last executing test programs: 4.327998326s ago: executing program 4 (id=733): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6bf}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, 0x0, &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f00000002c0)={0x72, "9cbac0f2a07bf515be6a262e0785ab56654938798e9847fa95e59c5b8644ccd0a86cac33fa98ab6d7ddf1aa17558f9db9bd25bbe395045ccc66f68ca06b7e89b04b727f1ba840a9f1e4560705267520e5b3906a93f0c498986b5257c29954eca00ed370b0efe05ad37c052ab328f7e51771416cde9979350dcaccb335601b3aa36a537169a5777f966d549ff8632f17e9810c851092d47df8b716077facb8f0b0a5b049b8aca31e63fd2596767c1e84611d96c0bc622dd6e7de5480a7f0682794e0c90ccd31b428a984c317c2075a3afb7db766e908c2c989175a652f33eba22927928583f3bb0975d0ebae2fbad2001644822ca9ae23f82bbf435ed67516a424bb440920f8a84abd68386ef2af0dc1e9a6b2520e3144f369d40d2e1e33e739f3ec2f2f6f0ccc5fbf6160fbeb933afc1d6aa3729a8203122bf3b64795d4f8947ec234c8610185f51d00a37d29d9aa8cea69810747959c169173d11d9000d58582f0d960c9b6e85f99e0dbc056439711068b9d6a1b943c434f0e7a3516281d56794a2f95918442fe4b0c3e25eeb1cc8cf23eb485fe1c3778eceeda48cb2f16225c31261afb533f8c4a3c6a846e18157b4fb4ca4509e38441685ef358ea2b761795a412eec600ad3f3e3a9792d3773a58f02719bc415d321210327f397756a1c11c38ccf92a48ad228478501546ed700c51eb19512f8abae9e94e4f88977dcd022"}) 4.293488239s ago: executing program 4 (id=735): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="24000000020181020000000000000000080400060c0019"], 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) 4.214437997s ago: executing program 0 (id=736): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="060000000400000099000000"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x14, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="24000000020181020000000000000000080400060c0019"], 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) 4.208163748s ago: executing program 4 (id=737): bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e0000000400000008000000"], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x20044090}, 0x0) sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f5"], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) 4.203323348s ago: executing program 0 (id=738): syz_emit_ethernet(0xf4, &(0x7f00000000c0)={@multicast, @multicast, @void, {@ipv4={0x800, @icmp={{0x14, 0x4, 0x2, 0x35, 0xe6, 0x64, 0x0, 0x5, 0x1, 0x0, @broadcast, @multicast2, {[@timestamp_prespec={0x44, 0x3c, 0xb3, 0x3, 0x8, [{@loopback, 0x1}, {@dev={0xac, 0x14, 0x14, 0x18}, 0x7}, {@remote, 0x5a91c4f3}, {@remote, 0x3}, {@local, 0x9}, {@local, 0x6}, {@empty, 0x7969}]}]}}, @time_exceeded={0xb, 0x0, 0x0, 0x0, 0x6, 0x0, {0x23, 0x4, 0x1, 0x1, 0xe576, 0x68, 0x0, 0x1, 0x29, 0x0, @broadcast, @loopback, {[@timestamp_addr={0x44, 0x24, 0xde, 0x1, 0x6, [{@remote, 0xfff}, {@private=0xa010100}, {@multicast2, 0x2}, {@private=0xa010102, 0xc0}]}, @ssrr={0x89, 0x17, 0x5a, [@multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @local, @broadcast]}, @timestamp_addr={0x44, 0x14, 0xeb, 0x1, 0x3, [{@remote, 0xffff}, {@dev={0xac, 0x14, 0x14, 0x39}, 0x2}]}, @noop, @generic={0x94, 0xf, "f818245b2fc3fe836456e2cae2"}, @timestamp={0x44, 0xc, 0x58, 0x0, 0x6, [0x3, 0x0]}, @lsrr={0x83, 0xb, 0xfa, [@multicast2, @multicast2]}, @noop, @end]}}, "dc62"}}}}}, &(0x7f0000000280)={0x0, 0x2, [0x5a7, 0xfb8, 0x15c, 0xc37]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3800480, &(0x7f0000002200), 0x45, 