last executing test programs: 2.62348284s ago: executing program 1 (id=1624): r0 = socket$netlink(0x10, 0x3, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000087f00000000002000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) socket$kcm(0x10, 0x2, 0x0) sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 2.045966471s ago: executing program 0 (id=1636): r0 = openat(0xffffffffffffff9c, 0x0, 0x105042, 0x0) preadv2(r0, 0x0, 0x0, 0xb, 0x5, 0x8) syz_open_dev$tty20(0xc, 0x4, 0x0) syz_io_uring_setup(0xbda, &(0x7f0000000480)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=0x0, &(0x7f00000001c0)) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000340)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r2}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a0302000200000000000002000000090002"], 0x80}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba9432}) readv(r3, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4) r4 = socket$kcm(0x2, 0xa, 0x2) socket$igmp6(0xa, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) openat$cgroup_type(r0, &(0x7f0000000000), 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19eac66da0f0ebeb2b7b00000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r6, &(0x7f0000000040)={0x0, 0xffffffffffffff89, &(0x7f00000011c0)=[{&(0x7f0000000080)="5c00000011006bcc9e3be34c6e17aa310769876c1d0000007ea60864160af36514001ac004000202080002000600010076e6f06cea2618c3ecb525c89c32f292b156a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r7}, 0x10) 1.923240583s ago: executing program 2 (id=1639): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0xf5, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x4}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a30"], 0x84}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000) 1.904965363s ago: executing program 2 (id=1640): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b7000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0x20) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x4, 0x0, 0x7, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 1.885704464s ago: executing program 0 (id=1641): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0}, 0x18) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 1.812189415s ago: executing program 0 (id=1642): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") creat(&(0x7f00000000c0)='./bus\x00', 0x182) mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0xd0060, 0x0) ptrace(0x10, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)) 1.468483842s ago: executing program 1 (id=1643): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x3, &(0x7f0000000300)=[{0x4002, 0x6, 0xb1, 0x80000001}, {0x299b, 0x6, 0x72, 0x18}, {0xe, 0x8, 0x8, 0xfb0}]}) bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0x1c, 0x20000000000000bb, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000c00)=ANY=[@ANYBLOB="180000000000000000fcff0000000000181100001790747db34e69066d79415af14ae11d48c82cfddc2475e0f4718e484c2ccba74015b8a63d96d03f9e0e019c946b9a1731b15b82fbda8c918a2cd67dc0c7dce57c8308331d802fb7725d4f4672a1e5a7317d11e831de40e871d1ceb29d46dccb1d3efb2cff525df3355e7cb24b1e7cee2c0fdb9cd333146b5f8974e351eba932993a4138bbe17f70a2556e510383f12dfa86ece8d7c938d454b88f010dd0d7f580c77b4f524a4a86b96b07a9a180c143c8ee46d8868270b1636898f55047b14b03eb53e7c8a7e8e4616c5643194e06000000f027178abc61bd69aad0d73a01cdd41d5efe4746c83a2dfcf6f8eda83a013b16bd443bda223bff30e32a91d13aa0b800a81712f23745c7b29e55ead6443be0713d15ea9ba3ad83ebc9606f30f2dfc57429fc025bb3ad3c0c632572732f0f67735c3fe90c1e57fc4b596110f5c49d8e7224f78d0d2e2c7c30e136377d4810cd8e5a3fad4eca53fd14e8691f01ea6e0867ad5b0effb10b13", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000111e6ca5b703000000000000850000008300e400bf0900000000000055090100000000009500000000000000bf910000fa409586b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x18) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) r4 = socket$kcm(0x10, 0x2, 0x0) r5 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x20010, r5, 0x10c000) r6 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) ioctl$PAGEMAP_SCAN(r6, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0xfffffffffffffff5, 0x0, 0x0, 0x3ff, 0x0, 0x4, 0x0, 0xec}) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a", 0x23}], 0x1}, 0x40) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8000) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1e, 0xc, &(0x7f0000000740)=ANY=[], 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8b}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000080)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = socket$pppl2tp(0x18, 0x1, 0x1) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10) r9 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r9, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) connect$pppl2tp(r7, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r9, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) writev(r7, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 1.284603705s ago: executing program 1 (id=1645): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4000, 0x0, 0x865d, 0xfd, "ffff00"}) r1 = syz_open_pts(r0, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) r3 = eventfd(0x10) io_submit(r2, 0x1, &(0x7f00000006c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x4, r1, &(0x7f00000003c0)='z', 0x1, 0xcead, 0x0, 0x5, r3}]) close_range(r0, 0xffffffffffffffff, 0x0) 1.113849119s ago: executing program 2 (id=1648): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x4}, 0x18) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x50) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r2, 0x1000}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x3ff, r3}, 0x38) 1.083411139s ago: executing program 1 (id=1650): bpf$PROG_LOAD(0x5, 0x0, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, 0x0, 0x53) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/16], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59}, 0x94) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[], 0x7c8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ec9}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10) connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 1.011052541s ago: executing program 1 (id=1652): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) creat(&(0x7f00000000c0)='./file0\x00', 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000080)='syzkaller\x00', 0x5, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r4 = dup(r3) write$P9_RLERRORu(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe935"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) (fail_nth: 13) 857.882144ms ago: executing program 0 (id=1653): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000454, &(0x7f0000000080)={[{@orlov}, {@grpquota}]}, 0x4, 0x4f2, &(0x7f0000000c80)="$eJzs3c9vVF0ZAOD3Tjttv34DBWWhRgURRUOY/gAaggthozGExEhcuYDaDk3TGabptEgri7J0byKJK/0T3LkwYeXCnTvducGFCSrRUBMXY+6dSzu0HVqk7dDO8yR37j3nXuY9Z4ZzztzDDCeAnnUuItYiYiAi7kfESJ6f5FvcbG3pda9fPZlef/VkOolm8+4/kux8mhdtfyb1af6cQxHxg+9G/DjZHrexsjo/Va1WFvP06FJtYbSxsnp5rpDnTEyOT45dv3JtYt/qerb2m5ffmbv9w9/99ksv/rj2zZ+mxSr97ER2rr0e+6lV9WKU2vL6I+L2QQTrkv787w9HT9raPhMR57P2PxJ92bsJABxnzeZINEfa0wDAcZfe/5ciKZTzuYBSFArlcmsO70wMF6r1xtKlkfryw5nI5rBORbHwYK5aGcvnCk9FMUnT49nxZnpiS/pKRJyOiJ8PfpKly9P16kw3P/gAQA/7dMv4/+/B1vgPABxzQ+95va8IAMDR977jPwBw9Bn/AaD3vMf4b+ofAI4J9/8A0HuM/wDQe3Yd/58eTjkAgEPx/Tt30q25nv//1zOPVpa/VXp0eabSmC/XlqfL0/XFhfJsvT5brZSnm83dnq9ary+MX91INlZW79Xqyw+X7s3VpmYr9yrFA64PALC702ef/zmJiLUbn2RbtK3lYKyG463Q7QIAXdPX7QIAXeP3PNC79nCPbxoAjrkdluh9S8evCD2z+CscVRc/b/4fepX5f+hd/9/8/7f3vRzA4TP/D72r2Uys+Q8APcYcP/BB//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPaqUbUmhnK0FvpY+FsrliBMRcSqKyYO5amUsIk5GxJ8Gi4NperzbhQYAPlDhb0m+/tfFkQulrWcHkv8MZvuI+Mkv7/7i8dTS0uJ4mv/PjfylZ3n+xEA3KgAAtLu5Pas1Tuf7thv516+eTL/ZDrOIL2+1FhdN467nW+tMf/Rn+6EoRsTwv5I83ZJ+Xunbh/hrTyPic5v1f9wWoZTNgbRWPt0aP4194gDib77+W+MX3opfyM6l+2L2Wnx2H8oCveb5rVY/mbe9tInl7a8Q57L9zu1/KOuhPtyb/m99W/9X2Oj/+rbFT7I2f24j/e6SvLz6++9ty2yOtM49jfhC/07xk434SYf+98Ie6/iXL375fKdzzV9FXIyd47fUsm52dKm2MNpYWb08V5uarcxWHk5MTI5Pjl2/cm1iNJujbj3+YacYf79x6WSn+Gn9hzvEH9ql/l/bY/1//d/7P/rKO+J/46s7v/9n3hE/HRO/vsf4U8M3Oy7fncaf6VD/3d7/S3uM/+KvqzN7vBQAOASNldX5qWq1srjLQfpZc7drHBzNg1iL+AiKkR8MxEdRjJ4/6HbPBBy0zUbf7ZIAAAAAAAAAAAAAAACdNFZW5wfjYH9O1O06AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHz9LwAA//9Jt84K") bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800"], 0x50) pipe2(&(0x7f0000000180)={0xffffffffffffffff}, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x4}, 0x18) perf_event_open(&(0x7f00000003c0)={0x2, 0x7c, 0x24, 0x1, 0x0, 0x0, 0x0, 0x6, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0x6}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a88000000060a010400000000000000000a0000010900010073797a31000000005c000480580001800b0001007461726765740000480002802c0003009ac420002e2eafb9fdd672bad09dfb78c7699c74e82fa0c70000000000000000000000000000000008000240000000000e00010049444c4554494d45520000000900020073797a32"], 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) 676.086477ms ago: executing program 1 (id=1654): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000001600)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197"], &(0x7f00002bf000)='GPL\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r0, r1}) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000001380)={0xffffffffffffffff}) sendmsg$nl_route_sched(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000980)=@newtclass={0x24, 0x28, 0x4, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xb, 0xa}, {0x5, 0xa}, {0xe, 0xffe0}}}, 0xfdef}, 0x1, 0x0, 0x0, 0x40d1}, 0x40d8) recvfrom(r3, &(0x7f0000000f00)=""/48, 0x30, 0x2, 0x0, 0x0) 629.297528ms ago: executing program 3 (id=1655): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]}) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x100000000}, 0x18) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x1, 0x8, 0xa, 0x0, 0x4, 0x400, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10001, 0x1, @perf_bp={0x0, 0x8}, 0x11950, 0x4854, 0x3, 0x6, 0x5, 0xb5, 0x5, 0x0, 0xc8, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) 618.237799ms ago: executing program 4 (id=1656): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0b0000000c000000040000004f0c000001000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00'], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r0}, 0x38) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={0xffffffffffffffff, 0x1549, 0x0, 0x101}) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000140), &(0x7f0000000500)=0x4) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000001c0)={0x0, @local, @broadcast}, &(0x7f0000000200)=0xc) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={0x0, @private, @multicast1}, &(0x7f0000001700)=0xc) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRESOCT=r2], 0x50) syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==") r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x20, 0xc, &(0x7f0000000280)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x8, 0x6, 0xe, 0x0, 0x8, 0x20b8, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0x8, 0x56c8}, 0x2, 0x7fffffff, 0x2, 0x5, 0x2, 0x40002, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x4) r5 = socket(0x15, 0x5, 0x0) connect$unix(r5, &(0x7f0000000080)=@abs={0xa}, 0x6e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r3, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f00000005c0)=r4}, 0x20) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000006c0)=ANY=[@ANYRES32=r4, @ANYBLOB="1bc720c629a1b2dac46cb17288c746215b7ef0de01b18c40fa8ef28f8f6b659874c4c994b5b5c0dcfd47542b98c125b4ef86d2f983f1de4f1017b11ef58591727bdddb4af66de03507cd1ae18fb018e118", @ANYBLOB="a1b430073332c63ec25e2e61a89ea51074d95fd67de8c576b4318f755079a99891293654b714a76be0f8629ac501746cf4fc4340", @ANYBLOB, @ANYRESOCT=r6], &(0x7f00000014c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) mount$9p_rdma(&(0x7f00000013c0), &(0x7f0000001400)='.\x00', &(0x7f0000001440), 0x800, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=rdma']) 588.781109ms ago: executing program 3 (id=1657): setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x84, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e21, 0xfffffff9, @empty, 0x40}}, 0x9, 0x4000}, 0x90) syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x62c42) sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="11d3e938c38200393c93df4cc8e758daacebfee7842fb22c1c30c682a52032208c71743dd6169e8230b321478ce64db3aedb5761c69770a6fc5fa87e393d8b517203845f5218930dd268a503af00522b229a895ec1d91ea8fd39824963c884bec28eb4b6f93abcead368d059cb20263c6838b7c98342877bee44117a63ff258ddf7b9e98b582f2bf6f24ac539abcad508e8020ac3a30dfa29f635580ac3def55fd745f9302674a76794584a8d91086540451c1e71e85980f02e3d8d0be0e36d0", 0xc0, 0x4008000, 0x0, 0x0) r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x2, 0x0) dup3(r1, r0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) getgroups(0x2, &(0x7f0000000500)=[0xee01, 0xee01]) 551.80316ms ago: executing program 3 (id=1658): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) preadv2(r0, 0x0, 0x0, 0xb, 0x5, 0x8) syz_open_dev$tty20(0xc, 0x4, 0x0) syz_io_uring_setup(0xbda, 0x0, &(0x7f0000000dc0)=0x0, &(0x7f00000001c0)) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000340)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r2}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a0302000200000000000002000000090002"], 0x80}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba9432}) readv(r3, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4) r4 = socket$kcm(0x2, 0xa, 0x2) socket$igmp6(0xa, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) openat$cgroup_type(r0, &(0x7f0000000000), 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19eac66da0f0ebeb2b7b00000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r6, &(0x7f0000000040)={0x0, 0xffffffffffffff89, &(0x7f00000011c0)=[{&(0x7f0000000080)="5c00000011006bcc9e3be34c6e17aa310769876c1d0000007ea60864160af36514001ac004000202080002000600010076e6f06cea2618c3ecb525c89c32f292b156a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r7}, 0x10) 506.560681ms ago: executing program 4 (id=1659): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x6, 0x42032, 0xffffffffffffffff, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a00000709000100"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c000000170a0108000000004996c0a5cc1b69b255b34cfc000000001856933a020000070900020073797a3200000000090001006f797a300000000043fa091d8f558a1f64af25b58bb533395f998150dede1d0e9cc847be4939cdbad15d8a32db27a030622683d48f021e9b0e0d8f3a035058e47bb9c4a2d989c2430f839e11089800ebb88d643943fd341b40e256246c08e1cd44d298e03aefdf0ef6f9d1440ff18d768c19ab13c690e4f05666d3bb931289ca60adbcf9e1eb6c79efa2c5c8c6bdb236fd451bbdcb76e86c875ef17932267250aa3dbb"], 0x2c}, 0x1, 0x0, 0x0, 0x44010}, 0x8094) r3 = fcntl$dupfd(r2, 0x0, r0) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000300)={@dev={0xfe, 0x80, '\x00', 0x19}, @loopback, @private1, 0x9, 0xa, 0x6, 0x480, 0x86, 0x40000}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001180)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x20, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x2, 0x0, 0x0, 0x7}}}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x247ecded, 0x0, 0x80000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0xd2e, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x0, 0x3, 0x0, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xb, 0x37, 0x4, 0x0, 0x0, 0xfffffff5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0xffffff35, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x80000000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0xb, 0x0, 0x0, 0x9, 0xfffffffd, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xf566, 0x100000, 0x0, 0xfffffff1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffc01, 0x3, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5, 0x0, 0x0, 0xffffffff, 0x9, 0x5, 0x0, 0x0, 0x3, 0x0, 0x1]}, @TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x0, 0x5, 0x0, 0x7, 0xb, 0xfffffffb, 0x0, 0x7, 0xfea7, 0x1, 0xffff8000, 0x90, 0x9fd, 0x2, 0xb8, 0xca2, 0x6, 0x3c, 0x7, 0x1, 0xa89c, 0x400, 0xc, 0x492217a0, 0xff, 0x8, 0x3, 0x1ff, 0xe5, 0x2d, 0xd, 0x3, 0xa, 0x6111, 0x1, 0x9, 0x11, 0x188, 0x6, 0x3ff, 0x7, 0xd, 0x3, 0xc0001, 0x8, 0x8, 0xffffff40, 0x100, 0x3, 0x5, 0x7, 0xe0b2, 0x1, 0x8fc, 0xbf0, 0x9, 0x3, 0x9, 0x7ffffffd, 0x6, 0x0, 0x8, 0x800, 0x9, 0x4, 0x100, 0x401, 0x8, 0x3, 0x80000001, 0x10001, 0x401, 0x1, 0x7f, 0x0, 0x8, 0x2, 0x7f, 0x0, 0x2, 0x4, 0x0, 0x1000004, 0x8000, 0x20000000, 0x9, 0x80, 0x7, 0x5, 0x1, 0x0, 0x2000007, 0xeb22, 0xd, 0xfff, 0xfffffff7, 0x0, 0x4, 0x3ff, 0x400000, 0xc, 0x5, 0x3, 0x10000, 0x3, 0x1, 0x0, 0x2, 0x6, 0x5, 0x6, 0xe5a, 0x4, 0x2, 0x81, 0xd44, 0x9, 0x6, 0x7fff, 0x800, 0xfffffff4, 0x10000, 0x5, 0x8, 0xba, 0x2, 0x89, 0x2, 0x6, 0x6, 0x9, 