047218][T15332] loop2: detected capacity change from 0 to 1024 [ 235.092446][T15342] loop0: detected capacity change from 0 to 512 [ 235.102895][T15342] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 235.108871][T15332] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 235.128381][T15342] EXT4-fs (loop0): 1 truncate cleaned up [ 235.129952][T15345] validate_nla: 1 callbacks suppressed [ 235.129967][T15345] netlink: 'syz.3.3694': attribute type 4 has an invalid length. [ 235.157764][T15345] loop3: detected capacity change from 0 to 512 [ 235.262052][T15345] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 235.282561][T15345] EXT4-fs (loop3): mount failed [ 235.299536][T15358] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3699'. [ 235.308738][T15358] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3699'. [ 235.322729][T15358] loop2: detected capacity change from 0 to 1024 [ 235.380841][T15361] siw: device registration error -23 [ 235.687021][T15373] loop4: detected capacity change from 0 to 512 [ 235.732430][T15373] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 235.751400][T15377] netlink: 'syz.3.3707': attribute type 4 has an invalid length. [ 235.771832][T15373] EXT4-fs (loop4): 1 truncate cleaned up [ 235.890724][T15395] netlink: 'syz.4.3710': attribute type 4 has an invalid length. [ 235.901088][T15397] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3717'. [ 235.903872][T15395] loop4: detected capacity change from 0 to 512 [ 235.990519][T15401] siw: device registration error -23 [ 236.090048][T15403] loop3: detected capacity change from 0 to 512 [ 236.149303][T15403] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 236.193406][T15395] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 236.210713][T15405] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3720'. [ 236.236222][T15403] EXT4-fs (loop3): 1 truncate cleaned up [ 236.286078][T15395] EXT4-fs (loop4): mount failed [ 236.308459][T15412] loop1: detected capacity change from 0 to 512 [ 236.353337][T15412] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 236.367773][T15414] loop0: detected capacity change from 0 to 512 [ 236.375920][T15414] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 236.386157][T15412] EXT4-fs (loop1): 1 truncate cleaned up [ 236.420156][T15414] EXT4-fs (loop0): 1 truncate cleaned up [ 236.430592][T15422] netlink: 'syz.3.3724': attribute type 4 has an invalid length. [ 236.505772][T15424] loop1: detected capacity change from 0 to 256 [ 236.516920][T15431] IPVS: length: 139 != 8 [ 236.564340][T15437] loop4: detected capacity change from 0 to 512 [ 236.573796][T15437] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 236.602907][T15441] netlink: 'syz.3.3735': attribute type 4 has an invalid length. [ 236.614951][T15441] loop3: detected capacity change from 0 to 512 [ 236.632429][T15437] EXT4-fs (loop4): 1 truncate cleaned up [ 236.643046][T15443] loop1: detected capacity change from 0 to 512 [ 236.651018][T15441] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 236.666396][T15443] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 236.679476][T15443] EXT4-fs (loop1): 1 truncate cleaned up [ 236.687968][T15441] EXT4-fs (loop3): mount failed [ 236.694204][T15449] loop2: detected capacity change from 0 to 512 [ 236.708083][T15449] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 236.734691][T15451] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3737'. [ 236.744094][T15451] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3737'. [ 236.756574][T15455] netlink: 'syz.3.3739': attribute type 4 has an invalid length. [ 236.764968][T15451] loop4: detected capacity change from 0 to 1024 [ 236.778768][T15449] EXT4-fs (loop2): 1 truncate cleaned up [ 236.856403][T15459] loop1: detected capacity change from 0 to 512 [ 236.865508][T15459] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 236.879424][T15464] loop2: detected capacity change from 0 to 512 [ 236.888149][T15464] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 236.892188][T15459] EXT4-fs (loop1): 1 truncate cleaned up [ 236.925531][T15464] EXT4-fs (loop2): 1 truncate cleaned up [ 237.009592][T15478] netlink: 'syz.3.3748': attribute type 4 has an invalid length. [ 237.086250][T15478] loop3: detected capacity change from 0 to 512 [ 237.096595][T15478] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 237.113910][T15478] EXT4-fs (loop3): mount failed [ 237.153906][T15487] netlink: 'syz.1.3751': attribute type 4 has an invalid length. [ 237.214731][T15488] loop4: detected capacity change from 0 to 256 [ 237.232946][T15491] loop3: detected capacity change from 0 to 512 [ 237.262251][T15491] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 237.286994][T15497] loop0: detected capacity change from 0 to 512 [ 237.287343][T15491] EXT4-fs (loop3): 1 truncate cleaned up [ 237.299659][T15497] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 237.315307][T15497] EXT4-fs (loop0): 1 truncate cleaned up [ 237.370236][T15510] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3761'. [ 237.443210][T15520] netlink: 'syz.0.3763': attribute type 4 has an invalid length. [ 237.471135][T15522] 9pnet_fd: Insufficient options for proto=fd [ 237.472835][T15520] loop0: detected capacity change from 0 to 512 [ 237.484385][T15518] loop2: detected capacity change from 0 to 256 [ 237.498442][T15520] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 237.514844][T15520] EXT4-fs (loop0): mount failed [ 237.516128][T15522] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621 [ 237.535028][T15530] netlink: 'syz.4.3770': attribute type 4 has an invalid length. [ 237.542443][T15531] IPVS: length: 139 != 8 [ 237.601963][T15539] loop2: detected capacity change from 0 to 512 [ 237.618440][T15539] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 237.636118][T15539] EXT4-fs (loop2): 1 truncate cleaned up [ 237.660010][T15548] lo speed is unknown, defaulting to 1000 [ 237.709846][T15552] loop1: detected capacity change from 0 to 512 [ 237.743822][T15552] ext4 filesystem being mounted at /190/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 237.777031][T15557] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3780'. [ 237.828727][T15557] loop0: detected capacity change from 0 to 1024 [ 238.065629][T15562] loop2: detected capacity change from 0 to 512 [ 238.095094][ T29] kauditd_printk_skb: 1475 callbacks suppressed [ 238.095112][ T29] audit: type=1326 audit(1756497845.677:28252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15556 comm="syz.0.3780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb5c98bd550 code=0x7ffc0000 [ 238.174735][T15562] Quota error (device loop2): v2_read_file_info: Free block number 1 out of range (1, 6). [ 238.249594][ T29] audit: type=1326 audit(1756497845.708:28253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15556 comm="syz.0.3780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7fb5c98bd937 code=0x7ffc0000 [ 238.257806][T15562] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 238.284185][ T29] audit: type=1326 audit(1756497845.708:28254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15556 comm="syz.0.3780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb5c98bd550 code=0x7ffc0000 [ 238.313041][T15562] EXT4-fs (loop2): mount failed [ 238.323704][ T29] audit: type=1326 audit(1756497845.708:28255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15556 comm="syz.0.3780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5c98bebe9 code=0x7ffc0000 [ 238.352919][ T29] audit: type=1326 audit(1756497845.708:28256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15556 comm="syz.0.3780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5c98bebe9 code=0x7ffc0000 [ 238.377244][ T29] audit: type=1326 audit(1756497845.761:28257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15556 comm="syz.0.3780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fb5c98bebe9 code=0x7ffc0000 [ 238.401831][ T29] audit: type=1326 audit(1756497845.761:28258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15556 comm="syz.0.3780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5c98bebe9 code=0x7ffc0000 [ 238.426022][ T29] audit: type=1326 audit(1756497845.772:28259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15556 comm="syz.0.3780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5c98bebe9 code=0x7ffc0000 [ 238.450595][ T29] audit: type=1326 audit(1756497845.772:28260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15556 comm="syz.0.3780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fb5c98bebe9 code=0x7ffc0000 [ 238.548204][T15584] loop2: detected capacity change from 0 to 1024 [ 238.558921][T15589] 9pnet_fd: Insufficient options for proto=fd [ 238.567969][T15589] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621 [ 238.577375][T15584] EXT4-fs: Ignoring removed nobh option [ 238.583782][T15584] EXT4-fs: Ignoring removed bh option [ 238.640168][T15597] loop1: detected capacity change from 0 to 1024 [ 238.646875][T15601] loop0: detected capacity change from 0 to 512 [ 238.678053][T15584] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.3790: Allocating blocks 481-513 which overlap fs metadata [ 238.695587][T15601] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 238.711333][T15601] EXT4-fs (loop0): mount failed [ 238.772157][T15613] loop1: detected capacity change from 0 to 1024 [ 238.783518][T15613] EXT4-fs: Ignoring removed nobh option [ 238.789334][T15613] EXT4-fs: Ignoring removed bh option [ 238.813684][T15613] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.3800: Allocating blocks 497-513 which overlap fs metadata [ 239.159366][T15635] loop3: detected capacity change from 0 to 512 [ 239.166297][T15634] loop2: detected capacity change from 0 to 512 [ 239.211962][T15634] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 239.227350][T15635] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 239.267901][T15637] loop1: detected capacity change from 0 to 1024 [ 239.307165][T15634] EXT4-fs (loop2): 1 truncate cleaned up [ 239.317022][T15635] EXT4-fs (loop3): 1 truncate cleaned up [ 239.382045][T15647] 9pnet_fd: Insufficient options for proto=fd [ 239.404554][T15652] siw: device registration error -23 [ 239.411463][T15647] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621 [ 239.478897][T15661] IPVS: length: 139 != 8 [ 239.853930][T15679] __nla_validate_parse: 5 callbacks suppressed [ 239.853945][T15679] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3823'. [ 239.869302][T15679] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3823'. [ 239.909714][T15679] loop0: detected capacity change from 0 to 1024 [ 240.123199][T15692] 9pnet_fd: Insufficient options for proto=fd [ 240.152094][T15692] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621 [ 240.604960][T15714] loop0: detected capacity change from 0 to 512 [ 240.655255][T15714] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 240.714201][T15721] validate_nla: 3 callbacks suppressed [ 240.714220][T15721] netlink: 'syz.1.3849': attribute type 1 has an invalid length. [ 240.751105][T15714] EXT4-fs (loop0): 1 truncate cleaned up [ 240.920337][T15733] netlink: 'syz.4.3843': attribute type 4 has an invalid length. [ 240.948664][T15733] loop4: detected capacity change from 0 to 512 [ 240.965677][T15733] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 240.997931][T15743] loop1: detected capacity change from 0 to 512 [ 241.005178][T15743] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 241.016471][T15733] EXT4-fs (loop4): mount failed [ 241.030039][T15743] EXT4-fs (loop1): 1 truncate cleaned up [ 241.048617][T15748] netlink: 'syz.0.3850': attribute type 4 has an invalid length. [ 241.094586][T15751] 9pnet_fd: Insufficient options for proto=fd [ 241.117915][T15752] loop4: detected capacity change from 0 to 512 [ 241.153376][T15752] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 241.167654][T15760] netlink: 'syz.3.3856': attribute type 4 has an invalid length. [ 241.187196][T15752] EXT4-fs (loop4): 1 truncate cleaned up [ 241.204024][T15763] netlink: 'syz.0.3857': attribute type 1 has an invalid length. [ 241.314564][T15773] netlink: 'syz.1.3863': attribute type 4 has an invalid length. [ 241.332950][T15774] FAULT_INJECTION: forcing a failure. [ 241.332950][T15774] name failslab, interval 1, probability 0, space 0, times 0 [ 241.345842][T15774] CPU: 1 UID: 0 PID: 15774 Comm: syz.0.3861 Not tainted syzkaller #0 PREEMPT(voluntary) [ 241.345874][T15774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 241.345888][T15774] Call Trace: [ 241.345902][T15774] [ 241.345910][T15774] __dump_stack+0x1d/0x30 [ 241.345996][T15774] dump_stack_lvl+0xe8/0x140 [ 241.346017][T15774] dump_stack+0x15/0x1b [ 241.346035][T15774] should_fail_ex+0x265/0x280 [ 241.346111][T15774] should_failslab+0x8c/0xb0 [ 241.346136][T15774] kmem_cache_alloc_noprof+0x50/0x310 [ 241.346167][T15774] ? getname_flags+0x80/0x3b0 [ 241.346212][T15774] getname_flags+0x80/0x3b0 [ 241.346235][T15774] user_path_at+0x28/0x130 [ 241.346266][T15774] __se_sys_mount+0x25b/0x2e0 [ 241.346305][T15774] ? fput+0x8f/0xc0 [ 241.346337][T15774] __x64_sys_mount+0x67/0x80 [ 241.346357][T15774] x64_sys_call+0x2b4d/0x2ff0 [ 241.346415][T15774] do_syscall_64+0xd2/0x200 [ 241.346442][T15774] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 241.346492][T15774] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 241.346602][T15774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.346685][T15774] RIP: 0033:0x7fb5c98bebe9 [ 241.346703][T15774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.346720][T15774] RSP: 002b:00007fb5c8327038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 241.346739][T15774] RAX: ffffffffffffffda RBX: 00007fb5c9ae5fa0 RCX: 00007fb5c98bebe9 [ 241.346752][T15774] RDX: 00002000000002c0 RSI: 0000200000000140 RDI: 0000000000000000 [ 241.346766][T15774] RBP: 00007fb5c8327090 R08: 00002000000003c0 R09: 0000000000000000 [ 241.346846][T15774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 241.346860][T15774] R13: 00007fb5c9ae6038 R14: 00007fb5c9ae5fa0 R15: 00007ffdd23b8418 [ 241.346878][T15774] [ 241.587950][T15773] loop1: detected capacity change from 0 to 512 [ 241.649068][T15773] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 241.697882][T15782] netlink: 'syz.4.3865': attribute type 4 has an invalid length. [ 241.714880][T15773] EXT4-fs (loop1): mount failed [ 241.736247][T15784] loop0: detected capacity change from 0 to 512 [ 241.765996][T15784] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 241.807842][T15784] EXT4-fs (loop0): 1 truncate cleaned up [ 241.975298][T15788] lo speed is unknown, defaulting to 1000 [ 242.133318][T15804] netlink: 'syz.1.3873': attribute type 1 has an invalid length. [ 242.149906][T15795] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 242.173048][T15795] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 242.193815][T15807] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3875'. [ 242.265456][T15809] Falling back ldisc for ttyS3. [ 242.270678][T15812] netlink: 'syz.1.3877': attribute type 4 has an invalid length. [ 242.289235][T15814] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 242.298859][T15814] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 242.308950][T15814] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 242.317649][T15814] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 242.352435][T15823] netlink: 'syz.1.3881': attribute type 4 has an invalid length. [ 242.371184][T15825] veth0_vlan: entered allmulticast mode [ 242.383294][T15825] veth0_vlan: left promiscuous mode [ 242.390772][T15825] veth0_vlan: entered promiscuous mode [ 242.402948][T15825] team0: Device veth0_vlan failed to register rx_handler [ 242.436144][T15825] pim6reg1: entered promiscuous mode [ 242.442019][T15825] pim6reg1: entered allmulticast mode [ 242.877070][ T29] kauditd_printk_skb: 710 callbacks suppressed [ 242.877109][ T29] audit: type=1400 audit(1756497850.705:28966): avc: denied { create } for pid=15853 comm="syz.0.3893" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 242.935124][T15854] 9pnet_fd: Insufficient options for proto=fd [ 243.050395][ T29] audit: type=1400 audit(1756497850.769:28967): avc: denied { mounton } for pid=15853 comm="syz.0.3893" path="/121/file0" dev="tmpfs" ino=677 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 243.075768][ T29] audit: type=1326 audit(1756497850.916:28968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15858 comm="syz.3.3895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1652bebe9 code=0x7ffc0000 [ 243.099667][ T29] audit: type=1326 audit(1756497850.916:28969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15858 comm="syz.3.3895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1652bebe9 code=0x7ffc0000 [ 243.101469][T15861] loop0: detected capacity change from 0 to 512 [ 243.124422][ T29] audit: type=1326 audit(1756497850.916:28970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15858 comm="syz.3.3895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1652bebe9 