0x786, &(0x7f0000002240)="$eJzs3d9rW2UfAPDvSX93e9/2hRd0XhUELYyldtZNwYuJFyI4GOi1W0mzMps2o0nHWgpuiOCNoOKFoDe79se889Yft/pfeCEbU7vhxAupnDRZszXpkq1J5vb5wGme5zwnfZ5vnnOe8yTnkATwyJpI/2QiDkTEB0nEWHV9EhEDlVR/xLGt7W5urOfSJYnNzdd/Syrb3NhYz0Xdc1L7qpnHI+L7dyMOZnbWW1pdW5gtFPLL1fxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88dPbJ3sf7x09r+qx++8vRXx/5657HL7/+QxLHYXy2rj2OvTMRE9TUZSF/C27y815X1WLJ7cYM9gAdB2jF9W0d5HIix6KukmhjpZssAgE55OyI2m+lrWgIA/Kslzc//AMBDqfY5wI2N9Vxt6e0nEt117aWIGN6Kv3Z9c6ukv3rNbrhyHXT0RnLblZEkIsb3oP6JiPjsmze/SJfo0HVIgEYuXIyIU+MTO8f/ZMc9C+16poVtJu7IG/+ge75N5z/PN5r/ZW7Nf6LB/GeowbF7L+5+/Geu7EE1TaXzvxfr7m27WRd/1XhfNfefypxvIDl9ppBPx7b/RsRkDAyl+eld6pi8/vf1ZmX187/fP3rr87T+9HF7i8yV/qHbnzM3W569n5jrXbsY8UR/o/iTW/2fNJn/nmixjldfeO/TZmVp/Gm8tWVn/J21eSniqYb9v31HW7Lr/YlTld1hqrZTNPD1z5+MNqu/vv/TJa2/9l6gG9L+H909/vGk/n7NUvt1/Hhp7LtmZXePv/H+P5i8UUkPVtedny2Xl6cjBpPXdq4/vP3cWr62fRr/5JONj//d9v/0PeGpFuPvv/rrl/cef2el8c+11f/tJy7fXOhrVn9r/T9TSU1W17Qy/rXawPt57QAAAAAAAAAAAAAAAAAAAAAAAACgVZmI2B9JJnsrnclks1u/4f3/GM0UiqXywdPFlaW5qPxW9ngMZGpfdTlW932o09Xvw6/lD9+RfzYi/hcRHw+NVPLZXLEw1+vgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBqX5Pf/0/9MtTr1gEAHTPc1+sWAADdNtzf6xYAAN023NbWIx1rBwDQPe2d/wGAh4HzPwA8epz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6LATx4+ny+afG+u5ND93bnVloXju0Fy+tJBdXMllc8Xls9n5YnG+kM/miotN/9GFrYdCsXh2JpZWzk+V86XyVGl17eRicWWpfPLM4ux8/mR+oGuRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDrSqtrC7OFQn5ZQkKi7URc2DqOHpT27F0iBrdHiZGejU8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7p/AgAA//+mAybn") creat(&(0x7f0000000100)='./bus\x00', 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x63bff000) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x29, 0x13, &(0x7f0000000040)=0x100000001, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0xc0000001) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)={0x30, 0x0, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @ETHTOOL_A_FEATURES_WANTED={0x8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x30}}, 0x0) 4.180790371s ago: executing program 4 (id=739): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) creat(&(0x7f00000000c0)='./file0\x00', 0xf4) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = open(&(0x7f0000000280)='.\x00', 0x2000, 0x0) fcntl$notify(r1, 0x402, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x2}}, 0x20) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000700)=@ethtool_flash={0x33, 0xea6, '.\x00'}}) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000280)={0xe, 0x18, 0xfa00, @id_tos={0x0, r2}}, 0x20) dup(0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ADD(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x18, r6, 0x4c1dad3e3d6a7499, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000080}, 0x2400c000) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@newlink={0x30, 0x10, 0x1, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, 0x40810, 0x403}, [@IFLA_CARRIER={0x5, 0x21, 0xca}, @IFLA_TXQLEN={0x8, 0xd, 0x9}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x4000000) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x7d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) munlockall() madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 4.096300189s ago: executing program 4 (id=742): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xc2d3, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005"], 