0xffffa3e0, 0x86b9, 0x40ff, 0x1, 0x2, 0xf, 0x24b9, 0x3a, 0xe01, 0x1, 0x6430, 0xd, 0x8, 0x0, 0x3, 0x7eb6, 0x3, 0x0, 0x200, 0xfffffeff, 0x9, 0xff, 0xa, 0x6, 0x7, 0x100, 0x1, 0x8001, 0x100, 0xffff9c71, 0x8, 0x101, 0x6, 0x2, 0xfffffc00, 0x81, 0x81, 0x200, 0x80000001, 0x1, 0xfffffffd, 0x9, 0x7, 0x4, 0xb, 0x80, 0x0, 0xfffffffe, 0x0, 0x5, 0x2, 0x65, 0x40, 0xfffffa0c, 0x3, 0x0, 0x2, 0x4, 0x35bc0, 0x9, 0xfffffffa, 0x7, 0x5, 0x3, 0x0, 0x6, 0x8, 0x28, 0x2, 0x5, 0x10001, 0x2, 0xf, 0xffffffff, 0x1, 0x723, 0x0, 0x9, 0x9, 0x4, 0x6, 0x7, 0x200, 0xfffffbff, 0x80000007, 0x3, 0x5, 0x5, 0xfffffffb, 0x2, 0x7f, 0x2, 0x80000002, 0x0, 0x9, 0x1ff, 0xfffffffe, 0x928, 0x4, 0xffffffff, 0x5, 0x6042, 0xb85, 0x6, 0x8d8d, 0x55, 0x101, 0x3, 0x64e8, 0x8, 0x82f, 0x772, 0x80a, 0xffe, 0x6, 0x3f7, 0x4, 0x8, 0x8, 0x1, 0x5d, 0x9, 0xd, 0x80]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x3}}}}]}]}, 0x88c}, 0x1, 0x0, 0x0, 0x50}, 0x0) 441.955562ms ago: executing program 4 (id=1660): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000440)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) 415.514623ms ago: executing program 0 (id=1661): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001000000"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="02091f00050000000000000000000000020007003220000002"], 0x28}}, 0x0) 414.891342ms ago: executing program 4 (id=1662): creat(&(0x7f00000000c0)='./file0\x00', 0xce) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000040)=@v2={0x2000000, [{0x14d, 0x5}, {0x10000, 0x1}]}, 0x14, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@msize={'msize', 0x3d, 0x1000}}], [], 0x6b}}) 392.655253ms ago: executing program 3 (id=1663): creat(&(0x7f00000000c0)='./file0\x00', 0xce) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000040)=@v2={0x2000000, [{0x14d, 0x5}, {0x10000, 0x1}]}, 0x14, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@msize={'msize', 0x3d, 0x1000}}], [], 0x6b}}) 350.867434ms ago: executing program 0 (id=1664): r0 = socket$netlink(0x10, 0x3, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000087f00000000002000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) socket$kcm(0x10, 0x2, 0x0) sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 336.818204ms ago: executing program 3 (id=1665): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x3, &(0x7f0000000300)=[{0x4002, 0x6, 0xb1, 0x80000001}, {0x299b, 0x6, 0x72, 0x18}, {0xe, 0x8, 0x8, 0xfb0}]}) bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0x1c, 0x20000000000000bb, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000c00)=ANY=[@ANYBLOB="180000000000000000fcff0000000000181100001790747db34e69066d79415af14ae11d48c82cfddc2475e0f4718e484c2ccba74015b8a63d96d03f9e0e019c946b9a1731b15b82fbda8c918a2cd67dc0c7dce57c8308331d802fb7725d4f4672a1e5a7317d11e831de40e871d1ceb29d46dccb1d3efb2cff525df3355e7cb24b1e7cee2c0fdb9cd333146b5f8974e351eba932993a4138bbe17f70a2556e510383f12dfa86ece8d7c938d454b88f010dd0d7f580c77b4f524a4a86b96b07a9a180c143c8ee46d8868270b1636898f55047b14b03eb53e7c8a7e8e4616c5643194e06000000f027178abc61bd69aad0d73a01cdd41d5efe4746c83a2dfcf6f8eda83a013b16bd443bda223bff30e32a91d13aa0b800a81712f23745c7b29e55ead6443be0713d15ea9ba3ad83ebc9606f30f2dfc57429fc025bb3ad3c0c632572732f0f67735c3fe90c1e57fc4b596110f5c49d8e7224f78d0d2e2c7c30e136377d4810cd8e5a3fad4eca53fd14e8691f01ea6e0867ad5b0effb10b13", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000111e6ca5b703000000000000850000008300e400bf0900000000000055090100000000009500000000000000bf910000fa409586b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x18) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) r4 = socket$kcm(0x10, 0x2, 0x0) r5 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x20010, r5, 0x10c000) r6 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) ioctl$PAGEMAP_SCAN(r6, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0xfffffffffffffff5, 0x0, 0x0, 0x3ff, 0x0, 0x4, 0x0, 0xec}) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x40) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8000) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1e, 0xc, &(0x7f0000000740)=ANY=[], 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8b}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000080)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10) r8 = socket$pppl2tp(0x18, 0x1, 0x1) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10) r10 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r10, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) connect$pppl2tp(r8, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r10, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) writev(r8, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 284.611585ms ago: executing program 4 (id=1666): syz_emit_ethernet(0x2a, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x48) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x7c8) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000001f40)=ANY=[@ANYBLOB="000000004c900200290000000300010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000020000000000000ffffffffffd9ffff00"/128]) 172.445587ms ago: executing program 2 (id=1667): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]}) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x100000000}, 0x18) perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x1, 0x8, 0xa, 0x0, 0x4, 0x400, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10001, 0x1, @perf_bp={0x0, 0x8}, 0x11950, 0x4854, 0x3, 0x6, 0x5, 0xb5, 0x5, 0x0, 0xc8, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) 140.443018ms ago: executing program 2 (id=1668): setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x84, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e21, 0xfffffff9, @empty, 0x40}}, 0x9, 0x4000}, 0x90) syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x62c42) sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="11d3e938c38200393c93df4cc8e758daacebfee7842fb22c1c30c682a52032208c71743dd6169e8230b321478ce64db3aedb5761c69770a6fc5fa87e393d8b517203845f5218930dd268a503af00522b229a895ec1d91ea8fd39824963c884bec28eb4b6f93abcead368d059cb20263c6838b7c98342877bee44117a63ff258ddf7b9e98b582f2bf6f24ac539abcad508e8020ac3a30dfa29f635580ac3def55fd745f9302674a76794584a8d91086540451c1e71e85980f02e3d8d0be0e36d0", 0xc0, 0x4008000, 0x0, 0x0) r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x2, 0x0) dup3(r1, r0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) getgroups(0x2, &(0x7f0000000500)=[0xee01, 0xee01]) 88.440199ms ago: executing program 3 (id=1669): r0 = socket$netlink(0x10, 0x3, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000087f00000000002000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) socket$kcm(0x10, 0x2, 0x0) sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 57.078019ms ago: executing program 2 (id=1670): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x1, 0xbaf, &(0x7f0000002f00)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5mm6cwcE38/eHPe97wn8zxPTmfOe2BOA/jHms5+pBGHIuJsEjFZ359GxFC1NxKxWTvu/t3L81lLolJ5+7ckkoi4d/fyfOO1kvp2vD4YiYibryXx749a466ubyzPlcullfr46Nr5S0dX1zdeWTo/d650rnThxOyrJ2ZPzs52sdbbl9774pkf3nj+6vWPZ978/MB3SZyOifpccx3dMh3TW3+TZoWImOt2sJwM1OtprjMp5JgQAAAdpU1ruP/GZAzEw8XbZHz7Y67JAQAAAF1RGYioAAAAAPtc4v4fAAAA9rnG9wDu3b0832j5fiOhv+6ciYipWv2N55trM4XYrG5HYjAixn5Povmx1qT2a09tOov09felrEWPnkPuZPNKRPx/u/OfVOufqj7F3Vp/GhEzXYg//ch4L9V/ugvxn6z+4S5EBICIG2dqF7LW61+6tf6Jba5/hW2uXbuR9/W/sf6737L+e1j/QJv131s7jHH4wUs32801r//e/eTnhSx+tn2qop7AnSsRhwvb1Z9s1Z+0qf/sDmOMz9++1m4uqz+rt9H6XX/lesSR6mqutf6GpNP/T3R0calcmqn93Ob11092jt98/rOWxW/cC/RDdv7HYnfn/9IOY0z979dD7eYeX3/6y1DyTrU3VN/z4dza2sqxiKHk9db9xzvn0jim8RpZ/S8+1/n9v1392WfCZv3vkP3ruVLfZuOrj8QcP3L8q93X31tZ/Qu7PP+f7jDGl99ce7/dXN71AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA3pBExEUla3OqnabEYMR4R/4mxtHxxde3lxYsfXFjI5iKmYjBdXCqXZiJisjZOsvGxav/h+Pgj49mIOBgRn02OVsfF+YvlhbyLBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMt4RExEkhYjIo2IPybTtFjMOysAAACg66byTgAAAADoOff/AAAAsP+13P8X/jIa6WcuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7EsHn71xK4mIzVOj1ZYZqs8N5poZ0Gvpzg4b63UeQP8N5J0AkJtCU79SqVRyTAXoM/f4QPKY+ZG2M8NdzwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv68XDt24lUTE5qnRassM1ecGc80M6LU07wSA3Ax0mkweuwPYwwp5JwDkxj0+UFvZP6jUtM6PtP3N4aeOCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDeMVFtSVqMiLTaT9NiMeJfETEVg8niUrk0ExEHIuKnycHhbHws76QBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoutX1jeW5crm0oqOj08XOaPQt1mj9zdzmmOH2Ux06OX8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQi9X1jeW5crm0spp3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDeVtc3lufK5dJKDzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DAAA///6CAm5") syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='auxv\x00') socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB="120000000a0000000400000002"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r2}, 0x0, &(0x7f0000000280)=r0}, 0x20) 0s ago: executing program 4 (id=1671): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000001080)='./bus\x00', 0x80, &(0x7f00000010c0)=ANY=[@ANYBLOB="666c7573682c6e6f646f74732c646973636172642c646d61736b3d30303030303030303030303030303030303030303030322c646d61736b3d30303030303030303030303030303030303030303137372c646f74732c6e6f646f74732c71756965742c646f74732c0023c3cb4d2e3cbf18508098fe0de2af38db67d42d1bc4ab714d52f019082433fc9ca2d7174b2c4ece31c9f4c7a4d53914e100"/167], 0x1, 0x140, &(0x7f0000000000)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=") r2 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r2, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xfffffdd6}], 0x1, 0x80000, 0x0, 0x3) kernel console output (not intermixed with test programs): ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6762 comm="syz.3.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 98.419545][ T6755] loop4: p1[EZD] p2 p4 [ 98.424165][ T6755] loop4: p1 start 150996992 is beyond EOD, truncated [ 98.432627][ T6755] loop4: p4 size 281856 extends beyond EOD, truncated [ 98.496515][ T6780] __nla_validate_parse: 42 callbacks suppressed [ 98.496535][ T6780] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1082'. [ 98.577419][ T3605] udevd[3605]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 98.587726][ T3606] udevd[3606]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 98.633054][ T3605] udevd[3605]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 98.661031][ T6796] Q6\bY4 speed is unknown, defaulting to 1000 [ 98.669030][ T3606] udevd[3606]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 98.707704][ T6800] loop0: detected capacity change from 0 to 512 [ 98.720782][ T6800] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 98.742103][ T6800] EXT4-fs (loop0): 1 truncate cleaned up [ 98.788955][ T6796] lo speed is unknown, defaulting to 1000 [ 98.830872][ T6803] loop3: detected capacity change from 0 to 4096 [ 98.933254][ T6815] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1096'. [ 99.053384][ T6827] unsupported nla_type 52263 [ 99.207045][ T6835] loop4: detected capacity change from 0 to 4096 [ 99.251025][ T6838] FAULT_INJECTION: forcing a failure. [ 99.251025][ T6838] name failslab, interval 1, probability 0, space 0, times 0 [ 99.263920][ T6838] CPU: 1 UID: 0 PID: 6838 Comm: syz.4.1106 Not tainted syzkaller #0 PREEMPT(voluntary) [ 99.264039][ T6838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 99.264055][ T6838] Call Trace: [ 99.264062][ T6838] [ 99.264072][ T6838] __dump_stack+0x1d/0x30 [ 99.264097][ T6838] dump_stack_lvl+0xe8/0x140 [ 99.264121][ T6838] dump_stack+0x15/0x1b [ 99.264141][ T6838] should_fail_ex+0x265/0x280 [ 99.264187][ T6838] should_failslab+0x8c/0xb0 [ 99.264220][ T6838] kmem_cache_alloc_noprof+0x50/0x310 [ 99.264256][ T6838] ? skb_clone+0x151/0x1f0 [ 99.264322][ T6838] skb_clone+0x151/0x1f0 [ 99.264355][ T6838] dev_queue_xmit_nit+0x146/0x680 [ 99.264385][ T6838] ? basic_change+0x2b2/0x840 [ 99.264417][ T6838] dev_hard_start_xmit+0xd3/0x3e0 [ 99.264448][ T6838] ? validate_xmit_skb+0x746/0x910 [ 99.264557][ T6838] __dev_queue_xmit+0x10f9/0x2000 [ 99.264701][ T6838] ? __dev_queue_xmit+0x182/0x2000 [ 99.264736][ T6838] ? selinux_socket_sock_rcv_skb+0x219/0x620 [ 99.264774][ T6838] ? netdev_run_todo+0x7b4/0x810 [ 99.264863][ T6838] ? __skb_clone+0x2a6/0x2d0 [ 99.264901][ T6838] __netlink_deliver_tap+0x3c3/0x500 [ 99.264997][ T6838] ? netlink_attachskb+0x2d0/0x610 [ 99.265070][ T6838] netlink_sendskb+0x126/0x150 [ 99.265094][ T6838] netlink_unicast+0x2a2/0x690 [ 99.265118][ T6838] netlink_ack+0x4c8/0x500 [ 99.265145][ T6838] netlink_rcv_skb+0x192/0x220 [ 99.265234][ T6838] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 99.265342][ T6838] rtnetlink_rcv+0x1c/0x30 [ 99.265379][ T6838] netlink_unicast+0x5c0/0x690 [ 99.265417][ T6838] netlink_sendmsg+0x58b/0x6b0 [ 99.265450][ T6838] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.265485][ T6838] __sock_sendmsg+0x145/0x180 [ 99.265537][ T6838] ____sys_sendmsg+0x31e/0x4e0 [ 99.265611][ T6838] ___sys_sendmsg+0x17b/0x1d0 [ 99.265666][ T6838] __x64_sys_sendmsg+0xd4/0x160 [ 99.265706][ T6838] x64_sys_call+0x191e/0x2ff0 [ 99.265785][ T6838] do_syscall_64+0xd2/0x200 [ 99.265823][ T6838] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 99.265933][ T6838] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 99.265972][ T6838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.266000][ T6838] RIP: 0033:0x7faa52f9eec9 [ 99.266019][ T6838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.266039][ T6838] RSP: 002b:00007faa519ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.266105][ T6838] RAX: ffffffffffffffda RBX: 00007faa531f5fa0 RCX: 00007faa52f9eec9 [ 99.266117][ T6838] RDX: 0000000000000800 RSI: 00002000000001c0 RDI: 0000000000000004 [ 99.266132][ T6838] RBP: 00007faa519ff090 R08: 0000000000000000 R09: 0000000000000000 [ 99.266157][ T6838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 99.266172][ T6838] R13: 00007faa531f6038 R14: 00007faa531f5fa0 R15: 00007ffeaa34b738 [ 99.266192][ T6838] [ 99.267838][ T6840] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1107'. [ 99.671869][ T6844] SELinux: policydb magic number 0x580 does not match expected magic number 0xf97cff8c [ 99.689150][ T6844] SELinux: failed to load policy [ 99.706821][ T6844] ALSA: seq fatal error: cannot create timer (-19) [ 99.719563][ T6848] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.774868][ T6850] Q6\bY4 speed is unknown, defaulting to 1000 [ 99.807355][ T6850] lo speed is unknown, defaulting to 1000 [ 99.882183][ T6848] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.945588][ T6870] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1117'. [ 99.999560][ T6872] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1118'. [ 100.024837][ T6848] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.125716][ T6876] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1121'. [ 100.184078][ T6848] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.242327][ T6894] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1129'. [ 100.349516][ T6598] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.374346][ T6598] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.420981][ T6606] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.447050][ T6606] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.525260][ T6909] loop1: detected capacity change from 0 to 1024 [ 100.532807][ T6909] EXT4-fs: Ignoring removed mblk_io_submit option [ 100.540992][ T6909] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 100.552214][ T6909] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.1134: bad orphan inode 11 [ 100.563205][ T6909] ext4_test_bit(bit=10, block=4) = 1 [ 100.568616][ T6909] is_bad_inode(inode)=0 [ 100.572819][ T6909] NEXT_ORPHAN(inode)=3254779904 [ 100.577704][ T6909] max_ino=32 [ 100.580995][ T6909] i_nlink=0 [ 100.585416][ T6909] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 2: comm syz.1.1134: lblock 2 mapped to illegal pblock 2 (length 1) [ 100.599770][ T6909] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 48: comm syz.1.1134: lblock 0 mapped to illegal pblock 48 (length 1) [ 100.614136][ T6909] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.1134: Failed to acquire dquot type 0 [ 100.626202][ T6909] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 100.636032][ T6909] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.1134: mark_inode_dirty error [ 100.647618][ T6909] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 101.148526][ T6918] validate_nla: 6 callbacks suppressed [ 101.148545][ T6918] netlink: 'syz.4.1137': attribute type 10 has an invalid length. [ 101.167756][ T6918] bond0: (slave dummy0): Releasing backup interface [ 101.184638][ T6918] team0: Port device dummy0 added [ 101.191307][ T6924] netlink: 288 bytes leftover after parsing attributes in process `syz.0.1140'. [ 101.201678][ T6927] netlink: 'syz.4.1137': attribute type 10 has an invalid length. [ 101.203707][ T6924] loop0: detected capacity change from 0 to 128 [ 101.240873][ T6927] team0: Port device dummy0 removed [ 101.254997][ T6927] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 101.269898][ T6930] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1143'. [ 101.355989][ T6942] netlink: 'syz.4.1148': attribute type 10 has an invalid length. [ 101.365992][ T6942] bond0: (slave dummy0): Releasing backup interface [ 101.378310][ T3304] EXT4-fs unmount: 13 callbacks suppressed [ 101.378337][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.400528][ T6942] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 101.409836][ T6945] loop3: detected capacity change from 0 to 512 [ 101.417282][ T3304] EXT4-fs error (device loop1): __ext4_get_inode_loc:4861: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 101.431357][ T6945] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 101.439106][ T6942] team0: Failed to send options change via netlink (err -105) [ 101.444876][ T6948] netlink: 'syz.4.1148': attribute type 10 has an invalid length. [ 101.448853][ T6942] team0: Port device dummy0 added [ 101.450562][ T3304] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 101.459108][ T6948] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 101.462057][ T3304] EXT4-fs error (device loop1): ext4_quota_off:7221: inode #3: comm syz-executor: mark_inode_dirty error [ 101.491823][ T6948] team0: Failed to send options change via netlink (err -105) [ 101.499489][ T6948] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 101.499661][ T6945] EXT4-fs (loop3): 1 truncate cleaned up [ 101.514229][ T6948] team0: Port device dummy0 removed [ 101.516885][ T6945] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.522237][ T6948] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 101.579580][ T6955] netlink: 'syz.0.1152': attribute type 3 has an invalid length. [ 101.696116][ T3513] hid_parser_main: 8 callbacks suppressed [ 101.696167][ T3513] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 101.700642][ T6972] batadv_slave_1: entered promiscuous mode [ 101.702513][ T3513] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 101.754405][ T6972] batadv_slave_1: left promiscuous mode [ 101.755682][ T6979] program syz.4.1162 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 101.826956][ T6983] netlink: 'syz.1.1164': attribute type 10 has an invalid length. [ 101.836885][ T6983] bond0: (slave dummy0): Releasing backup interface [ 101.846103][ T6983] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 101.855168][ T6983] team0: Failed to send options change via netlink (err -105) [ 101.862768][ T6983] team0: Port device dummy0 added [ 101.870596][ T6983] netlink: 'syz.1.1164': attribute type 10 has an invalid length. [ 101.878875][ T6983] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 101.889643][ T6983] team0: Failed to send options change via netlink (err -105) [ 101.897229][ T6983] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 101.906298][ T6983] team0: Port device dummy0 removed [ 101.913561][ T6983] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 101.965941][ C1] sd 0:0:1:0: [sda] tag#2335 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 101.976379][ C1] sd 0:0:1:0: [sda] tag#2335 CDB: Write(6) 0a 00 4e 21 ff ff [ 102.166745][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.287936][ T7007] syz_tun: refused to change device tx_queue_len [ 102.642582][ T7064] netlink: 'syz.4.1175': attribute type 10 has an invalid length. [ 102.658095][ T7064] bond0: (slave dummy0): Releasing backup interface [ 102.668517][ T7064] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 102.677532][ T7064] team0: Failed to send options change via netlink (err -105) [ 102.685084][ T7064] team0: Port device dummy0 added [ 102.695637][ T7071] netlink: 'syz.4.1175': attribute type 10 has an invalid length. [ 102.728592][ T7067] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.779178][ T7071] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 102.800007][ T7071] team0: Failed to send options change via netlink (err -105) [ 102.811753][ T7071] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 102.826448][ T7071] team0: Port device dummy0 removed [ 102.865150][ T7071] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 103.014745][ T7067] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.142412][ T7113] netlink: 288 bytes leftover after parsing attributes in process `syz.4.1183'. [ 103.163975][ T7120] loop3: detected capacity change from 0 to 4096 [ 103.175726][ T7113] loop4: detected capacity change from 0 to 128 [ 103.205204][ T7120] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.259310][ T7131] IPv6: Can't replace route, no match found [ 103.270053][ T7067] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.293777][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.335044][ T29] kauditd_printk_skb: 407 callbacks suppressed [ 103.335146][ T29] audit: type=1326 audit(1758624795.331:3066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7134 comm="syz.4.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa52f9eec9 code=0x7ffc0000 [ 103.387665][ T29] audit: type=1326 audit(1758624795.331:3067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7134 comm="syz.4.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa52f9eec9 code=0x7ffc0000 [ 103.411266][ T29] audit: type=1326 audit(1758624795.351:3068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7134 comm="syz.4.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faa52f9eec9 code=0x7ffc0000 [ 103.434867][ T29] audit: type=1326 audit(1758624795.351:3069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7134 comm="syz.4.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa52f9eec9 code=0x7ffc0000 [ 103.458464][ T29] audit: type=1326 audit(1758624795.351:3070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7134 comm="syz.4.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa52f9eec9 code=0x7ffc0000 [ 103.482265][ T29] audit: type=1326 audit(1758624795.351:3071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7134 comm="syz.4.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faa52f9eec9 code=0x7ffc0000 [ 103.505891][ T29] audit: type=1326 audit(1758624795.351:3072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7134 comm="syz.4.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa52f9eec9 code=0x7ffc0000 [ 103.509579][ T7124] Q6\bY4 speed is unknown, defaulting to 1000 [ 103.529803][ T29] audit: type=1326 audit(1758624795.351:3073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7134 comm="syz.4.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faa52f9eec9 code=0x7ffc0000 [ 103.560004][ T29] audit: type=1326 audit(1758624795.351:3074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7134 comm="syz.4.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa52f9eec9 code=0x7ffc0000 [ 103.583496][ T29] audit: type=1326 audit(1758624795.351:3075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7134 comm="syz.4.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7faa52f9eec9 code=0x7ffc0000 [ 103.608489][ T7067] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.623930][ T7124] lo speed is unknown, defaulting to 1000 [ 103.681108][ T7144] netlink: 'syz.4.1190': attribute type 10 has an invalid length. [ 103.712593][ T7144] bond0: (slave dummy0): Releasing backup interface [ 103.726185][ T7144] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 103.736329][ T7144] team0: Failed to send options change via netlink (err -105) [ 103.743876][ T7144] team0: Port device dummy0 added [ 103.762311][ T6592] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.774509][ T7155] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 103.805572][ T7164] program syz.1.1194 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 103.817244][ T7155] team0: Failed to send options change via netlink (err -105) [ 103.827428][ T7155] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 103.846974][ T7155] team0: Port device dummy0 removed [ 103.855380][ T7155] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 103.871896][ T7159] loop3: detected capacity change from 0 to 512 [ 103.884386][ T7159] EXT4-fs (loop3): orphan cleanup on readonly fs [ 103.897948][ T7159] EXT4-fs warning (device loop3): ext4_xattr_inode_get:542: inode #11: comm syz.3.1193: ea_inode file size=4 entry size=6 [ 103.920030][ T7159] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 103.939835][ T6592] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.951920][ T6619] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.959004][ T7159] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #15: comm syz.3.1193: corrupted inode contents [ 103.974354][ T6619] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.992213][ T7159] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #15: comm syz.3.1193: mark_inode_dirty error [ 104.022153][ T7159] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #15: comm syz.3.1193: corrupted inode contents [ 104.025988][ C1] sd 0:0:1:0: [sda] tag#2309 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 104.044474][ C1] sd 0:0:1:0: [sda] tag#2309 CDB: Write(6) 0a 00 4e 21 ff ff [ 104.052506][ T7176] bond0: (slave dummy0): Releasing backup interface [ 104.059772][ T7159] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2991: inode #15: comm syz.3.1193: mark_inode_dirty error [ 104.075433][ T7176] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 104.087500][ T7159] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2994: inode #15: comm syz.3.1193: mark inode dirty (error -117) [ 104.100360][ T7176] team0: Failed to send options change via netlink (err -105) [ 104.108299][ T7176] team0: Port device dummy0 added [ 104.117848][ T7182] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 104.128238][ T7159] EXT4-fs warning (device loop3): ext4_evict_inode:274: xattr delete (err -117) [ 104.141531][ T7182] team0: Failed to send options change via netlink (err -105) [ 104.151236][ T7159] EXT4-fs (loop3): 1 orphan inode deleted [ 104.158634][ T7159] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 104.164855][ T7182] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 104.187833][ T7182] team0: Port device dummy0 removed [ 104.197316][ T7182] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 104.206545][ T7185] netlink: 288 bytes leftover after parsing attributes in process `syz.0.1197'. [ 104.219181][ T7185] loop0: detected capacity change from 0 to 128 [ 104.230025][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.288144][ T7198] loop0: detected capacity change from 0 to 128 [ 104.312195][ T7197] loop3: detected capacity change from 0 to 4096 [ 104.328559][ T7198] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 104.366198][ T7197] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.379248][ T7198] ext4 filesystem being mounted at /268/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 104.443055][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.477005][ T3305] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 104.537744][ T7220] loop0: detected capacity change from 0 to 128 [ 104.565643][ T7223] loop4: detected capacity change from 0 to 128 [ 104.591329][ T7225] program syz.3.1208 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 104.690748][ T7230] netlink: 288 bytes leftover after parsing attributes in process `syz.0.1210'. [ 104.720359][ T7230] loop0: detected capacity change from 0 to 128 [ 104.721990][ T7234] loop1: detected capacity change from 0 to 4096 [ 104.760339][ T7234] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.789018][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.795976][ C1] sd 0:0:1:0: [sda] tag#2315 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 104.808436][ C1] sd 0:0:1:0: [sda] tag#2315 CDB: Write(6) 0a 00 4e 21 ff ff [ 104.851205][ T7243] loop1: detected capacity change from 0 to 128 [ 104.861286][ T7243] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 104.874240][ T7243] ext4 filesystem being mounted at /227/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 104.920218][ T3304] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 104.984223][ T7247] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1216'. [ 105.038288][ T7252] program syz.0.1219 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 105.091895][ T7258] 9pnet_fd: Insufficient options for proto=fd [ 105.169640][ T7263] bond0: (slave dummy0): Releasing backup interface [ 105.179537][ T7263] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 105.188673][ T7263] team0: Failed to send options change via netlink (err -105) [ 105.196199][ T7263] team0: Port device dummy0 added [ 105.202444][ T7266] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1224'. [ 105.212949][ T7263] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 105.224390][ T7263] team0: Failed to send options change via netlink (err -105) [ 105.232073][ T7263] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 105.241201][ T7263] team0: Port device dummy0 removed [ 105.246794][ C1] sd 0:0:1:0: [sda] tag#2321 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 105.257184][ C1] sd 0:0:1:0: [sda] tag#2321 CDB: Write(6) 0a 00 4e 21 ff ff [ 105.266961][ T7263] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 105.298155][ T7270] loop2: detected capacity change from 0 to 512 [ 105.307136][ T7270] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 105.325267][ T7270] EXT4-fs (loop2): 1 truncate cleaned up [ 105.331764][ T7270] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.568568][ T7281] loop1: detected capacity change from 0 to 512 [ 105.628823][ T7281] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.641528][ T7281] ext4 filesystem being mounted at /236/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.043842][ T7289] netlink: 288 bytes leftover after parsing attributes in process `syz.0.1230'. [ 106.057483][ T7292] 9pnet_fd: Insufficient options for proto=fd [ 106.065803][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 106.080666][ T7289] loop0: detected capacity change from 0 to 128 [ 106.121869][ T7301] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1235'. [ 106.145246][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.203426][ T7305] Q6\bY4 speed is unknown, defaulting to 1000 [ 106.245607][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.263454][ T7311] netlink: 272 bytes leftover after parsing attributes in process `syz.0.1239'. [ 106.273433][ T7305] lo speed is unknown, defaulting to 1000 [ 106.317260][ T7317] program syz.1.1241 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 106.330140][ T7307] loop4: detected capacity change from 0 to 512 [ 106.337132][ T7307] EXT4-fs: Ignoring removed mblk_io_submit option [ 106.343745][ T7307] EXT4-fs: Ignoring removed nomblk_io_submit option [ 106.353649][ T7307] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 106.362271][ T7307] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 106.404035][ T7307] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.1238: Allocating blocks 41-42 which overlap fs metadata [ 106.436194][ T7307] EXT4-fs (loop4): Remounting filesystem read-only [ 106.443209][ T7307] EXT4-fs (loop4): 1 truncate cleaned up [ 106.449791][ T7307] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.463090][ T7307] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.521111][ T7331] 9pnet_fd: Insufficient options for proto=fd [ 106.536085][ C1] sd 0:0:1:0: [sda] tag#2331 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 106.546523][ C1] sd 0:0:1:0: [sda] tag#2331 CDB: Write(6) 0a 00 4e 21 ff ff [ 106.561829][ T7332] validate_nla: 5 callbacks suppressed [ 106.561879][ T7332] netlink: 'syz.0.1245': attribute type 10 has an invalid length. [ 106.581373][ T7332] bond0: (slave dummy0): Releasing backup interface [ 106.590840][ T7332] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 106.600929][ T7332] team0: Failed to send options change via netlink (err -105) [ 106.608525][ T7332] team0: Port device dummy0 added [ 106.614988][ T7337] netlink: 'syz.0.1245': attribute type 10 has an invalid length. [ 106.624593][ T7336] netlink: 288 bytes leftover after parsing attributes in process `syz.4.1247'. [ 106.634444][ T7337] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 106.635462][ T7336] loop4: detected capacity change from 0 to 128 [ 106.651996][ T7337] team0: Failed to send options change via netlink (err -105) [ 106.665079][ T7337] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 106.704101][ T7337] team0: Port device dummy0 removed [ 106.712549][ T7337] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 106.721608][ T7339] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1248'. [ 107.019475][ T7355] netlink: 'syz.3.1251': attribute type 4 has an invalid length. [ 107.027306][ T7355] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1251'. [ 107.063360][ T7355] cgroup: Unexpected value for 'nofavordynmods' [ 107.146986][ T7359] netlink: 'syz.3.1253': attribute type 10 has an invalid length. [ 107.160747][ T7359] bond0: (slave dummy0): Releasing backup interface [ 107.221606][ T7361] loop4: detected capacity change from 0 to 512 [ 107.276924][ T7362] netlink: 'syz.3.1253': attribute type 10 has an invalid length. [ 107.302014][ T7361] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.314876][ T7361] ext4 filesystem being mounted at /246/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.378797][ T7359] dummy0: entered promiscuous mode [ 107.419578][ T7359] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 107.471142][ T7367] loop1: detected capacity change from 0 to 512 [ 107.510188][ T7367] EXT4-fs: Ignoring removed mblk_io_submit option [ 107.529535][ T7359] team0: Failed to send options change via netlink (err -105) [ 107.537113][ T7359] team0: Port device dummy0 added [ 107.584491][ T7367] EXT4-fs: Ignoring removed nomblk_io_submit option [ 107.679121][ T7362] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 107.715917][ T7367] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 107.724438][ T7367] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 107.749710][ T7362] dummy0: left promiscuous mode [ 107.756005][ T7362] team0: Failed to send options change via netlink (err -105) [ 107.767275][ T7362] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 107.778940][ T7367] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.1254: Allocating blocks 41-42 which overlap fs metadata [ 107.794199][ T7362] team0: Port device dummy0 removed [ 107.799803][ T7367] EXT4-fs (loop1): Remounting filesystem read-only [ 107.810045][ T7362] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 107.818912][ T7367] EXT4-fs (loop1): 1 truncate cleaned up [ 107.824918][ T7367] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.839472][ T7367] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.949004][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.048648][ T7396] program syz.0.1264 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 108.089189][ T7398] loop4: detected capacity change from 0 to 128 [ 108.219143][ T7411] loop1: detected capacity change from 0 to 2048 [ 108.228082][ T7407] netlink: 'syz.4.1268': attribute type 10 has an invalid length. [ 108.237733][ T7407] bond0: (slave dummy0): Releasing backup interface [ 108.247292][ T7407] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 108.256021][ C1] sd 0:0:1:0: [sda] tag#2337 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 108.256119][ T7407] team0: Failed to send options change via netlink (err -105) [ 108.266463][ C1] sd 0:0:1:0: [sda] tag#2337 CDB: Write(6) 0a 00 4e 21 ff ff [ 108.273892][ T7407] team0: Port device dummy0 added [ 108.282975][ T7412] netlink: 'syz.4.1268': attribute type 10 has an invalid length. [ 108.294913][ T7412] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 108.296022][ T3606] loop1: p2 < > p3 < > [ 108.308033][ T3606] loop1: partition table partially beyond EOD, truncated [ 108.315317][ T7412] team0: Failed to send options change via netlink (err -105) [ 108.315431][ T3606] loop1: p2 start 4278190080 is beyond EOD, truncated [ 108.324309][ T7412] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 108.340397][ T7411] loop1: p2 < > p3 < > [ 108.341506][ T7412] team0: Port device dummy0 removed [ 108.344584][ T7411] loop1: partition table partially beyond EOD, truncated [ 108.344714][ T7411] loop1: p2 start 4278190080 is beyond EOD, [ 108.352793][ T7412] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 108.356974][ T7411] truncated [ 108.417226][ T3606] udevd[3606]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 108.438923][ T3606] udevd[3606]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 108.533745][ T7416] loop4: detected capacity change from 0 to 512 [ 108.541634][ T7416] EXT4-fs: Ignoring removed mblk_io_submit option [ 108.548357][ T7416] EXT4-fs: Ignoring removed nomblk_io_submit option [ 108.556391][ T7416] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 108.565068][ T7416] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 108.577546][ T7416] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.1273: Allocating blocks 41-42 which overlap fs metadata [ 108.591600][ T7416] EXT4-fs (loop4): Remounting filesystem read-only [ 108.598245][ T7416] __quota_error: 202 callbacks suppressed [ 108.598263][ T7416] Quota error (device loop4): write_blk: dquota write failed [ 108.611432][ T7416] Quota error (device loop4): find_free_dqentry: Can't write quota data block 5 [ 108.620867][ T7416] Quota error (device loop4): write_blk: dquota write failed [ 108.632423][ T7416] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 108.642501][ T7416] EXT4-fs (loop4): 1 truncate cleaned up [ 108.649192][ T7416] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.676735][ T7426] loop1: detected capacity change from 0 to 512 [ 108.745345][ T7416] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.823258][ T7426] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.835946][ T7426] ext4 filesystem being mounted at /244/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.965565][ T7430] netlink: 'syz.2.1274': attribute type 10 has an invalid length. [ 109.001223][ T7434] loop0: detected capacity change from 0 to 128 [ 109.047409][ T7437] netlink: 'syz.2.1274': attribute type 10 has an invalid length. [ 109.091563][ T7436] loop3: detected capacity change from 0 to 1024 [ 109.133983][ T7430] bond0: (slave dummy0): Releasing backup interface [ 109.168921][ T7430] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 109.177953][ T7430] team0: Failed to send options change via netlink (err -105) [ 109.185459][ T7430] team0: Port device dummy0 added [ 109.194536][ T7437] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 109.212089][ T7436] Quota error (device loop3): do_check_range: Getting block 64 out of range 1-5 [ 109.221310][ T7436] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 109.230805][ T7436] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.1277: Failed to acquire dquot type 0 [ 109.245482][ T7436] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 109.260213][ T7437] team0: Failed to send options change via netlink (err -105) [ 109.283457][ T7436] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #13: comm syz.3.1277: corrupted inode contents [ 109.302450][ T7437] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 109.329262][ T7437] team0: Port device dummy0 removed [ 109.330331][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.334658][ T7436] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #13: comm syz.3.1277: mark_inode_dirty error [ 109.356698][ T7436] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #13: comm syz.3.1277: corrupted inode contents [ 109.367658][ T7437] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 109.378178][ T7436] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #13: comm syz.3.1277: mark_inode_dirty error [ 109.390391][ T7436] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #13: comm syz.3.1277: corrupted inode contents [ 109.403154][ T7436] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 109.415983][ T7436] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #13: comm syz.3.1277: corrupted inode contents [ 109.428499][ T7436] EXT4-fs error (device loop3): ext4_truncate:4666: inode #13: comm syz.3.1277: mark_inode_dirty error [ 109.466141][ T7436] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 109.476642][ T7454] loop1: detected capacity change from 0 to 128 [ 109.496987][ T7448] netlink: 'syz.2.1284': attribute type 10 has an invalid length. [ 109.516447][ T7436] EXT4-fs (loop3): 1 truncate cleaned up [ 109.522499][ T7448] bond0: (slave dummy0): Releasing backup interface [ 109.529168][ T7436] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.546070][ T7448] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 109.555374][ T7448] team0: Failed to send options change via netlink (err -105) [ 109.562916][ T7448] team0: Port device dummy0 added [ 109.572907][ T7457] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 109.601042][ T7457] team0: Failed to send options change via netlink (err -105) [ 109.609227][ T7457] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 109.619577][ T7457] team0: Port device dummy0 removed [ 109.641934][ T7457] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 109.651943][ T7459] __nla_validate_parse: 5 callbacks suppressed [ 109.651992][ T7459] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1287'. [ 109.675076][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.752494][ T7465] loop0: detected capacity change from 0 to 512 [ 109.760033][ T7465] EXT4-fs: Ignoring removed mblk_io_submit option [ 109.775503][ T29] audit: type=1326 audit(1758624801.771:3270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7474 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 109.799009][ T29] audit: type=1326 audit(1758624801.771:3271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7474 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 109.803102][ T7465] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.831147][ T7465] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 109.839676][ T7465] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 109.857184][ T29] audit: type=1326 audit(1758624801.831:3272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7474 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 109.858846][ T7478] Q6\bY4 speed is unknown, defaulting to 1000 [ 109.880713][ T29] audit: type=1326 audit(1758624801.831:3273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7474 comm="syz.1.1294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 109.916990][ T7465] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.1290: Allocating blocks 41-42 which overlap fs metadata [ 109.924746][ T7478] lo speed is unknown, defaulting to 1000 [ 109.932108][ T7465] EXT4-fs (loop0): Remounting filesystem read-only [ 109.943302][ T7465] EXT4-fs (loop0): 1 truncate cleaned up [ 109.968373][ T7465] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.000138][ T7465] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.047002][ T7488] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1298'. [ 110.083760][ T7491] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.116715][ T7493] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1300'. [ 110.181406][ T7491] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.218801][ T7499] bond0: (slave dummy0): Releasing backup interface [ 110.228330][ T7499] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 110.237152][ T7499] team0: Failed to send options change via netlink (err -105) [ 110.244633][ T7499] team0: Port device dummy0 added [ 110.254347][ T7499] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 110.264973][ T7499] team0: Failed to send options change via netlink (err -105) [ 110.272835][ T7499] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 110.282905][ T7499] team0: Port device dummy0 removed [ 110.290893][ T7499] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 110.359975][ T7491] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.494612][ T7491] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.603790][ T7511] loop1: detected capacity change from 0 to 512 [ 110.620035][ T7511] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.632824][ T7511] ext4 filesystem being mounted at /253/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.896651][ T7517] loop4: detected capacity change from 0 to 512 [ 110.952984][ T7517] EXT4-fs: Ignoring removed mblk_io_submit option [ 111.019601][ T7519] bond0: (slave dummy0): Releasing backup interface [ 111.059177][ T7517] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.114928][ T7517] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 111.123427][ T7517] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 111.133499][ T7519] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 111.143767][ T7519] team0: Failed to send options change via netlink (err -105) [ 111.151328][ T7519] team0: Port device dummy0 added [ 111.160965][ T7521] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 111.167449][ T7517] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.1308: Allocating blocks 41-42 which overlap fs metadata [ 111.192016][ T7521] team0: Failed to send options change via netlink (err -105) [ 111.204903][ T7528] loop0: detected capacity change from 0 to 128 [ 111.225944][ T7521] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 111.260659][ T7517] EXT4-fs (loop4): Remounting filesystem read-only [ 111.266396][ T7521] team0: Port device dummy0 removed [ 111.268712][ T7517] EXT4-fs (loop4): 1 truncate cleaned up [ 111.279087][ T7528] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 111.279808][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.294220][ T7521] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 111.300548][ T7517] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.310459][ T7528] ext4 filesystem being mounted at /292/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 111.353545][ T7517] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.380243][ T6619] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.489150][ T7531] loop1: detected capacity change from 0 to 4096 [ 111.496159][ T6619] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.504799][ T6619] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.513109][ T6619] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.527092][ T3305] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 111.529107][ T7531] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.622456][ T7543] loop2: detected capacity change from 0 to 512 [ 111.642590][ T7543] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.655391][ T7543] ext4 filesystem being mounted at /253/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 111.832612][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.027965][ T7551] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1320'. [ 112.147514][ T7558] loop4: detected capacity change from 0 to 128 [ 112.299506][ T7566] loop1: detected capacity change from 0 to 1024 [ 112.309300][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.337748][ T7568] loop4: detected capacity change from 0 to 128 [ 112.360369][ T7568] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 112.368264][ T7569] loop0: detected capacity change from 0 to 512 [ 112.380007][ T7566] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 112.390991][ T7566] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 112.402967][ T7568] ext4 filesystem being mounted at /265/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 112.472422][ T7569] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 112.501992][ T7566] JBD2: no valid journal superblock found [ 112.507843][ T7566] EXT4-fs (loop1): Could not load journal inode [ 112.528487][ T3309] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 112.531206][ T7569] ext4 filesystem being mounted at /296/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.567462][ T7578] loop3: detected capacity change from 0 to 4096 [ 112.604200][ T7578] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.662075][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.668425][ T7562] EXT4-fs (loop0): shut down requested (1) [ 112.767149][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 112.815579][ T7594] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1333'. [ 112.824586][ T7594] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1333'. [ 112.836091][ T7595] validate_nla: 5 callbacks suppressed [ 112.836107][ T7595] netlink: 'syz.2.1331': attribute type 4 has an invalid length. [ 112.836122][ T7595] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1331'. [ 112.878944][ T7595] cgroup: Unexpected value for 'nofavordynmods' [ 112.895260][ T7595] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.926122][ T6592] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.926303][ T6592] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.926336][ T6592] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.926376][ T6592] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.931505][ T7594] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1333'. [ 112.931612][ T7594] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1333'. [ 112.949331][ T7595] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.056843][ T7607] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1336'. [ 113.078581][ T7595] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.091514][ T7612] loop4: detected capacity change from 0 to 128 [ 113.100607][ T7612] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 113.101657][ T7612] ext4 filesystem being mounted at /269/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 113.157262][ T7611] netlink: 'syz.0.1338': attribute type 10 has an invalid length. [ 113.166149][ T7595] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.172777][ T7615] netlink: 'syz.3.1340': attribute type 10 has an invalid length. [ 113.187844][ T7611] bond0: (slave dummy0): Releasing backup interface [ 113.190644][ T3309] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 113.213048][ T7617] netlink: 'syz.0.1338': attribute type 10 has an invalid length. [ 113.213564][ T7611] team0: Port device dummy0 added [ 113.223363][ T7620] netlink: 'syz.3.1340': attribute type 10 has an invalid length. [ 113.242272][ T7615] bond0: (slave dummy0): Releasing backup interface [ 113.253333][ T7615] dummy0: entered promiscuous mode [ 113.274564][ T7624] FAULT_INJECTION: forcing a failure. [ 113.274564][ T7624] name failslab, interval 1, probability 0, space 0, times 0 [ 113.287306][ T7624] CPU: 1 UID: 0 PID: 7624 Comm: syz.1.1343 Not tainted syzkaller #0 PREEMPT(voluntary) [ 113.287340][ T7624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 113.287355][ T7624] Call Trace: [ 113.287364][ T7624] [ 113.287374][ T7624] __dump_stack+0x1d/0x30 [ 113.287399][ T7624] dump_stack_lvl+0xe8/0x140 [ 113.287549][ T7622] loop4: detected capacity change from 0 to 4096 [ 113.287499][ T7624] dump_stack+0x15/0x1b [ 113.287587][ T7624] should_fail_ex+0x265/0x280 [ 113.287621][ T7624] should_failslab+0x8c/0xb0 [ 113.287659][ T7624] kmem_cache_alloc_noprof+0x50/0x310 [ 113.287700][ T7624] ? posix_lock_inode+0x218/0x2380 [ 113.287808][ T7624] posix_lock_inode+0x218/0x2380 [ 113.287838][ T7624] ? file_has_perm+0x324/0x370 [ 113.287877][ T7624] fcntl_setlk+0x61f/0x950 [ 113.287997][ T7624] do_fcntl+0x5dd/0xdf0 [ 113.288111][ T7624] ? selinux_file_fcntl+0x1cb/0x1e0 [ 113.288156][ T7624] __se_sys_fcntl+0xb1/0x120 [ 113.288209][ T7624] __x64_sys_fcntl+0x43/0x50 [ 113.288249][ T7624] x64_sys_call+0x29a0/0x2ff0 [ 113.288279][ T7624] do_syscall_64+0xd2/0x200 [ 113.288374][ T7624] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 113.288480][ T7624] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 113.288523][ T7624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.288552][ T7624] RIP: 0033:0x7fcf0b7ceec9 [ 113.288573][ T7624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.288599][ T7624] RSP: 002b:00007fcf0a22f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 113.288672][ T7624] RAX: ffffffffffffffda RBX: 00007fcf0ba25fa0 RCX: 00007fcf0b7ceec9 [ 113.288690][ T7624] RDX: 0000200000000000 RSI: 0000000000000026 RDI: 0000000000000004 [ 113.288707][ T7624] RBP: 00007fcf0a22f090 R08: 0000000000000000 R09: 0000000000000000 [ 113.288723][ T7624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.288740][ T7624] R13: 00007fcf0ba26038 R14: 00007fcf0ba25fa0 R15: 00007ffd423367a8 [ 113.288819][ T7624] [ 113.290118][ T7615] team0: Port device dummy0 added [ 113.349214][ T7622] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.507175][ T7617] team0: Port device dummy0 removed [ 113.516736][ T7617] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 113.526091][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.528191][ T7620] dummy0: left promiscuous mode [ 113.541826][ T7620] team0: Port device dummy0 removed [ 113.552714][ T7620] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 113.609835][ T7635] 9pnet_fd: Insufficient options for proto=fd [ 113.630277][ T6606] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.657454][ T6606] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.667823][ T29] kauditd_printk_skb: 51 callbacks suppressed [ 113.667842][ T29] audit: type=1326 audit(1758624805.671:3317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7637 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 113.697669][ T29] audit: type=1326 audit(1758624805.671:3318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7637 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 113.724350][ T6606] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.733129][ T6606] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.747093][ T7643] loop2: detected capacity change from 0 to 128 [ 113.749451][ T7645] loop0: detected capacity change from 0 to 128 [ 113.766101][ T29] audit: type=1326 audit(1758624805.731:3319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7637 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 113.789665][ T29] audit: type=1326 audit(1758624805.731:3320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7637 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 113.813282][ T29] audit: type=1326 audit(1758624805.731:3321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7637 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 113.836893][ T29] audit: type=1326 audit(1758624805.731:3322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7637 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 113.841354][ T7643] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 113.860430][ T29] audit: type=1326 audit(1758624805.731:3323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7637 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 113.860502][ T29] audit: type=1326 audit(1758624805.731:3324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7637 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 113.860538][ T29] audit: type=1326 audit(1758624805.731:3325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7637 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 113.860572][ T29] audit: type=1326 audit(1758624805.731:3326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7637 comm="syz.1.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 113.949239][ T7636] netlink: 'syz.4.1348': attribute type 10 has an invalid length. [ 113.979619][ T7643] ext4 filesystem being mounted at /256/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 114.013450][ T7649] netlink: 'syz.4.1348': attribute type 10 has an invalid length. [ 114.028957][ T7636] bond0: (slave dummy0): Releasing backup interface [ 114.039454][ T7636] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 114.039839][ T3311] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 114.048564][ T7636] team0: Failed to send options change via netlink (err -105) [ 114.064901][ T7636] team0: Port device dummy0 added [ 114.108573][ T7649] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 114.125608][ T7649] team0: Failed to send options change via netlink (err -105) [ 114.133874][ T7649] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 114.149156][ T7649] team0: Port device dummy0 removed [ 114.163230][ T7649] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 114.210911][ T7653] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.331890][ T7676] netlink: 'syz.2.1361': attribute type 4 has an invalid length. [ 114.352175][ T7673] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.401208][ T7679] cgroup: Unexpected value for 'nofavordynmods' [ 114.493427][ T7653] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.550268][ T7679] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.584871][ T7673] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.633077][ T7688] loop0: detected capacity change from 0 to 128 [ 114.668143][ T7653] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.686496][ T7688] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 114.699569][ T7688] ext4 filesystem being mounted at /302/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 114.732959][ T7679] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.761229][ T3305] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 114.769468][ T7673] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.840022][ T7653] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.915242][ T7679] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.954329][ T7673] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.981721][ T7679] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.000066][ T4335] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.011599][ T4335] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.023179][ T4335] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.036609][ T4335] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.079930][ T7699] __nla_validate_parse: 2 callbacks suppressed [ 115.079947][ T7699] netlink: 288 bytes leftover after parsing attributes in process `syz.1.1368'. [ 115.128542][ T6606] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.145478][ T6606] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.163608][ T7701] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1369'. [ 115.174150][ T6606] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.195795][ T6606] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.249656][ T7707] loop4: detected capacity change from 0 to 512 [ 115.256886][ T7707] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 115.294255][ T7714] loop1: detected capacity change from 0 to 128 [ 115.301853][ T7707] EXT4-fs (loop4): 1 truncate cleaned up [ 115.313239][ T7707] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.326643][ T7714] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 115.334131][ T7707] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 16: block 33:freeing already freed block (bit 32); block bitmap corrupt. [ 115.339310][ T7714] ext4 filesystem being mounted at /268/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 115.361300][ T7707] netlink: 8 bytes leftover after parsing attributes in process `+}[@'. [ 115.393725][ T7719] loop0: detected capacity change from 0 to 512 [ 115.412316][ T7719] EXT4-fs (loop0): bad block size 8192 [ 115.421593][ T7721] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1377'. [ 115.434504][ T3304] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 115.448994][ T3309] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.499029][ T7728] loop1: detected capacity change from 0 to 164 [ 115.523052][ T7728] pim6reg: entered allmulticast mode [ 115.529389][ T7727] pim6reg: left allmulticast mode [ 115.588639][ T7732] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1381'. [ 115.597737][ T7732] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1381'. [ 115.673714][ T7734] Q6\bY4 speed is unknown, defaulting to 1000 [ 115.705250][ T7736] loop3: detected capacity change from 0 to 8192 [ 115.721085][ T7734] lo speed is unknown, defaulting to 1000 [ 115.803817][ T7739] netlink: 'syz.3.1384': attribute type 10 has an invalid length. [ 115.990294][ T7750] loop1: detected capacity change from 0 to 4096 [ 115.999726][ T7750] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.017578][ T7750] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1389'. [ 116.035062][ T7750] program syz.1.1389 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 116.045491][ T7750] netlink: 'syz.1.1389': attribute type 1 has an invalid length. [ 116.053342][ T7750] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1389'. [ 116.110860][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.204796][ T7760] Q6\bY4 speed is unknown, defaulting to 1000 [ 116.238509][ T7760] lo speed is unknown, defaulting to 1000 [ 116.423485][ T7770] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1398'. [ 116.506814][ T7780] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.536489][ T7781] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1401'. [ 116.550501][ T7781] cgroup: Unexpected value for 'nofavordynmods' [ 116.562099][ T7781] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.575164][ T7780] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.597464][ T7781] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.637699][ T7780] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.677917][ T7781] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.690087][ T7780] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.728079][ T7781] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.833647][ T7811] Q6\bY4 speed is unknown, defaulting to 1000 [ 117.867177][ T7811] lo speed is unknown, defaulting to 1000 [ 117.947396][ T6606] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.989065][ T6598] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.011376][ T6598] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.019911][ T6598] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.038500][ T7823] loop0: detected capacity change from 0 to 128 [ 118.094493][ T7827] loop2: detected capacity change from 0 to 128 [ 118.101867][ T7827] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 118.591627][ T6610] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.602995][ T6610] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.614409][ T6610] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.626121][ T6610] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.818656][ T7839] validate_nla: 2 callbacks suppressed [ 118.818703][ T7839] netlink: 'syz.4.1424': attribute type 10 has an invalid length. [ 118.852772][ T7839] bond0: (slave dummy0): Releasing backup interface [ 118.869550][ T7842] netlink: 'syz.4.1424': attribute type 10 has an invalid length. [ 118.872253][ T7839] team0: Port device dummy0 added [ 118.901366][ T7842] team0: Port device dummy0 removed [ 118.909573][ T7842] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 119.003166][ T7846] Q6\bY4 speed is unknown, defaulting to 1000 [ 119.076755][ T7856] loop0: detected capacity change from 0 to 128 [ 119.101693][ T7856] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 119.125252][ T7855] netlink: 'syz.4.1429': attribute type 10 has an invalid length. [ 119.142094][ T7856] ext4 filesystem being mounted at /320/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 119.157391][ T29] kauditd_printk_skb: 316 callbacks suppressed [ 119.157413][ T29] audit: type=1326 audit(1758624811.161:3643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7859 comm="syz.3.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 119.203933][ T29] audit: type=1326 audit(1758624811.161:3644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7859 comm="syz.3.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 119.214304][ T7862] netlink: 'syz.4.1429': attribute type 10 has an invalid length. [ 119.230060][ T29] audit: type=1326 audit(1758624811.191:3645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7859 comm="syz.3.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 119.259073][ T29] audit: type=1326 audit(1758624811.191:3646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7859 comm="syz.3.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 119.282601][ T29] audit: type=1326 audit(1758624811.191:3647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7859 comm="syz.3.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 119.306180][ T29] audit: type=1326 audit(1758624811.191:3648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7859 comm="syz.3.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 119.329615][ T29] audit: type=1326 audit(1758624811.191:3649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7859 comm="syz.3.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 119.353081][ T29] audit: type=1326 audit(1758624811.191:3650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7859 comm="syz.3.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 119.376574][ T29] audit: type=1326 audit(1758624811.191:3651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7859 comm="syz.3.