code=0x7ffc0000 [ 243.134936][T15861] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 243.154351][ T29] audit: type=1326 audit(1756497850.916:28971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15858 comm="syz.3.3895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1652bebe9 code=0x7ffc0000 [ 243.154391][ T29] audit: type=1326 audit(1756497850.916:28972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15858 comm="syz.3.3895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1652bebe9 code=0x7ffc0000 [ 243.198749][T15861] EXT4-fs (loop0): 1 truncate cleaned up [ 243.212581][ T29] audit: type=1326 audit(1756497850.916:28973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15858 comm="syz.3.3895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1652bebe9 code=0x7ffc0000 [ 243.267953][T15859] loop3: detected capacity change from 0 to 256 [ 243.286556][ T29] audit: type=1326 audit(1756497850.916:28974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15858 comm="syz.3.3895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1652bebe9 code=0x7ffc0000 [ 243.311222][ T29] audit: type=1326 audit(1756497850.916:28975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15858 comm="syz.3.3895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1652bebe9 code=0x7ffc0000 [ 243.431917][T15879] loop4: detected capacity change from 0 to 512 [ 243.441111][T15879] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 243.501437][T15879] EXT4-fs (loop4): 1 truncate cleaned up [ 243.528781][T15898] loop0: detected capacity change from 0 to 512 [ 243.536955][T15898] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 243.548894][T15898] EXT4-fs (loop0): 1 truncate cleaned up [ 243.565493][T15895] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3910'. [ 243.574656][T15895] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3910'. [ 243.591044][T15895] loop1: detected capacity change from 0 to 1024 [ 243.606565][ T36] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 243.614097][ T36] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 243.621621][ T36] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 243.631573][ T36] hid-generic 0003:0004:0000.0001: hidraw0: USB HID v0.00 Device [syz0] on syz0 [ 244.070410][T15916] IPVS: length: 139 != 8 [ 244.162010][T15926] 9pnet_fd: Insufficient options for proto=fd [ 244.265199][T15934] loop1: detected capacity change from 0 to 512 [ 244.340963][T15934] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 244.361646][T15934] EXT4-fs (loop1): 1 truncate cleaned up [ 244.406922][T15936] mmap: syz.4.3926 (15936): VmData 29208576 exceed data ulimit 255. Update limits or use boot option ignore_rlimit_data. [ 244.465123][ T1035] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0 [ 244.472674][ T1035] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0 [ 244.480283][ T1035] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0 [ 244.534975][ T1035] hid-generic 0003:0004:0000.0002: hidraw0: USB HID v0.00 Device [syz0] on syz0 [ 244.559408][T15955] 9pnet_fd: Insufficient options for proto=fd [ 244.583063][T15959] loop3: detected capacity change from 0 to 512 [ 244.588925][T15961] FAULT_INJECTION: forcing a failure. [ 244.588925][T15961] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.602643][T15961] CPU: 1 UID: 0 PID: 15961 Comm: syz.0.3936 Not tainted syzkaller #0 PREEMPT(voluntary) [ 244.602740][T15961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 244.602753][T15961] Call Trace: [ 244.602761][T15961] [ 244.602769][T15961] __dump_stack+0x1d/0x30 [ 244.602793][T15961] dump_stack_lvl+0xe8/0x140 [ 244.602813][T15961] dump_stack+0x15/0x1b [ 244.602831][T15961] should_fail_ex+0x265/0x280 [ 244.602892][T15961] should_fail+0xb/0x20 [ 244.602908][T15961] should_fail_usercopy+0x1a/0x20 [ 244.602933][T15961] _copy_to_user+0x20/0xa0 [ 244.602957][T15961] bpf_verifier_vlog+0x2c5/0x5b0 [ 244.602987][T15961] ? avc_has_perm_noaudit+0x1b1/0x200 [ 244.603015][T15961] btf_verifier_log+0xad/0xe0 [ 244.603075][T15961] ? btf_new_fd+0x139/0x790 [ 244.603092][T15961] ? should_failslab+0x8c/0xb0 [ 244.603114][T15961] btf_parse_hdr+0x30d/0x3b0 [ 244.603144][T15961] btf_new_fd+0x241/0x790 [ 244.603244][T15959] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 244.603247][T15961] bpf_btf_load+0x112/0x130 [ 244.603280][T15961] __sys_bpf+0x352/0x7b0 [ 244.603308][T15961] __x64_sys_bpf+0x41/0x50 [ 244.603332][T15961] x64_sys_call+0x2aea/0x2ff0 [ 244.603375][T15961] do_syscall_64+0xd2/0x200 [ 244.603402][T15961] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 244.603454][T15961] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 244.603480][T15961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.603501][T15961] RIP: 0033:0x7fb5c98bebe9 [ 244.603517][T15961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.603535][T15961] RSP: 002b:00007fb5c8327038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 244.603629][T15961] RAX: ffffffffffffffda RBX: 00007fb5c9ae5fa0 RCX: 00007fb5c98bebe9 [ 244.603642][T15961] RDX: 0000000000000028 RSI: 0000200000000340 RDI: 0000000000000012 [ 244.603655][T15961] RBP: 00007fb5c8327090 R08: 0000000000000000 R09: 0000000000000000 [ 244.603667][T15961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.603679][T15961] R13: 00007fb5c9ae6038 R14: 00007fb5c9ae5fa0 R15: 00007ffdd23b8418 [ 244.603728][T15961] [ 244.634961][T15966] FAULT_INJECTION: forcing a failure. [ 244.634961][T15966] name failslab, interval 1, probability 0, space 0, times 0 [ 244.837350][T15966] CPU: 1 UID: 0 PID: 15966 Comm: syz.4.3937 Not tainted syzkaller #0 PREEMPT(voluntary) [ 244.837378][T15966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 