0x50) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wg0\x00'}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa2c"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 3.767508402s ago: executing program 0 (id=747): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="24000000020181020000000000000000080400060c0019"], 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) 3.441498895s ago: executing program 0 (id=751): socket$key(0xf, 0x3, 0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x1, &(0x7f0000000780)=[{0x200000000006, 0xf, 0x6, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) fstatfs(0xffffffffffffffff, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=ANY=[@ANYBLOB="d4000000000101040000000000000000020000002400018014000180080001007f00000108000200ac1414000c0002800500010000000000240002801400018008000100e000000108000200e00000010c00028005000100000000000800074000000000080008400000000a0400164008001540000000030400170058000d"], 0xd4}}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x18) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r6 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x842, 0x0) writev(r6, &(0x7f0000000a40)=[{&(0x7f0000000180)="d18a876f8f46c153dde8db040cc7e763ba2fab29aca1a1a2e0a38bc757e61b5aab090000000000000051ed697ff263589940cf437f1efae8e2342bb1adc1c9d8febaecb3aef2d7650869408a287d92d06f5d660a68f3f0a39e926d8dbd6f8d9de335fe4c520feaffc62c3435ab63a2", 0x6f}, {&(0x7f0000000140)="a9e47d4ed965685b48214fff756364b93155b267f07697b50eede6ed45f973d3da857dba0deed519dc9a7267b99f19a1b405e7d2", 0x34}, {&(0x7f00000000c0)='\n', 0x1}], 0x3) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000540)={'\x00', 0x7e, 0x7527, 0x5c8, 0x7ffc, 0x9}) ioctl$USBDEVFS_REAPURB(r5, 0x4008550c, &(0x7f0000000240)) ioctl$BLKTRACETEARDOWN(r5, 0x1276, 0x0) 3.063495073s ago: executing program 0 (id=758): symlinkat(&(0x7f0000002000)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x18) mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file0/file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x3, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/13], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r4, 0x400455c8, 0x0) syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_route(0x10, 0x3, 0x0) 2.456807544s ago: executing program 1 (id=771): bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 2.453175124s ago: executing program 1 (id=773): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r1 = fsopen(&(0x7f0000000040)='securityfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fspick(r2, &(0x7f0000000340)='.\x00', 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000b80)='./file0\x00', 0x1008002, &(0x7f0000000d00)={[{@grpjquota}]}, 0x3, 0x5ee, &(0x7f00000012c0)="$eJzs3c1vVFUbAPDnTj9oKXk7kDcqLqSJMZAoLS1gGuMCtoY0+BE3urDSgkiBhtZo0YSS4MbEuDHGxJUL8b9QIltWunLhxpUhIWpYmjjmztxbOu1Mv2jnEu7vlwxz7zlze86lfeace+acOwGU1lD6TyVif0TMJhGDyeJSXndkmUON193/+5Mz6SOJWu31P5NIsrT89Un2PJAd3BcRP/+UxL6u1eXOLVy9MDkzM30l2x+Zvzg7Mrdw9fD5i5Pnps9NXxp7cWz8+LHj46NHtnRe11qknbrx/oeDn0289d03/ySj3/82kcSJeCV74fLz2C5DMVT/P0lWZw2Mb3dhBenK/k5qtVotT0u6i60TG5f//noi4skYjK548MsbjE9fLbRywI6qJY33bqCMEvEPJZX3A/Jr+5XXwZVCeiVAJ9w72RgAWB3/3Y2xweirjw3svp/E8mGdJCK2NjLXbE9E3Lk9cePs7YkbsUPjcEBri9cj4qlW8Z/U478afVGtx3+lKf7TfsHp7DlNf22L5a8cKhb/0DmN+O9bM/6jTfy/kz5fa8Twu1ssv/pg873+pvjv3+opAQAAAAAAQGndOhkRL7T6/L+yNP8nWsz/GYiIE9tQ/tCK/dWf/1fubkMxQAv3Tka83HL