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 119.400009][ T29] audit: type=1326 audit(1758624811.191:3652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7859 comm="syz.3.1431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 119.440720][ T7855] bond0: (slave dummy0): Releasing backup interface [ 119.466758][ T7855] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 119.483637][ T7855] team0: Failed to send options change via netlink (err -105) [ 119.491304][ T7855] team0: Port device dummy0 added [ 119.497690][ T7846] lo speed is unknown, defaulting to 1000 [ 119.503980][ T7862] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 119.517818][ T7862] team0: Failed to send options change via netlink (err -105) [ 119.525455][ T7862] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 119.540140][ T7862] team0: Port device dummy0 removed [ 119.548301][ T7862] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 119.572208][ T7852] netlink: 'syz.1.1428': attribute type 4 has an invalid length. [ 119.584547][ T7852] cgroup: Unexpected value for 'nofavordynmods' [ 119.593358][ T7852] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.608319][ T7874] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 119.618220][ T7874] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.664104][ T7852] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.687500][ T7880] netlink: 'syz.3.1437': attribute type 10 has an invalid length. [ 119.702151][ T7874] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 119.712139][ T7874] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.756962][ T7888] netlink: 'syz.3.1440': attribute type 4 has an invalid length. [ 119.764904][ T7888] netlink: 'syz.3.1440': attribute type 4 has an invalid length. [ 119.775932][ T7888] netlink: 'syz.3.1440': attribute type 4 has an invalid length. [ 119.783935][ T7874] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 119.786185][ T7888] netlink: 'syz.3.1440': attribute type 4 has an invalid length. [ 119.793895][ T7874] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.817237][ T7852] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.901549][ T7887] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 119.921673][ T7898] loop2: detected capacity change from 0 to 128 [ 119.952546][ T7874] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 119.962449][ T7874] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.984486][ T7898] ext4 filesystem being mounted at /263/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 120.019607][ T7852] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.107026][ T7902] bond0: (slave dummy0): Releasing backup interface [ 120.144876][ T7902] dummy0: entered promiscuous mode [ 120.153709][ T7902] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 120.163497][ T7906] __nla_validate_parse: 6 callbacks suppressed [ 120.163513][ T7906] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1443'. [ 120.179296][ T7902] team0: Failed to send options change via netlink (err -105) [ 120.186861][ T7902] team0: Port device dummy0 added [ 120.197379][ T6610] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 120.205700][ T6610] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.217692][ T7911] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 120.236103][ T7911] dummy0: left promiscuous mode [ 120.251857][ T7911] team0: Failed to send options change via netlink (err -105) [ 120.259661][ T7911] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 120.271836][ T7911] team0: Port device dummy0 removed [ 120.280683][ T7911] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 120.294401][ T7915] FAULT_INJECTION: forcing a failure. [ 120.294401][ T7915] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 120.307668][ T7915] CPU: 0 UID: 0 PID: 7915 Comm: syz.2.1449 Not tainted syzkaller #0 PREEMPT(voluntary) [ 120.307704][ T7915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 120.307748][ T7915] Call Trace: [ 120.307756][ T7915] [ 120.307765][ T7915] __dump_stack+0x1d/0x30 [ 120.307872][ T7915] dump_stack_lvl+0xe8/0x140 [ 120.307894][ T7915] dump_stack+0x15/0x1b [ 120.307912][ T7915] should_fail_ex+0x265/0x280 [ 120.307981][ T7915] should_fail+0xb/0x20 [ 120.308004][ T7915] should_fail_usercopy+0x1a/0x20 [ 120.308032][ T7915] _copy_from_user+0x1c/0xb0 [ 120.308131][ T7915] __copy_msghdr+0x244/0x300 [ 120.308161][ T7915] ___sys_sendmsg+0x109/0x1d0 [ 120.308208][ T7915] __sys_sendmmsg+0x178/0x300 [ 120.308288][ T7915] __x64_sys_sendmmsg+0x57/0x70 [ 120.308318][ T7915] x64_sys_call+0x1c4a/0x2ff0 [ 120.308343][ T7915] do_syscall_64+0xd2/0x200 [ 120.308378][ T7915] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 120.308416][ T7915] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 120.308450][ T7915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.308541][ T7915] RIP: 0033:0x7f2e854ceec9 [ 120.308560][ T7915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.308582][ T7915] RSP: 002b:00007f2e83f37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 120.308605][ T7915] RAX: ffffffffffffffda RBX: 00007f2e85725fa0 RCX: 00007f2e854ceec9 [ 120.308620][ T7915] RDX: 0000000000000001 RSI: 0000200000000780 RDI: 0000000000000003 [ 120.308634][ T7915] RBP: 00007f2e83f37090 R08: 0000000000000000 R09: 0000000000000000 [ 120.308688][ T7915] R10: 0000000004008804 R11: 0000000000000246 R12: 0000000000000001 [ 120.308703][ T7915] R13: 00007f2e85726038 R14: 00007f2e85725fa0 R15: 00007fff963c3c08 [ 120.308756][ T7915] [ 120.312089][ T6610] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 120.500559][ T6610] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.509437][ T6619] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 120.517928][ T6619] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.527082][ T6619] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 120.535427][ T6619] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.594573][ T7926] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1451'. [ 120.639518][ T7928] loop0: detected capacity change from 0 to 128 [ 120.651929][ T7928] ext4 filesystem being mounted at /324/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 120.708351][ T7925] loop4: detected capacity change from 0 to 512 [ 120.714986][ T7925] EXT4-fs: Ignoring removed mblk_io_submit option [ 120.721814][ T7925] EXT4-fs: Ignoring removed nomblk_io_submit option [ 120.729755][ T7925] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 120.738345][ T7925] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 120.808650][ T7941] netlink: 268 bytes leftover after parsing attributes in process `syz.3.1459'. [ 120.848395][ T7925] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.1453: Allocating blocks 41-42 which overlap fs metadata [ 120.877957][ T7925] EXT4-fs (loop4): Remounting filesystem read-only [ 120.895009][ T7925] EXT4-fs (loop4): 1 truncate cleaned up [ 120.908708][ T7947] bond0: (slave dummy0): Releasing backup interface [ 120.927823][ T7947] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 120.952011][ T7947] team0: Failed to send options change via netlink (err -105) [ 120.959566][ T7947] team0: Port device dummy0 added [ 120.967641][ T7951] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 120.988627][ T7951] team0: Failed to send options change via netlink (err -105) [ 120.997231][ T7951] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 121.006349][ T7951] team0: Port device dummy0 removed [ 121.015799][ T7951] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 121.086163][ T7958] netlink: 288 bytes leftover after parsing attributes in process `syz.4.1463'. [ 121.108863][ T7958] loop4: detected capacity change from 0 to 128 [ 121.152066][ T7960] loop3: detected capacity change from 0 to 128 [ 121.159801][ T7962] loop2: detected capacity change from 0 to 128 [ 121.170193][ T7962] ext4 filesystem being mounted at /270/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 121.234901][ T7968] loop0: detected capacity change from 0 to 512 [ 121.258601][ T7968] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 121.272432][ T7970] loop4: detected capacity change from 0 to 256 [ 121.276887][ T7968] EXT4-fs (loop0): 1 truncate cleaned up [ 121.351209][ T7970] bpf: Bad value for 'gid' [ 121.397961][ T7984] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1476'. [ 121.442680][ T7980] loop3: detected capacity change from 0 to 512 [ 121.449433][ T7980] EXT4-fs: Ignoring removed mblk_io_submit option [ 121.456268][ T7980] EXT4-fs: Ignoring removed nomblk_io_submit option [ 121.463548][ T7980] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 121.472138][ T7980] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 121.481512][ T7990] loop2: detected capacity change from 0 to 512 [ 121.489958][ T7980] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.1474: Allocating blocks 41-42 which overlap fs metadata [ 121.500923][ T7990] EXT4-fs: Ignoring removed mblk_io_submit option [ 121.519649][ T7994] ref_ctr increment failed for inode: 0x64a offset: 0x0 ref_ctr_offset: 0x82 of mm: 0xffff88810005dc00 [ 121.531044][ T7980] EXT4-fs (loop3): Remounting filesystem read-only [ 121.536615][ T7990] EXT4-fs: Ignoring removed nomblk_io_submit option [ 121.545050][ T7990] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 121.548740][ T7980] EXT4-fs (loop3): 1 truncate cleaned up [ 121.553585][ T7990] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 121.578588][ T7990] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.1475: Allocating blocks 41-42 which overlap fs metadata [ 121.599283][ T7990] EXT4-fs (loop2): Remounting filesystem read-only [ 121.606170][ T7990] EXT4-fs (loop2): 1 truncate cleaned up [ 121.614563][ T7998] netlink: 288 bytes leftover after parsing attributes in process `syz.3.1479'. [ 121.629037][ T7998] loop3: detected capacity change from 0 to 128 [ 121.674304][ T8002] loop3: detected capacity change from 0 to 1024 [ 121.681444][ T8002] EXT4-fs: Ignoring removed nobh option [ 121.687118][ T8002] EXT4-fs: inline encryption not supported [ 121.693067][ T8002] EXT4-fs: Ignoring removed bh option [ 121.725388][ T8005] loop2: detected capacity change from 0 to 512 [ 121.732806][ T8005] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 121.745399][ T8005] EXT4-fs (loop2): 1 truncate cleaned up [ 121.756202][ T7993] uprobe: syz.4.1478:7993 failed to unregister, leaking uprobe [ 122.529024][ T8015] wg2: entered promiscuous mode [ 122.533993][ T8015] wg2: entered allmulticast mode [ 122.551420][ T8018] loop3: detected capacity change from 0 to 1024 [ 122.563302][ T8018] EXT4-fs: Ignoring removed nobh option [ 122.569073][ T8018] EXT4-fs: inline encryption not supported [ 122.575014][ T8018] EXT4-fs: Ignoring removed bh option [ 122.638665][ T8018] FAULT_INJECTION: forcing a failure. [ 122.638665][ T8018] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 122.651840][ T8018] CPU: 0 UID: 0 PID: 8018 Comm: syz.3.1486 Not tainted syzkaller #0 PREEMPT(voluntary) [ 122.651876][ T8018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 122.651890][ T8018] Call Trace: [ 122.651898][ T8018] [ 122.651908][ T8018] __dump_stack+0x1d/0x30 [ 122.651994][ T8018] dump_stack_lvl+0xe8/0x140 [ 122.652073][ T8018] dump_stack+0x15/0x1b [ 122.652089][ T8018] should_fail_ex+0x265/0x280 [ 122.652114][ T8018] should_fail+0xb/0x20 [ 122.652135][ T8018] should_fail_usercopy+0x1a/0x20 [ 122.652199][ T8018] _copy_from_iter+0xd2/0xe80 [ 122.652228][ T8018] ? __build_skb_around+0x1a0/0x200 [ 122.652283][ T8018] ? __alloc_skb+0x223/0x320 [ 122.652376][ T8018] netlink_sendmsg+0x471/0x6b0 [ 122.652407][ T8018] ? __pfx_netlink_sendmsg+0x10/0x10 [ 122.652434][ T8018] __sock_sendmsg+0x145/0x180 [ 122.652519][ T8018] ____sys_sendmsg+0x31e/0x4e0 [ 122.652641][ T8018] ___sys_sendmsg+0x17b/0x1d0 [ 122.652685][ T8018] __x64_sys_sendmsg+0xd4/0x160 [ 122.652743][ T8018] x64_sys_call+0x191e/0x2ff0 [ 122.652765][ T8018] do_syscall_64+0xd2/0x200 [ 122.652799][ T8018] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 122.652824][ T8018] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 122.652917][ T8018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.652939][ T8018] RIP: 0033:0x7fb54cb2eec9 [ 122.652954][ T8018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.652973][ T8018] RSP: 002b:00007fb54b597038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 122.652996][ T8018] RAX: ffffffffffffffda RBX: 00007fb54cd85fa0 RCX: 00007fb54cb2eec9 [ 122.653009][ T8018] RDX: 0000000000004004 RSI: 0000200000000040 RDI: 0000000000000003 [ 122.653021][ T8018] RBP: 00007fb54b597090 R08: 0000000000000000 R09: 0000000000000000 [ 122.653033][ T8018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.653045][ T8018] R13: 00007fb54cd86038 R14: 00007fb54cd85fa0 R15: 00007fffe6b72458 [ 122.653065][ T8018] [ 122.880939][ T4335] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.890536][ T4335] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.926962][ T8039] bond0: (slave dummy0): Releasing backup interface [ 122.938231][ T8039] dummy0: entered promiscuous mode [ 122.943746][ T8039] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 122.955979][ T8039] team0: Failed to send options change via netlink (err -105) [ 122.963511][ T8039] team0: Port device dummy0 added [ 122.963679][ T8041] loop0: detected capacity change from 0 to 4096 [ 122.973148][ T8035] loop2: detected capacity change from 0 to 512 [ 122.982285][ T8035] EXT4-fs: Ignoring removed mblk_io_submit option [ 122.990406][ T8043] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 122.999285][ T8035] EXT4-fs: Ignoring removed nomblk_io_submit option [ 123.009548][ T8043] dummy0: left promiscuous mode [ 123.014764][ T8035] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 123.023306][ T8035] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 123.036115][ T8043] team0: Failed to send options change via netlink (err -105) [ 123.045676][ T8043] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 123.067961][ T8043] team0: Port device dummy0 removed [ 123.076117][ T8043] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 123.080461][ T8035] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.1489: Allocating blocks 41-42 which overlap fs metadata [ 123.099197][ T8035] EXT4-fs (loop2): Remounting filesystem read-only [ 123.106008][ T8035] EXT4-fs (loop2): 1 truncate cleaned up [ 123.141799][ T4335] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.170195][ T8050] loop3: detected capacity change from 0 to 128 [ 123.186352][ T6619] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.237715][ T6619] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.255298][ T6606] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.271052][ T6606] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.280707][ T6606] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.341620][ T8060] loop2: detected capacity change from 0 to 512 [ 123.349060][ T8060] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 123.367276][ T8062] loop3: detected capacity change from 0 to 512 [ 123.384999][ T8060] EXT4-fs (loop2): 1 truncate cleaned up [ 123.394419][ T8062] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 123.440966][ T8062] ext4 filesystem being mounted at /295/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 123.487186][ T8075] macvtap0: refused to change device tx_queue_len [ 123.549158][ T8082] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1506'. [ 123.587359][ T8079] gre2: entered allmulticast mode [ 123.662917][ T8092] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1507'. [ 123.694082][ T8097] loop4: detected capacity change from 0 to 512 [ 123.708694][ T8092] cgroup: Unexpected value for 'nofavordynmods' [ 123.717225][ T8092] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.727751][ T8097] EXT4-fs (loop4): orphan cleanup on readonly fs [ 123.734575][ T8097] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.1512: bad orphan inode 13 [ 123.745267][ T8097] ext4_test_bit(bit=12, block=18) = 1 [ 123.750857][ T8097] is_bad_inode(inode)=0 [ 123.755197][ T8097] NEXT_ORPHAN(inode)=2130706432 [ 123.760182][ T8097] max_ino=32 [ 123.763387][ T8097] i_nlink=1 [ 123.790932][ T8092] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.819245][ T8101] Q6\bY4 speed is unknown, defaulting to 1000 [ 123.847954][ T8092] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.860282][ T8101] lo speed is unknown, defaulting to 1000 [ 123.928372][ T8092] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.024433][ T6610] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.044951][ T6610] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.053367][ T6610] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.062983][ T6610] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.129443][ T8109] 9pnet_fd: Insufficient options for proto=fd [ 124.162226][ T8114] syz_tun: refused to change device tx_queue_len [ 124.185187][ T8118] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1519'. [ 124.218921][ T8121] netlink: 288 bytes leftover after parsing attributes in process `syz.3.1520'. [ 124.229570][ T8121] loop3: detected capacity change from 0 to 128 [ 124.295111][ T8128] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.368160][ T8128] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.418028][ T8128] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.458424][ T8128] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.476854][ T8131] program syz.1.1524 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 124.535355][ T29] kauditd_printk_skb: 465 callbacks suppressed [ 124.535374][ T29] audit: type=1326 audit(1758624816.531:4102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8130 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 124.565336][ T29] audit: type=1326 audit(1758624816.531:4103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8130 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 124.588909][ T29] audit: type=1326 audit(1758624816.541:4104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8130 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 124.612429][ T29] audit: type=1326 audit(1758624816.541:4105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8130 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 124.635966][ T29] audit: type=1326 audit(1758624816.541:4106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8130 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf0b7ceec9 code=0x7ffc0000 [ 124.787349][ T8136] validate_nla: 68 callbacks suppressed [ 124.787363][ T8136] netlink: 'syz.0.1526': attribute type 10 has an invalid length. [ 124.801969][ C1] sd 0:0:1:0: [sda] tag#2320 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 124.812415][ C1] sd 0:0:1:0: [sda] tag#2320 CDB: Write(6) 0a 00 4e 21 ff ff [ 124.863382][ T29] audit: type=1400 audit(1758624816.861:4107): avc: denied { write } for pid=8139 comm="syz.2.1528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 124.899814][ T8145] netlink: 'syz.1.1530': attribute type 10 has an invalid length. [ 124.914827][ T8145] bond0: (slave dummy0): Releasing backup interface [ 124.924051][ T8145] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 124.932967][ T8145] team0: Failed to send options change via netlink (err -105) [ 124.940492][ T8145] team0: Port device dummy0 added [ 124.952334][ T8145] netlink: 'syz.1.1530': attribute type 10 has an invalid length. [ 124.967929][ T29] audit: type=1326 audit(1758624816.971:4108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8148 comm="syz.0.1532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0c9deec9 code=0x7ffc0000 [ 124.972986][ T8145] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 124.991583][ T29] audit: type=1326 audit(1758624816.971:4109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8148 comm="syz.0.1532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0c9deec9 code=0x7ffc0000 [ 125.030423][ T29] audit: type=1326 audit(1758624816.971:4110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8148 comm="syz.0.1532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7eff0c9deec9 code=0x7ffc0000 [ 125.054039][ T29] audit: type=1326 audit(1758624816.971:4111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8148 comm="syz.0.1532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0c9deec9 code=0x7ffc0000 [ 125.078249][ T8145] team0: Failed to send options change via netlink (err -105) [ 125.085992][ T8145] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 125.088010][ T8153] netlink: 'syz.0.1534': attribute type 10 has an invalid length. [ 125.094942][ T8145] team0: Port device dummy0 removed [ 125.110407][ T8145] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 125.124110][ T8153] bond0: (slave dummy0): Releasing backup interface [ 125.133649][ T8153] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 125.146380][ T8153] team0: Failed to send options change via netlink (err -105) [ 125.153904][ T8153] team0: Port device dummy0 added [ 125.156273][ T8155] netlink: 'syz.0.1534': attribute type 10 has an invalid length. [ 125.167433][ T8154] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1533'. [ 125.186303][ T8155] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 125.257028][ T8155] team0: Failed to send options change via netlink (err -105) [ 125.284885][ T8155] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 125.300780][ T8155] team0: Port device dummy0 removed [ 125.308400][ T8155] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 125.343253][ T8161] syz_tun: refused to change device tx_queue_len [ 125.512103][ T8172] loop4: detected capacity change from 0 to 512 [ 125.948660][ T8176] loop2: detected capacity change from 0 to 512 [ 126.350117][ T8168] netlink: 'syz.0.1539': attribute type 10 has an invalid length. [ 126.374489][ T8172] ext4 filesystem being mounted at /313/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.433136][ T8176] ext4 filesystem being mounted at /286/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.622001][ T8185] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1541'. [ 126.666890][ T8212] FAULT_INJECTION: forcing a failure. [ 126.666890][ T8212] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 126.680160][ T8212] CPU: 0 UID: 0 PID: 8212 Comm: syz.2.1542 Not tainted syzkaller #0 PREEMPT(voluntary) [ 126.680195][ T8212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 126.680221][ T8212] Call Trace: [ 126.680230][ T8212] [ 126.680240][ T8212] __dump_stack+0x1d/0x30 [ 126.680268][ T8212] dump_stack_lvl+0xe8/0x140 [ 126.680361][ T8212] dump_stack+0x15/0x1b [ 126.680382][ T8212] should_fail_ex+0x265/0x280 [ 126.680414][ T8212] should_fail+0xb/0x20 [ 126.680440][ T8212] should_fail_usercopy+0x1a/0x20 [ 126.680472][ T8212] strncpy_from_user+0x25/0x230 [ 126.680580][ T8212] ? kmem_cache_alloc_noprof+0x186/0x310 [ 126.680616][ T8212] ? getname_flags+0x80/0x3b0 [ 126.680652][ T8212] getname_flags+0xae/0x3b0 [ 126.680736][ T8212] do_sys_openat2+0x60/0x110 [ 126.680774][ T8212] __x64_sys_openat+0xf2/0x120 [ 126.680883][ T8212] x64_sys_call+0x2e9c/0x2ff0 [ 126.680910][ T8212] do_syscall_64+0xd2/0x200 [ 126.680951][ T8212] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 126.680981][ T8212] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 126.681017][ T8212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.681084][ T8212] RIP: 0033:0x7f2e854ceec9 [ 126.681100][ T8212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.681123][ T8212] RSP: 002b:00007f2e83f37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 126.681202][ T8212] RAX: ffffffffffffffda RBX: 00007f2e85725fa0 RCX: 00007f2e854ceec9 [ 126.681225][ T8212] RDX: 0000000000044040 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 126.681240][ T8212] RBP: 00007f2e83f37090 R08: 0000000000000000 R09: 0000000000000000 [ 126.681255][ T8212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.681270][ T8212] R13: 00007f2e85726038 R14: 00007f2e85725fa0 R15: 00007fff963c3c08 [ 126.681294][ T8212] [ 127.029797][ T8237] FAULT_INJECTION: forcing a failure. [ 127.029797][ T8237] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 127.042962][ T8237] CPU: 1 UID: 0 PID: 8237 Comm: syz.4.1547 Not tainted syzkaller #0 PREEMPT(voluntary) [ 127.042995][ T8237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 127.043010][ T8237] Call Trace: [ 127.043017][ T8237] [ 127.043025][ T8237] __dump_stack+0x1d/0x30 [ 127.043104][ T8237] dump_stack_lvl+0xe8/0x140 [ 127.043129][ T8237] dump_stack+0x15/0x1b [ 127.043199][ T8237] should_fail_ex+0x265/0x280 [ 127.043223][ T8237] should_fail+0xb/0x20 [ 127.043249][ T8237] should_fail_usercopy+0x1a/0x20 [ 127.043347][ T8237] _copy_from_user+0x1c/0xb0 [ 127.043388][ T8237] ___sys_sendmsg+0xc1/0x1d0 [ 127.043559][ T8237] __x64_sys_sendmsg+0xd4/0x160 [ 127.043599][ T8237] x64_sys_call+0x191e/0x2ff0 [ 127.043636][ T8237] do_syscall_64+0xd2/0x200 [ 127.043669][ T8237] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 127.043693][ T8237] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 127.043780][ T8237] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.043802][ T8237] RIP: 0033:0x7faa52f9eec9 [ 127.043821][ T8237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.043886][ T8237] RSP: 002b:00007faa519ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 127.043958][ T8237] RAX: ffffffffffffffda RBX: 00007faa531f5fa0 RCX: 00007faa52f9eec9 [ 127.043972][ T8237] RDX: 0000000000000840 RSI: 0000200000000280 RDI: 0000000000000008 [ 127.043987][ T8237] RBP: 00007faa519ff090 R08: 0000000000000000 R09: 0000000000000000 [ 127.044002][ T8237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 127.044017][ T8237] R13: 00007faa531f6038 R14: 00007faa531f5fa0 R15: 00007ffeaa34b738 [ 127.044041][ T8237] [ 127.353300][ T8248] netlink: 'syz.0.1551': attribute type 4 has an invalid length. [ 127.361141][ T8248] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1551'. [ 127.393097][ T8251] 9pnet_fd: Insufficient options for proto=fd [ 127.407026][ T8247] netlink: 'syz.4.1552': attribute type 10 has an invalid length. [ 127.416927][ T8247] bond0: (slave dummy0): Releasing backup interface [ 127.418108][ T8241] cgroup: Unexpected value for 'nofavordynmods' [ 127.436299][ T8247] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 127.445141][ T8247] team0: Failed to send options change via netlink (err -105) [ 127.452729][ T8247] team0: Port device dummy0 added [ 127.459970][ T8255] netlink: 'syz.4.1552': attribute type 10 has an invalid length. [ 127.468987][ T8241] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 127.478920][ T8241] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.497027][ T8255] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 127.516497][ T8255] team0: Failed to send options change via netlink (err -105) [ 127.524101][ T8255] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 127.533396][ T8255] team0: Port device dummy0 removed [ 127.542984][ T8255] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 127.560143][ T8241] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 127.570126][ T8241] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.583260][ T8258] syz_tun: refused to change device tx_queue_len [ 127.629323][ T8241] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 127.639294][ T8241] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.719265][ T8241] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 127.729143][ T8241] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.767795][ T8282] netlink: 'syz.4.1562': attribute type 10 has an invalid length. [ 127.784702][ T8282] bond0: (slave dummy0): Releasing backup interface [ 127.800347][ T8282] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 127.809564][ T8282] team0: Failed to send options change via netlink (err -105) [ 127.817205][ T8282] team0: Port device dummy0 added [ 127.824635][ T8295] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 127.837092][ T8295] team0: Failed to send options change via netlink (err -105) [ 127.844795][ T8295] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 127.854101][ T8295] team0: Port device dummy0 removed [ 127.863566][ T8295] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 127.879001][ T6613] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.887330][ T6613] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.917380][ T6613] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.925697][ T6613] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.937396][ T6613] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.945663][ T6613] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.964921][ T8304] bond0: (slave dummy0): Releasing backup interface [ 127.974882][ T8304] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 127.987703][ T8304] team0: Failed to send options change via netlink (err -105) [ 127.995244][ T8304] team0: Port device dummy0 added [ 128.001375][ T6613] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 128.009696][ T6613] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.018673][ T8304] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 128.029752][ T8304] team0: Failed to send options change via netlink (err -105) [ 128.037499][ T8304] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 128.046635][ T8304] team0: Port device dummy0 removed [ 128.054685][ T8304] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 128.101975][ T8318] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1566'. [ 128.149269][ T8323] IPVS: Scheduler module ip_vs_ not found [ 128.460065][ T8379] loop1: detected capacity change from 0 to 4096 [ 128.519363][ T8384] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.557409][ T8384] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.593999][ T8387] loop2: detected capacity change from 0 to 1024 [ 128.609067][ T8384] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.648578][ T8384] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.674164][ T8393] program syz.2.1574 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 128.848902][ T8396] loop0: detected capacity change from 0 to 512 [ 128.857342][ T8396] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 128.865559][ T8396] EXT4-fs (loop0): orphan cleanup on readonly fs [ 128.873568][ T8396] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.1575: Failed to acquire dquot type 1 [ 128.885496][ T8396] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1575: bg 0: block 40: padding at end of block bitmap is not set [ 128.900201][ T8396] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 128.909574][ T8396] EXT4-fs (loop0): 1 truncate cleaned up [ 128.915962][ C1] sd 0:0:1:0: [sda] tag#2330 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 128.926382][ C1] sd 0:0:1:0: [sda] tag#2330 CDB: Write(6) 0a 00 4e 21 ff ff [ 128.941717][ T8396] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #16: comm syz.0.1575: corrupted xattr block 31: invalid header [ 128.958443][ T6592] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.968676][ T8396] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=16 [ 128.975978][ T6592] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.987967][ T8396] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #16: comm syz.0.1575: corrupted xattr block 31: invalid header [ 129.002031][ T6592] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.010304][ T6592] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.018772][ T8396] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=16 [ 129.035202][ T8396] EXT4-fs error (device loop0): ext4_get_link:106: inode #16: comm syz.0.1575: bad symlink. [ 129.038294][ T8398] random: crng reseeded on system resumption [ 129.099319][ T8396] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #16: comm syz.0.1575: corrupted xattr block 31: invalid header [ 129.113197][ T8396] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=16 [ 129.123647][ T8396] EXT4-fs error (device loop0): ext4_get_link:106: inode #16: comm syz.0.1575: bad symlink. [ 129.156127][ T8410] loop1: detected capacity change from 0 to 4096 [ 129.216503][ T8417] loop4: detected capacity change from 0 to 512 [ 129.224427][ T6611] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.233980][ T8417] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 129.247244][ T6611] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.273118][ T6611] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.285680][ T6611] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.295015][ T8417] EXT4-fs (loop4): 1 truncate cleaned up [ 129.296965][ T8424] program syz.3.1586 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 129.477315][ T8433] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1588'. [ 129.506162][ C1] sd 0:0:1:0: [sda] tag#2336 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 129.516692][ C1] sd 0:0:1:0: [sda] tag#2336 CDB: Write(6) 0a 00 4e 21 ff ff [ 129.741681][ T29] kauditd_printk_skb: 276 callbacks suppressed [ 129.741698][ T29] audit: type=1326 audit(1758624821.741:4386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8449 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 129.772146][ T29] audit: type=1326 audit(1758624821.751:4387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8449 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 129.795676][ T29] audit: type=1326 audit(1758624821.751:4388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8449 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 129.819121][ T29] audit: type=1326 audit(1758624821.751:4389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8449 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 129.842611][ T29] audit: type=1326 audit(1758624821.751:4390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8449 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 129.866089][ T29] audit: type=1326 audit(1758624821.751:4391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8449 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 129.889546][ T29] audit: type=1326 audit(1758624821.751:4392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8449 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 129.898997][ T8452] loop3: detected capacity change from 0 to 128 [ 129.913060][ T29] audit: type=1326 audit(1758624821.751:4393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8449 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 129.942816][ T29] audit: type=1326 audit(1758624821.751:4394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8449 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 129.966349][ T29] audit: type=1326 audit(1758624821.751:4395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8449 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb54cb2eec9 code=0x7ffc0000 [ 130.026200][ T8454] loop1: detected capacity change from 0 to 512 [ 130.034759][ T8454] EXT4-fs: Ignoring removed orlov option [ 130.048833][ T8454] ext4 filesystem being mounted