244.837389][T15966] Call Trace: [ 244.837396][T15966] [ 244.837403][T15966] __dump_stack+0x1d/0x30 [ 244.837423][T15966] dump_stack_lvl+0xe8/0x140 [ 244.837501][T15966] dump_stack+0x15/0x1b [ 244.837515][T15966] should_fail_ex+0x265/0x280 [ 244.837533][T15966] should_failslab+0x8c/0xb0 [ 244.837647][T15966] kmem_cache_alloc_noprof+0x50/0x310 [ 244.837686][T15966] ? alloc_vfsmnt+0x2d/0x300 [ 244.837712][T15966] alloc_vfsmnt+0x2d/0x300 [ 244.837736][T15966] clone_mnt+0x46/0x630 [ 244.837784][T15966] copy_tree+0x2cd/0x8c0 [ 244.837802][T15966] copy_mnt_ns+0x120/0x5c0 [ 244.837820][T15966] ? kmem_cache_alloc_noprof+0x220/0x310 [ 244.837842][T15966] ? create_new_namespaces+0x3c/0x3d0 [ 244.837912][T15966] create_new_namespaces+0x83/0x3d0 [ 244.837956][T15966] unshare_nsproxy_namespaces+0xe8/0x120 [ 244.837982][T15966] ksys_unshare+0x3d0/0x6d0 [ 244.838029][T15966] ? ksys_write+0x15f/0x1a0 [ 244.838050][T15966] __x64_sys_unshare+0x1f/0x30 [ 244.838172][T15966] x64_sys_call+0x2911/0x2ff0 [ 244.838192][T15966] do_syscall_64+0xd2/0x200 [ 244.838215][T15966] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 244.838236][T15966] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 244.838316][T15966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.838334][T15966] RIP: 0033:0x7fa871b5ebe9 [ 244.838348][T15966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.838363][T15966] RSP: 002b:00007fa8705bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 244.838382][T15966] RAX: ffffffffffffffda RBX: 00007fa871d85fa0 RCX: 00007fa871b5ebe9 [ 244.838424][T15966] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000022020600 [ 244.838435][T15966] RBP: 00007fa8705bf090 R08: 0000000000000000 R09: 0000000000000000 [ 244.838445][T15966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 244.838456][T15966] R13: 00007fa871d86038 R14: 00007fa871d85fa0 R15: 00007ffcf3a09dc8 [ 244.838525][T15966] [ 245.234693][T15973] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3939'. [ 245.244218][T15973] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3939'. [ 245.291759][T15973] loop2: detected capacity change from 0 to 1024 [ 245.473977][T15959] EXT4-fs (loop3): 1 truncate cleaned up [ 245.549143][T15994] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3946'. [ 245.558467][T15994] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3946'. [ 245.576094][T15998] 9pnet_fd: Insufficient options for proto=fd [ 245.580355][T15994] loop3: detected capacity change from 0 to 1024 [ 245.589694][T15997] validate_nla: 8 callbacks suppressed [ 245.589712][T15997] netlink: 'syz.1.3948': attribute type 4 has an invalid length. [ 245.654857][T16002] loop2: detected capacity change from 0 to 512 [ 245.673854][T16002] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 245.703376][T16002] EXT4-fs (loop2): 1 truncate cleaned up [ 245.723605][T16014] netlink: 'syz.0.3954': attribute type 4 has an invalid length. [ 245.821892][T16026] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 245.844379][T16026] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 245.868098][T16026] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 245.876991][T16026] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 245.909899][T16030] siw: device registration error -23 [ 246.647524][T16035] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3962'. [ 246.718139][T16041] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3965'. [ 246.756353][T16041] loop4: detected capacity change from 0 to 1024 [ 247.126285][T16064] netlink: 'syz.4.3973': attribute type 4 has an invalid length. [ 247.271053][T16074] netlink: 'syz.1.3977': attribute type 4 has an invalid length. [ 247.802838][T16077] siw: device registration error -23 [ 247.884375][ T29] kauditd_printk_skb: 505 callbacks suppressed [ 247.884397][ T29] audit: type=1326 audit(1756497855.344:29481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16072 comm="syz.1.3977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 247.916566][ T29] audit: type=1326 audit(1756497855.344:29482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16072 comm="syz.1.3977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f6b79b8ebe9 code=0x7ffc0000 [ 248.053587][ T29] audit: type=1326 audit(1756497856.143:29483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16082 comm="syz.0.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5c98bebe9 code=0x7ffc0000 [ 248.080446][ T29] audit: type=1326 audit(1756497856.175:29484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16082 comm="syz.0.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb5c98bebe9 code=0x7ffc0000 [ 248.105444][ T29] audit: type=1326 audit(1756497856.175:29485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16082 comm="syz.0.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5c98bebe9 code=0x7ffc0000 [ 248.129837][ T29] audit: type=1326 audit(1756497856.175:29486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16082 comm="syz.0.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5c98bebe9 code=0x7ffc0000 [ 248.154400][ T29] audit: type=1326 audit(1756497856.175:29487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16082 comm="syz.0.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb5c98bebe9 code=0x7ffc0000 [ 248.179062][ T29] audit: type=1326 audit(1756497856.175:29488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16082 comm="syz.0.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5c98bebe9 code=0x7ffc0000 [ 248.203311][ T29] audit: type=1326 audit(1756497856.175:29489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16082 comm="syz.0.