+byWf/VvtWraEtRo9ydnzM9NHIuJ/EXEoenal+6NrlHH4831ft8sbyub/5Y+0/DvZXMCsHne7dzUfMzU5P/kQpwxk7l2PeLrl/N9kqf1PWrT/6TvD7AbL2PfczdPt8taPf2Cn1L6NONiy/X9w14pk7ftzjNT7AyN5r2C1Zz7+4od25W81/t1iAh5e2v7vXjv+q8ny+/XMbb6MowvdtXZ5W+3/9yZv1O8q1JulfTQ5P39lNKI3OdWVpjalj22+zvA4yuMhj5c0/g89u/b4X6v+f39ELK742clfzWuKc0/8O/B7u/ro/0Nx0vif2lT7v/mNsZvVH9uVv7H2/1i9rT+UpRj/g4av8jDtbU5vEY7drbI6XV8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBxUImJPJJXhpe1KZXg4YiAi/h+7KzOX5+afP3v5g0tTaV79+/8r+Tf9Djb2k/z7/6vL9sdW7B+NiL0R8WVXf31/+MzlmamiTx4AAAAAAAAAAAAAAAAAAAAeEQNt1v+n/ugqunbAjusuugJAYVrE/y9F1APoPO0/lJf4h/IS/1Be4h/KS/xDea0d/2+Pd6wiQMdp/6G8xD8AAAAAADxW9h649WsSEYsv9dcfqd4sr6fQmgE7rVJ0BYDCuMUPlJepP1BervGBZJ38vrYHrXfkWmbPPMTBAAAAAAAAAAAAAFA6B/db/w9lZf0/lJf1/1Be+fr/AwXXA+g81/hArLOSv+X6/3WPAgAAAAAAAAAAAAC209zC1QuTMzPTV2y8+WhUo5MbtVrtWvpX8KjUZ/s3kmyGekcKzafCd/5Mezdygvlav4395OLekwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGb/BQAA//8wviV5") syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0x0, 0x0, &(0x7f00000007c0)) r3 = socket$unix(0x1, 0x2, 0x0) bind$unix(r3, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r4 = socket$unix(0x1, 0x2, 0x0) connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) setsockopt$sock_int(r4, 0x1, 0x10, &(0x7f0000000300)=0x4, 0x4) writev(r4, &(0x7f0000000240)=[{&(0x7f0000000000)="f1", 0x1}], 0x1) r5 = inotify_init() inotify_add_watch(r5, &(0x7f00000001c0)='.\x00', 0x4000423) r6 = openat(0xffffffffffffff9c, &(0x7f00000004c0)='./bus\x00', 0x0, 0x0) lseek(r6, 0x79, 0x0) getdents64(r6, 0x0, 0x0) 2.340123715s ago: executing program 2 (id=774): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x2, 0x8}}, 0x20) r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000200)={'bond_slave_1\x00', {0x2, 0x4e21, @private=0xa010102}}) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x1809049, 0x0, 0xfe, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r3}, 0x18) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) r4 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, 0x0, &(0x7f0000000200)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000040)=@v3, 0x18, 0x0) 2.338749825s ago: executing program 1 (id=775): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18) quotactl_fd$Q_GETNEXTQUOTA(0xffffffffffffffff, 0xffffffff80000900, 0x0, 0x0) 2.28566341s ago: executing program 1 (id=776): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRESDEC], 0x48) r1 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) recvmmsg$unix(r1, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_wakeup_irq', 0x0, 0x1a2) r3 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0) fsopen(&(0x7f00000001c0)='bdev\x00', 0x0) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000001600)={r2, 0x7fd, {0x2a00, 0x80010000, 0x0, 0x5, 0x2000000000000000, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SCAN(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0) 1.545975805s ago: executing program 3 (id=778): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xb2}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x8d}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x18, 0x55, 0x1e5, 0x0, 0xfffffffd, {0x7, r4}}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x8000, &(0x7f0000000140)=0x4, 0xffff, 0x6) sendfile(r5, 0xffffffffffffffff, 0x0, 0xfd85) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000046c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x800f1ff, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x2, 