at /317/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.081154][ T8456] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1599'. [ 130.120543][ T8465] loop2: detected capacity change from 0 to 128 [ 130.146629][ T8469] program syz.3.1602 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 130.176558][ T8465] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 130.186629][ T8464] netlink: 268 bytes leftover after parsing attributes in process `syz.4.1603'. [ 130.237408][ T8474] Q6\bY4 speed is unknown, defaulting to 1000 [ 130.265682][ T8476] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1607'. [ 130.287390][ T8479] 9pnet_fd: Insufficient options for proto=fd [ 130.309606][ T8474] lo speed is unknown, defaulting to 1000 [ 130.318869][ C1] sd 0:0:1:0: [sda] tag#2343 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 130.329323][ C1] sd 0:0:1:0: [sda] tag#2343 CDB: Write(6) 0a 00 4e 21 ff ff [ 130.350092][ T8482] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1609'. [ 130.419707][ T8490] loop0: detected capacity change from 0 to 512 [ 130.430438][ T8490] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 130.441859][ T8490] EXT4-fs (loop0): 1 truncate cleaned up [ 130.580727][ T8494] loop3: detected capacity change from 0 to 512 [ 130.587518][ T8494] EXT4-fs: Ignoring removed mblk_io_submit option [ 130.594178][ T8494] EXT4-fs: Ignoring removed nomblk_io_submit option [ 130.603260][ T8494] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 130.611816][ T8494] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 130.637648][ T8494] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.1613: Allocating blocks 41-42 which overlap fs metadata [ 130.651716][ T8494] EXT4-fs (loop3): Remounting filesystem read-only [ 130.658587][ T8494] EXT4-fs (loop3): 1 truncate cleaned up [ 131.242721][ T8517] FAULT_INJECTION: forcing a failure. [ 131.242721][ T8517] name failslab, interval 1, probability 0, space 0, times 0 [ 131.257425][ T8517] CPU: 0 UID: 0 PID: 8517 Comm: syz.0.1620 Not tainted syzkaller #0 PREEMPT(voluntary) [ 131.257485][ T8517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 131.257507][ T8517] Call Trace: [ 131.257513][ T8517] [ 131.257519][ T8517] __dump_stack+0x1d/0x30 [ 131.257540][ T8517] dump_stack_lvl+0xe8/0x140 [ 131.257560][ T8517] dump_stack+0x15/0x1b [ 131.257581][ T8517] should_fail_ex+0x265/0x280 [ 131.257740][ T8517] ? alloc_netdev_mqs+0x7cb/0xa30 [ 131.257774][ T8517] should_failslab+0x8c/0xb0 [ 131.257831][ T8517] __kmalloc_cache_noprof+0x4c/0x320 [ 131.257867][ T8517] alloc_netdev_mqs+0x7cb/0xa30 [ 131.258011][ T8517] rtnl_create_link+0x239/0x710 [ 131.258045][ T8517] rtnl_newlink_create+0x14c/0x620 [ 131.258065][ T8517] ? sysvec_apic_timer_interrupt+0x44/0x80 [ 131.258099][ T8517] rtnl_newlink+0xf29/0x12d0 [ 131.258191][ T8517] ? __kfree_skb+0x109/0x150 [ 131.258222][ T8517] ? __memcg_slab_free_hook+0x135/0x230 [ 131.258264][ T8517] ? __rcu_read_unlock+0x4f/0x70 [ 131.258288][ T8517] ? avc_has_perm_noaudit+0x1b1/0x200 [ 131.258364][ T8517] ? cred_has_capability+0x210/0x280 [ 131.258437][ T8517] ? sysvec_apic_timer_interrupt+0x44/0x80 [ 131.258518][ T8517] ? __pfx_rtnl_newlink+0x10/0x10 [ 131.258560][ T8517] ? rtnetlink_rcv_msg+0x5d7/0x6d0 [ 131.258638][ T8517] ? __pfx_rtnl_newlink+0x10/0x10 [ 131.258740][ T8517] rtnetlink_rcv_msg+0x5fb/0x6d0 [ 131.258821][ T8517] netlink_rcv_skb+0x120/0x220 [ 131.258852][ T8517] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 131.258942][ T8517] rtnetlink_rcv+0x1c/0x30 [ 131.258979][ T8517] netlink_unicast+0x5c0/0x690 [ 131.259010][ T8517] netlink_sendmsg+0x58b/0x6b0 [ 131.259046][ T8517] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.259159][ T8517] __sock_sendmsg+0x145/0x180 [ 131.259258][ T8517] ____sys_sendmsg+0x31e/0x4e0 [ 131.259296][ T8517] ___sys_sendmsg+0x17b/0x1d0 [ 131.259349][ T8517] __x64_sys_sendmsg+0xd4/0x160 [ 131.259383][ T8517] x64_sys_call+0x191e/0x2ff0 [ 131.259432][ T8517] do_syscall_64+0xd2/0x200 [ 131.259470][ T8517] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 131.259518][ T8517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.259586][ T8517] RIP: 0033:0x7eff0c9deec9 [ 131.259605][ T8517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.259626][ T8517] RSP: 002b:00007eff0b447038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 131.259663][ T8517] RAX: ffffffffffffffda RBX: 00007eff0cc35fa0 RCX: 00007eff0c9deec9 [ 131.259679][ T8517] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 131.259694][ T8517] RBP: 00007eff0b447090 R08: 0000000000000000 R09: 0000000000000000 [ 131.259710][ T8517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 131.259725][ T8517] R13: 00007eff0cc36038 R14: 00007eff0cc35fa0 R15: 00007ffebda34fb8 [ 131.259750][ T8517] [ 131.263388][ T8519] program syz.4.1621 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 131.570612][ T8522] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1622'. [ 131.601902][ T8524] loop0: detected capacity change from 0 to 128 [ 131.639958][ T8526] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.697326][ T8526] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.748385][ T8526] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.758436][ C1] sd 0:0:1:0: [sda] tag#2349 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 131.768884][ C1] sd 0:0:1:0: [sda] tag#2349 CDB: Write(6) 0a 00 4e 21 ff ff [ 131.776765][ T8530] loop3: detected capacity change from 0 to 512 [ 131.788182][ T8530] EXT4-fs: Ignoring removed mblk_io_submit option [ 131.794688][ T8530] EXT4-fs: Ignoring removed nomblk_io_submit option [ 131.807773][ T8526] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.832767][ T8530] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 131.841357][ T8530] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 131.855346][ T8541] SELinux: Context is not valid (left unmapped). [ 131.870351][ T8530] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.1626: Allocating blocks 41-42 which overlap fs metadata [ 131.885458][ T8530] EXT4-fs (loop3): Remounting filesystem read-only [ 131.894267][ T8530] EXT4-fs (loop3): 1 truncate cleaned up [ 131.901273][ T8530] EXT4-fs mount: 51 callbacks suppressed [ 131.901291][ T8530] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.921254][ T8530] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.930581][ T8539] loop4: detected capacity change from 0 to 512 [ 131.937607][ T8539] EXT4-fs: Ignoring removed mblk_io_submit option [ 131.944125][ T8539] EXT4-fs: Ignoring removed nomblk_io_submit option [ 131.961629][ T8539] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 131.970178][ T8539] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 132.017110][ T8548] validate_nla: 3 callbacks suppressed [ 132.017129][ T8548] netlink: 'syz.2.1630': attribute type 10 has an invalid length. [ 132.059295][ T8552] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1632'. [ 132.067685][ T8539] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.1629: Allocating blocks 41-42 which overlap fs metadata [ 132.091142][ T8539] EXT4-fs (loop4): Remounting filesystem read-only [ 132.098481][ T8539] EXT4-fs (loop4): 1 truncate cleaned up [ 132.104690][ T8539] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.127430][ T8557] loop2: detected capacity change from 0 to 128 [ 132.139173][ T8539] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.163416][ T8559] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1634'. [ 132.189766][ T8561] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1635'. [ 132.366755][ T8572] Q6\bY4 speed is unknown, defaulting to 1000 [ 132.415567][ T8572] lo speed is unknown, defaulting to 1000 [ 132.612396][ T8580] loop0: detected capacity change from 0 to 512 [ 132.647509][ T6611] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.662202][ T8580] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.674844][ T8580] ext4 filesystem being mounted at /357/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.740224][ T6611] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.780724][ T6611] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.824681][ T6611] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.848245][ T8584] netlink: 'syz.1.1643': attribute type 10 has an invalid length. [ 132.944741][ T8586] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1644'. [ 133.091438][ T8593] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1647'. [ 133.101037][ T8591] loop3: detected capacity change from 0 to 4096 [ 133.118521][ T8591] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.148880][ T8596] loop4: detected capacity change from 0 to 128 [ 133.176830][ T8596] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 133.214125][ T3303] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.281010][ T8604] FAULT_INJECTION: forcing a failure. [ 133.281010][ T8604] name failslab, interval 1, probability 0, space 0, times 0 [ 133.293778][ T8604] CPU: 1 UID: 0 PID: 8604 Comm: syz.1.1652 Not tainted syzkaller #0 PREEMPT(voluntary) [ 133.293809][ T8604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 133.293825][ T8604] Call Trace: [ 133.293834][ T8604] [ 133.293866][ T8604] __dump_stack+0x1d/0x30 [ 133.293894][ T8604] dump_stack_lvl+0xe8/0x140 [ 133.293919][ T8604] dump_stack+0x15/0x1b [ 133.293939][ T8604] should_fail_ex+0x265/0x280 [ 133.294048][ T8604] should_failslab+0x8c/0xb0 [ 133.294080][ T8604] __kmalloc_node_track_caller_noprof+0xa4/0x410 [ 133.294182][ T8604] ? p9_client_create+0x59/0xbc0 [ 133.294210][ T8604] ? p9_client_create+0x207/0xbc0 [ 133.294310][ T8604] ? should_failslab+0x8c/0xb0 [ 133.294338][ T8604] kstrdup+0x3e/0xd0 [ 133.294432][ T8604] p9_client_create+0x207/0xbc0 [ 133.294474][ T8604] v9fs_session_init+0xf7/0xde0 [ 133.294503][ T8604] ? ___slab_alloc+0x273/0x910 [ 133.294564][ T8604] ? avc_has_perm_noaudit+0x1b1/0x200 [ 133.294604][ T8604] ? v9fs_mount+0x51/0x5c0 [ 133.294630][ T8604] ? should_fail_ex+0xdb/0x280 [ 133.294655][ T8604] ? v9fs_mount+0x51/0x5c0 [ 133.294755][ T8604] ? __kmalloc_cache_noprof+0x189/0x320 [ 133.294787][ T8604] v9fs_mount+0x67/0x5c0 [ 133.294819][ T8604] ? selinux_capable+0x31/0x40 [ 133.294906][ T8604] ? __pfx_v9fs_mount+0x10/0x10 [ 133.294958][ T8604] legacy_get_tree+0x78/0xd0 [ 133.294987][ T8604] vfs_get_tree+0x57/0x1d0 [ 133.295086][ T8604] do_new_mount+0x207/0x5e0 [ 133.295108][ T8604] ? security_capable+0x83/0x90 [ 133.295141][ T8604] path_mount+0x4a4/0xb20 [ 133.295227][ T8604] ? user_path_at+0x109/0x130 [ 133.295312][ T8604] __se_sys_mount+0x28f/0x2e0 [ 133.295340][ T8604] ? fput+0x8f/0xc0 [ 133.295379][ T8604] __x64_sys_mount+0x67/0x80 [ 133.295428][ T8604] x64_sys_call+0x2b4d/0x2ff0 [ 133.295514][ T8604] do_syscall_64+0xd2/0x200 [ 133.295556][ T8604] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 133.295582][ T8604] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 133.295682][ T8604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.295707][ T8604] RIP: 0033:0x7fcf0b7ceec9 [ 133.295728][ T8604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.295826][ T8604] RSP: 002b:00007fcf0a22f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 133.295845][ T8604] RAX: ffffffffffffffda RBX: 00007fcf0ba25fa0 RCX: 00007fcf0b7ceec9 [ 133.295857][ T8604] RDX: 00002000000002c0 RSI: 0000200000000080 RDI: 0000000000000000 [ 133.295872][ T8604] RBP: 00007fcf0a22f090 R08: 0000200000000240 R09: 0000000000000000 [ 133.295889][ T8604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 133.295904][ T8604] R13: 00007fcf0ba26038 R14: 00007fcf0ba25fa0 R15: 00007ffd423367a8 [ 133.295950][ T8604] [ 133.356843][ T8596] ext4 filesystem being mounted at /336/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 133.600710][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.635068][ T3309] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 133.664185][ T8611] loop0: detected capacity change from 0 to 512 [ 133.690603][ T8617] loop4: detected capacity change from 0 to 128 [ 133.697803][ T8611] EXT4-fs: Ignoring removed orlov option [ 133.742335][ T8611] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.757082][ T8611] ext4 filesystem being mounted at /358/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 133.782520][ T8625] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1659'. [ 133.822377][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.912125][ T8635] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 133.921981][ T8635] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.972767][ T8640] loop4: detected capacity change from 0 to 128 [ 133.988101][ T8635] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 133.988469][ T8640] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 133.998032][ T8635] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.012058][ T8637] netlink: 'syz.3.1665': attribute type 10 has an invalid length. [ 134.038782][ T8640] ext4 filesystem being mounted at /341/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 134.169546][ T8635] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.179540][ T8635] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.210268][ T3309] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 134.223564][ T8649] loop2: detected capacity change from 0 to 4096 [ 134.242014][ T8651] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.256829][ T8654] loop4: detected capacity change from 0 to 128 [ 134.257383][ T8649] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.280581][ T3606] ================================================================== [ 134.288745][ T3606] BUG: KCSAN: data-race in _copy_to_iter / fat_mirror_bhs [ 134.295904][ T3606] [ 134.298248][ T3606] write to 0xffff8881284c9800 of 2048 bytes by task 8654 on cpu 1: [ 134.306146][ T3606] fat_mirror_bhs+0x1df/0x320 [ 134.310853][ T3606] fat_alloc_clusters+0x98b/0xa80 [ 134.315903][ T3606] fat_get_block+0x258/0x5e0 [ 134.320509][ T3606] __block_write_begin_int+0x3fd/0xf90 [ 134.325985][ T3606] cont_write_begin+0x5fc/0x970 [ 134.330863][ T3606] fat_write_begin+0x4f/0xe0 [ 134.335468][ T3606] cont_write_begin+0x1ad/0x970 [ 134.340349][ T3606] fat_write_begin+0x4f/0xe0 [ 134.344962][ T3606] generic_perform_write+0x184/0x490 [ 134.350264][ T3606] __generic_file_write_iter+0xec/0x120 [ 134.355828][ T3606] generic_file_write_iter+0x8d/0x2f0 [ 134.361222][ T3606] do_iter_readv_writev+0x499/0x540 [ 134.366439][ T3606] vfs_writev+0x2df/0x8b0 [ 134.370789][ T3606] __se_sys_pwritev2+0xfc/0x1c0 [ 134.375660][ T3606] __x64_sys_pwritev2+0x67/0x80 [ 134.380530][ T3606] x64_sys_call+0x2c55/0x2ff0 [ 134.385223][ T3606] do_syscall_64+0xd2/0x200 [ 134.389751][ T3606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.395657][ T3606] [ 134.397988][ T3606] read to 0xffff8881284c9e00 of 512 bytes by task 3606 on cpu 0: [ 134.405714][ T3606] _copy_to_iter+0x130/0xe70 [ 134.410333][ T3606] copy_page_to_iter+0x18f/0x2d0 [ 134.415294][ T3606] filemap_read+0x407/0xa00 [ 134.419805][ T3606] blkdev_read_iter+0x22d/0x2e0 [ 134.424684][ T3606] vfs_read+0x64c/0x770 [ 134.428849][ T3606] ksys_read+0xda/0x1a0 [ 134.433018][ T3606] __x64_sys_read+0x40/0x50 [ 134.437537][ T3606] x64_sys_call+0x27bc/0x2ff0 [ 134.442317][ T3606] do_syscall_64+0xd2/0x200 [ 134.446847][ T3606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.452755][ T3606] [ 134.455082][ T3606] Reported by Kernel Concurrency Sanitizer on: [ 134.461242][ T3606] CPU: 0 UID: 0 PID: 3606 Comm: udevd Not tainted syzkaller #0 PREEMPT(voluntary) [ 134.470544][ T3606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 134.480612][ T3606] ================================================================== [ 134.506810][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.518328][ T8635] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.528310][ T8635] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.542690][ T8651] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.592729][ T6592] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 134.601235][ T6592] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.612564][ T6592] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 134.620854][ T6592] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.632505][ T6592] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 134.640798][ T6592] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.650133][ T8651] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.664468][ T6592] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 134.672815][ T6592] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.717406][ T8651] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.772960][ T6611] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.783756][ T6611] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.795706][ T6610] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.807308][ T6610] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0