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5c98bebe9 code=0x7ffc0000 [ 248.205016][T16083] loop0: detected capacity change from 0 to 1024 [ 248.227230][ T29] audit: type=1326 audit(1756497856.175:29490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16082 comm="syz.0.3980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7fb5c98bebe9 code=0x7ffc0000 [ 248.262846][T16087] 9pnet_fd: Insufficient options for proto=fd [ 248.269803][T16088] IPVS: length: 139 != 8 [ 248.299234][T16093] netlink: 'syz.2.3984': attribute type 1 has an invalid length. [ 248.300738][T16083] EXT4-fs mount: 77 callbacks suppressed [ 248.300753][T16083] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 248.347317][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.361836][T16097] netlink: 'syz.1.3985': attribute type 4 has an invalid length. [ 248.379986][T16097] loop1: detected capacity change from 0 to 512 [ 248.408051][T16097] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 248.434277][T16097] EXT4-fs (loop1): mount failed [ 248.513726][T16110] loop2: detected capacity change from 0 to 512 [ 248.528885][T16110] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 248.540659][T16113] netlink: 'syz.1.3992': attribute type 4 has an invalid length. [ 248.552959][T16105] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16105 comm=’ [ 248.576822][T16110] EXT4-fs (loop2): 1 truncate cleaned up [ 248.589438][T16110] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 248.646214][T16118] 9pnet_fd: Insufficient options for proto=fd [ 248.654542][ T36] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 248.662052][ T36] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 248.669942][ T36] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 248.680364][ T36] hid-generic 0003:0004:0000.0003: hidraw0: USB HID v0.00 Device [syz0] on syz0 [ 248.696131][T16120] netlink: 'syz.4.3995': attribute type 4 has an invalid length. [ 248.805021][T16129] loop1: detected capacity change from 0 to 512 [ 248.831650][T16129] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 248.948688][T16129] EXT4-fs (loop1): 1 truncate cleaned up [ 248.997578][T16129] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 249.037545][T12638] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.457249][T16148] 9pnet_fd: Insufficient options for proto=fd [ 249.550500][T16150] netlink: 'syz.0.4008': attribute type 4 has an invalid length. [ 249.572844][T16152] netlink: 'syz.3.4009': attribute type 4 has an invalid length. [ 249.582832][T13716] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.585371][T16147] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16147 comm=’ [ 249.610469][T16152] loop3: detected capacity change from 0 to 512 [ 249.631470][T16152] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 249.653748][T16152] EXT4-fs (loop3): mount failed [ 249.668503][T16154] loop2: detected capacity change from 0 to 256 [ 249.766076][T16167] loop1: detected capacity change from 0 to 1024 [ 249.778705][T16172] loop4: detected capacity change from 0 to 512 [ 249.786764][T16172] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 249.799652][T16172] EXT4-fs (loop4): 1 truncate cleaned up [ 249.800637][T16175] 9pnet_fd: Insufficient options for proto=fd [ 249.806316][T16172] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 249.835307][T16167] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 249.862082][T16178] IPVS: length: 139 != 8 [ 249.886273][T16182] loop0: detected capacity change from 0 to 512 [ 249.899290][T16182] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 249.929457][T16182] EXT4-fs (loop0): 1 truncate cleaned up [ 249.944111][T16182] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 249.960463][T12638] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.974459][T13280] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.000859][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.047537][T16199] loop4: detected capacity change from 0 to 512 [ 250.058390][T16198] loop0: detected capacity change from 0 to 512 [ 250.068261][T16198] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 250.091153][T16198] EXT4-fs (loop0): 1 truncate cleaned up [ 250.097455][T16198] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 250.126800][T16203] 9pnet_fd: Insufficient options for proto=fd [ 250.140420][T16202] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621 [ 250.152191][ T36] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 250.156120][T16199] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 250.160573][ T36] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 250.184194][ T36] hid-generic 0003:0004:0000.0004: unknown main item tag 0x0 [ 250.213486][T16199] EXT4-fs (loop4): mount failed [ 250.236857][ T36] hid-generic 0003:0004:0000.0004: hidraw0: USB HID v0.00 Device [syz0] on syz0 [ 250.545836][T16215] IPVS: length: 139 != 8 [ 250.598230][T16218] loop2: detected capacity change from 0 to 512 [ 250.620841][T16218] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 250.668092][T16218] EXT4-fs (loop2): 1 truncate cleaned up [ 250.674450][T16218] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 250.690062][T16221] validate_nla: 3 callbacks suppressed [ 250.690151][T16221] netlink: 'syz.4.4035': attribute type 4 has an invalid length. [ 250.711631][T16223] __nla_validate_parse: 7 callbacks suppressed [ 250.711649][T16223] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4036'. [ 250.727414][T16223] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4036'. [ 250.743607][T16223] loop1: detected capacity change from 0 to 1024 [ 250.767129][T13716] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.780405][T16223] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 