0x4, 0x0, 0x0, 0x10000000, 0x0, 0x40000000, 0x1000, 0x2, 0x0, 0x0, 0x8000002, 0x0, 0x7e150a0b, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x100000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x200000, 0x0, 0x0, 0x1000, 0x10000, 0x5d2, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x1007, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40008000, 0x0, 0x3, 0x0, 0x1, 0x8, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, 0x9, 0x0, 0x0, 0x7, 0xfbfffffd, 0x2, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x8000, 0x7, 0x3, 0x0, 0x0, 0x4fd, 0x2000, 0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x7e98263b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x1000009, 0x80000000, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2d1, 0x0, 0x0, 0xb2e, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xff, 0x1000, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x6, 0xc3f3, 0x1, 0x0, 0x800, 0x9, 0x800, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0xfffffffe, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0xfffffffd, 0x0, 0x40000, 0xd8192c9, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x10, 0x20, 0x4, 0x400000b2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1000, 0x100, 0x2, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x1, 0x4, 0xfffffffe, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x20000040, 0xffffffff, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0xaaf0]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x3, 0x0, 0x0, 0x0, 0xc0000001}, {0x3, 0x0, 0xb, 0x0, 0x0, 0xffffffff}, 0x7, 0xa, 0x2000000}}]}}]}, 0x45c}}, 0x0) 1.523928167s ago: executing program 2 (id=779): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3800480, &(0x7f0000002200), 0x45, 0x786, &(0x7f00000007c0)="$eJzs3d9rW2UfAPDvSX93e9/2hRd0XhUELYyldtZNwYuJFyI4GOi1W0mzMps2o0nHWgpuiOCNoOKFoDe79se889Yft/pfeCEbU7vhxAupnDRZszXpkq1J5vb5wGme5zwnfZ5vnnOe8yTnkATwyJpI/2QiDkTEB0nEWHV9EhEDlVR/xLGt7W5urOfSJYnNzdd/Syrb3NhYz0Xdc1L7qpnHI+L7dyMOZnbWW1pdW5gtFPLL1fxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88dPbJ3sf7x09r+qx++8vRXx/5657HL7/+QxLHYXy2rj2OvTMRE9TUZSF/C27y815X1WLJ7cYM9gAdB2jF9W0d5HIix6KukmhjpZssAgE55OyI2m+lrWgIA/Kslzc//AMBDqfY5wI2N9Vxt6e0nEt117aWIGN6Kv3Z9c6ukv3rNbrhyHXT0RnLblZEkIsb3oP6JiPjsmze/SJfo0HVIgEYuXIyIU+MTO8f/ZMc9C+16poVtJu7IG/+ge75N5z/PN5r/ZW7Nf6LB/GeowbF7L+5+/Geu7EE1TaXzvxfr7m27WRd/1XhfNfefypxvIDl9ppBPx7b/RsRkDAyl+eld6pi8/vf1ZmX187/fP3rr87T+9HF7i8yV/qHbnzM3W569n5jrXbsY8UR/o/iTW/2fNJn/nmixjldfeO/TZmVp/Gm8tWVn/J21eSniqYb9v31HW7Lr/YlTld1hqrZTNPD1z5+MNqu/vv/TJa2/9l6gG9L+H909/vGk/n7NUvt1/Hhp7LtmZXePv/H+P5i8UUkPVtedny2Xl6cjBpPXdq4/vP3cWr62fRr/5JONj//d9v/0PeGpFuPvv/rrl/cef2el8c+11f/tJy7fXOhrVn9r/T9TSU1W17Qy/rXawPt57QAAAAAAAAAAAAAAAAAAAAAAAACgVZmI2B9JJnsrnclks1u/4f3/GM0UiqXywdPFlaW5qPxW9ngMZGpfdTlW932o09Xvw6/lD9+RfzYi/hcRHw+NVPLZXLEw1+vgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBqX5Pf/0/9MtTr1gEAHTPc1+sWAADdNtzf6xYAAN023NbWIx1rBwDQPe2d/wGAh4HzPwA8epz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6LATx4+ny+afG+u5ND93bnVloXju0Fy+tJBdXMllc8Xls9n5YnG+kM/miotN/9GFrYdCsXh2JpZWzk+V86XyVGl17eRicWWpfPLM4ux8/mR+oGuRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDrSqtrC7OFQn5ZQkKi7URc2DqOHpT27F0iBrdHiZGejU8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7p/AgAA//+mAybn") creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x1850, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r1}, 