250.794144][T16221] loop4: detected capacity change from 0 to 512 [ 250.827321][T16228] loop2: detected capacity change from 0 to 512 [ 250.888411][T12638] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.898295][T16228] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 250.919167][T16231] netlink: 'syz.3.4039': attribute type 4 has an invalid length. [ 250.929434][T16221] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 250.951001][T16228] EXT4-fs (loop2): 1 truncate cleaned up [ 250.972237][T16221] EXT4-fs (loop4): mount failed [ 250.977844][T16228] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 250.981350][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.037660][T13716] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.135508][T16245] 9pnet_fd: Insufficient options for proto=fd [ 251.147451][T16242] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621 [ 251.159028][T16246] loop1: detected capacity change from 0 to 512 [ 251.177202][T16246] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 251.202520][T16249] loop2: detected capacity change from 0 to 512 [ 251.220519][T16249] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 251.233938][T16246] EXT4-fs (loop1): 1 truncate cleaned up [ 251.240121][T16246] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 251.254256][T16249] EXT4-fs (loop2): 1 truncate cleaned up [ 251.274570][T16258] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4048'. [ 251.283712][T16258] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4048'. [ 251.294667][T16249] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 251.320405][T16255] IPVS: length: 139 != 8 [ 251.356607][T16258] loop0: detected capacity change from 0 to 1024 [ 251.399523][ T1035] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 251.407127][ T1035] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 251.414786][ T1035] hid-generic 0003:0004:0000.0005: unknown main item tag 0x0 [ 251.437965][T16258] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 251.448235][T12638] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.461227][ T1035] hid-generic 0003:0004:0000.0005: hidraw0: USB HID v0.00 Device [syz0] on syz0 [ 251.491514][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.616883][T16269] netlink: 'syz.4.4054': attribute type 4 has an invalid length. [ 251.908691][T16276] 9pnet_fd: Insufficient options for proto=fd [ 251.948516][T16278] 9pnet_fd: Insufficient options for proto=fd [ 252.020994][T16280] loop1: detected capacity change from 0 to 256 [ 252.067103][T16286] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621 [ 252.127549][T16288] IPVS: length: 139 != 8 [ 252.213145][T16296] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4063'. [ 252.222689][T16296] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4063'. [ 252.236672][T13716] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.250015][T16296] loop1: detected capacity change from 0 to 1024 [ 252.275659][T16300] 9pnet_fd: Insufficient options for proto=fd [ 252.296729][T16296] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 252.360113][T16307] IPVS: length: 139 != 8 [ 252.378820][T16310] netlink: 'syz.0.4070': attribute type 4 has an invalid length. [ 252.423555][T12638] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 252.458303][T16312] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621 [ 252.507962][T16315] loop0: detected capacity change from 0 to 256 [ 252.595806][T16325] loop4: detected capacity change from 0 to 128 [ 252.635445][T16325] FAT-fs (loop4): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 252.650342][ T29] kauditd_printk_skb: 1436 callbacks suppressed [ 252.650358][ T29] audit: type=1400 audit(1756497860.981:30923): avc: denied { mount } for pid=16324 comm="syz.4.4078" name="/" dev="loop4" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 252.681531][ T29] audit: type=1400 audit(1756497860.981:30924): avc: denied { read write } for pid=16324 comm="syz.4.4078" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 252.681698][T16329] 9pnet_fd: Insufficient options for proto=fd [ 252.706314][ T29] audit: type=1400 audit(1756497860.981:30925): avc: denied { open } for pid=16324 comm="syz.4.4078" path="/dev/loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 252.706346][ T29] audit: type=1400 audit(1756497860.981:30926): avc: denied { map_create } for pid=16328 comm="syz.1.4080" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 252.740350][T16330] siw: device registration error -23 [ 252.756698][ T29] audit: type=1400 audit(1756497860.981:30927): avc: denied { prog_load } for pid=16328 comm="syz.1.4080" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 252.781830][ T29] audit: type=1400 audit(1756497860.981:30928): avc: denied { bpf } for pid=16328 comm="syz.1.4080" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 252.802907][ T29] audit: type=1400 audit(1756497860.981:30929): avc: denied { perfmon } for pid=16328 comm="syz.1.4080" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 252.824684][ T29] audit: type=1400 audit(1756497860.992:30930): avc: denied { perfmon } for pid=16328 comm="syz.1.4080" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 252.845878][ T29] audit: type=1400 audit(1756497860.992:30931): avc: denied { bpf } for pid=16328 comm="syz.1.4080" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 252.867133][ T29] audit: type=1400 audit(1756497861.013:30932): avc: denied { write } for pid=16318 comm="syz.3.4074" path="socket:[46132]" dev="sockfs" ino=46132 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 252.954366][T16341] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4082'. [ 252.963531][T16341] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4082'. [ 