0x18) r2 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x100) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f00000000c0)=0xfff, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f00000002c0)=[@in6={0xa, 0x4e23, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, 0x80000001}], 0x1c) sendto$inet6(r3, &(0x7f0000000300)='T', 0x1, 0x20000040, &(0x7f0000000180)={0xa, 0x4e24, 0xdc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xfed}, 0x1c) preadv2(r2, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4057, 0xfd9}], 0x1, 0x9, 0x0, 0x2a) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000000000007110a400000000001f010000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x6, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffcf2}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) unshare(0x2a020400) 1.474586042s ago: executing program 3 (id=780): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3800480, &(0x7f0000002200), 0x45, 0x786, &(0x7f00000007c0)="$eJzs3d9rW2UfAPDvSX93e9/2hRd0XhUELYyldtZNwYuJFyI4GOi1W0mzMps2o0nHWgpuiOCNoOKFoDe79se889Yft/pfeCEbU7vhxAupnDRZszXpkq1J5vb5wGme5zwnfZ5vnnOe8yTnkATwyJpI/2QiDkTEB0nEWHV9EhEDlVR/xLGt7W5urOfSJYnNzdd/Syrb3NhYz0Xdc1L7qpnHI+L7dyMOZnbWW1pdW5gtFPLL1fxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88dPbJ3sf7x09r+qx++8vRXx/5657HL7/+QxLHYXy2rj2OvTMRE9TUZSF/C27y815X1WLJ7cYM9gAdB2jF9W0d5HIix6KukmhjpZssAgE55OyI2m+lrWgIA/Kslzc//AMBDqfY5wI2N9Vxt6e0nEt117aWIGN6Kv3Z9c6ukv3rNbrhyHXT0RnLblZEkIsb3oP6JiPjsmze/SJfo0HVIgEYuXIyIU+MTO8f/ZMc9C+16poVtJu7IG/+ge75N5z/PN5r/ZW7Nf6LB/GeowbF7L+5+/Geu7EE1TaXzvxfr7m27WRd/1XhfNfefypxvIDl9ppBPx7b/RsRkDAyl+eld6pi8/vf1ZmX187/fP3rr87T+9HF7i8yV/qHbnzM3W569n5jrXbsY8UR/o/iTW/2fNJn/nmixjldfeO/TZmVp/Gm8tWVn/J21eSniqYb9v31HW7Lr/YlTld1hqrZTNPD1z5+MNqu/vv/TJa2/9l6gG9L+H909/vGk/n7NUvt1/Hhp7LtmZXePv/H+P5i8UUkPVtedny2Xl6cjBpPXdq4/vP3cWr62fRr/5JONj//d9v/0PeGpFuPvv/rrl/cef2el8c+11f/tJy7fXOhrVn9r/T9TSU1W17Qy/rXawPt57QAAAAAAAAAAAAAAAAAAAAAAAACgVZmI2B9JJnsrnclks1u/4f3/GM0UiqXywdPFlaW5qPxW9ngMZGpfdTlW932o09Xvw6/lD9+RfzYi/hcRHw+NVPLZXLEw1+vgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBqX5Pf/0/9MtTr1gEAHTPc1+sWAADdNtzf6xYAAN023NbWIx1rBwDQPe2d/wGAh4HzPwA8epz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6LATx4+ny+afG+u5ND93bnVloXju0Fy+tJBdXMllc8Xls9n5YnG+kM/miotN/9GFrYdCsXh2JpZWzk+V86XyVGl17eRicWWpfPLM4ux8/mR+oGuRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDrSqtrC7OFQn5ZQkKi7URc2DqOHpT27F0iBrdHiZGejU8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7p/AgAA//+mAybn") creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x1850, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r1}, 0x18) r2 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x100) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f00000000c0)=0xfff, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f00000002c0)=[@in6={0xa, 0x4e23, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, 0x80000001}], 0x1c) sendto$inet6(r3, &(0x7f0000000300)='T', 0x1, 0x20000040, &(0x7f0000000180)={0xa, 0x4e24, 0xdc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xfed}, 0x1c) preadv2(r2, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4057, 0xfd9}], 0x1, 0x9, 0x0, 