252.976090][T16342] IPVS: length: 139 != 8 [ 253.001142][T16341] loop4: detected capacity change from 0 to 1024 [ 253.033729][T16341] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 253.065206][T16348] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621 [ 253.137889][T16354] 9pnet_fd: Insufficient options for proto=fd [ 253.192032][T13280] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.263390][T16359] siw: device registration error -23 [ 253.593201][T16367] loop1: detected capacity change from 0 to 256 [ 253.682589][T16375] IPVS: length: 139 != 8 [ 253.689500][T16378] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621 [ 253.710374][T16379] 9pnet_fd: Insufficient options for proto=fd [ 253.778733][T16384] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4104'. [ 253.788117][T16384] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4104'. [ 253.804934][T16384] loop3: detected capacity change from 0 to 1024 [ 253.938581][T16384] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 254.029579][T16400] siw: device registration error -23 [ 254.387458][T12836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.403631][T16407] siw: device registration error -23 [ 254.481465][T16411] IPVS: length: 139 != 8 [ 254.500613][T16413] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621 [ 254.836715][T16433] loop3: detected capacity change from 0 to 1024 [ 254.861126][T16433] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 254.929501][T16440] siw: device registration error -23 [ 255.079699][T16442] loop0: detected capacity change from 0 to 512 [ 255.169407][T12836] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.198358][T16445] loop2: detected capacity change from 0 to 512 [ 255.210275][T16442] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 255.250417][T16445] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 255.278918][T16442] EXT4-fs (loop0): 1 truncate cleaned up [ 255.289649][T16442] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 255.304659][T16445] EXT4-fs (loop2): 1 truncate cleaned up [ 255.310975][T16445] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 255.384842][ T1035] hid-generic 0003:0004:0000.0006: unknown main item tag 0x0 [ 255.392381][ T1035] hid-generic 0003:0004:0000.0006: unknown main item tag 0x0 [ 255.400024][ T1035] hid-generic 0003:0004:0000.0006: unknown main item tag 0x0 [ 255.419711][T16451] ================================================================== [ 255.428129][T16451] BUG: KCSAN: data-race in xas_find_marked / xas_set_mark [ 255.435359][T16451] [ 255.437695][T16451] write to 0xffff8881004960f4 of 4 bytes by task 16445 on cpu 1: [ 255.445613][T16451] xas_set_mark+0x12b/0x140 [ 255.450248][T16451] __folio_start_writeback+0x1dd/0x440 [ 255.455912][T16451] ext4_bio_write_folio+0x5ad/0x9f0 [ 255.461329][T16451] mpage_process_page_bufs+0x4a1/0x620 [ 255.466811][T16451] mpage_prepare_extent_to_map+0x786/0xc00 [ 255.472823][T16451] ext4_do_writepages+0xa05/0x2750 [ 255.478137][T16451] ext4_writepages+0x176/0x300 [ 255.483164][T16451] do_writepages+0x1c3/0x310 [ 255.488299][T16451] filemap_write_and_wait_range+0x144/0x340 [ 255.494403][T16451] ext4_file_write_iter+0xe04/0xf00 [ 255.499728][T16451] iter_file_splice_write+0x663/0xa60 [ 255.505140][T16451] direct_splice_actor+0x153/0x2a0 [ 255.510315][T16451] splice_direct_to_actor+0x30f/0x680 [ 255.515805][T16451] do_splice_direct+0xda/0x150 [ 255.520583][T16451] do_sendfile+0x380/0x650 [ 255.525350][T16451] __x64_sys_sendfile64+0x105/0x150 [ 255.530616][T16451] x64_sys_call+0x2bb0/0x2ff0 [ 255.535400][T16451] do_syscall_64+0xd2/0x200 [ 255.539936][T16451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.545850][T16451] [ 255.548288][T16451] read to 0xffff8881004960f4 of 4 bytes by task 16451 on cpu 0: [ 255.556107][T16451] xas_find_marked+0x5dc/0x620 [ 255.561166][T16451] find_get_entry+0x5d/0x380 [ 255.565801][T16451] filemap_get_folios_tag+0x92/0x210 [ 255.571113][T16451] mpage_prepare_extent_to_map+0x320/0xc00 [ 255.577184][T16451] ext4_do_writepages+0xa05/0x2750 [ 255.582353][T16451] ext4_writepages+0x176/0x300 [ 255.587206][T16451] do_writepages+0x1c3/0x310 [ 255.591925][T16451] file_write_and_wait_range+0x156/0x2c0 [ 255.597951][T16451] generic_buffers_fsync_noflush+0x45/0x120 [ 255.604401][T16451] ext4_sync_file+0x1ab/0x690 [ 255.609328][T16451] vfs_fsync_range+0x10d/0x130 [ 255.614137][T16451] ext4_buffered_write_iter+0x34f/0x3c0 [ 255.619904][T16451] ext4_file_write_iter+0xdbf/0xf00 [ 255.625414][T16451] iter_file_splice_write+0x663/0xa60 [ 255.630917][T16451] direct_splice_actor+0x153/0x2a0 [ 255.636292][T16451] splice_direct_to_actor+0x30f/0x680 [ 255.641690][T16451] do_splice_direct+0xda/0x150 [ 255.646565][T16451] do_sendfile+0x380/0x650 [ 255.651031][T16451] __x64_sys_sendfile64+0x105/0x150 [ 255.656363][T16451] x64_sys_call+0x2bb0/0x2ff0 [ 255.661143][T16451] do_syscall_64+0xd2/0x200 [ 255.665862][T16451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.672046][T16451] [ 255.674480][T16451] value changed: 0x0a000021 -> 0x04000021 [ 255.680401][T16451] [ 255.682987][T16451] Reported by Kernel Concurrency Sanitizer on: [ 255.689703][T16451] CPU: 0 UID: 0 PID: 16451 Comm: syz.2.4127 Not tainted syzkaller #0 PREEMPT(voluntary) [ 255.699799][T16451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 255.709876][T16451] ================================================================== [ 255.773620][ T1035] hid-generic 0003:0004:0000.0006: hidraw0: USB HID v0.00 Device [syz0] on syz0 [ 256.045735][T13986] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.091234][T13716] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.