0x2a) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000000000007110a400000000001f010000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x6, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffcf2}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) unshare(0x2a020400) 1.462092213s ago: executing program 2 (id=781): bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e0000000400000008000000"], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x20044090}, 0x0) sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f5"], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) 1.457756604s ago: executing program 1 (id=782): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="300000001d0001000000000004086aa42d"], 0x30}}, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x100, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000040)=0x7) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x2003, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x3c, 0x2, [@TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0x6}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x1}, @TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x6}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0x1}, @TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0x3}, @TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0x7}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0xaa}]}}]}, 0x70}}, 0x4000010) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000680)={{0x1, 0x1, 0x18, r4, {0x2}}, './file0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x18, 0x11, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x27, 0x0, 0x0, 0x0, 0x3}, {}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000300)='syzkaller\x00', 0xffffffff, 0x18, &(0x7f00000004c0)=""/24, 0x41100, 0x40, '\x00', 0x0, @fallback=0x16, r1, 0x8, &(0x7f0000000500)={0x5, 0x5}, 0x8, 0x10, &(0x7f0000000640)={0x3, 0xe, 0xfff, 0xc00}, 0x10, 0xffffffffffffffff, r6, 0xa, &(0x7f00000006c0)=[r1, r1, r1], &(0x7f0000000780)=[{0x3, 0x3, 0xb, 0xb}, {0x2, 0x1, 0x8, 0x9}, {0x5, 0x7f, 0xb, 0xc}, {0x0, 0x5, 0x4, 0x5}, {0x4, 0x5, 0x9, 0x5}, {0x2, 0x3, 0xb, 0x6}, {0x5, 0x5, 0xc, 0xb}, {0x2, 0x5, 0x9, 0x6}, {0x0, 0x5, 0x4, 0x4}, {0x5, 0x2, 0xb, 0x7}], 0x10, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000000)='kmem_cache_free\x00', r5, 0x0, 0xd4}, 0x18) sendmsg$TIPC_CMD_SHOW_PORTS(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x1c, r3, 0x1, 0x70bd29, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) recvmsg$can_bcm(0xffffffffffffffff, 0x0, 0x40000000) accept$packet(r1, 0x0, &(0x7f0000000180)) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f00000002c0)=ANY=[@ANYRES8=r4, @ANYRES16=r7, @ANYRES64=r9, @ANYRES16=r10], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r11}, 0x10) syz_clone(0x41aa1000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.447700695s ago: executing program 3 (id=783): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x50) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x40, 0x9, 0x7ffc1fff}]}) io_cancel(0x0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x9, 0xffffffffffffffff, &(0x7f0000000300)="53b9b8fb3f884d2067b489ac2c6dac74c31f7646ef084ac7c0e2f51044d77f82216c91030962735590b5859dede552dbf998cb1e1d1471c0ae6f68b0b7f5fb29918ac9d2db426907fa6abfc1b3ce828dee63758510221e8da9a0a1c4357c1adf0fa661d6ba6394affea87e1c63", 0x6d, 0xe0a9}, &(0x7f0000000400)) 1.337845636s ago: executing program 2 (id=784): setrlimit(0x9, &(0x7f0000000080)={0x8606, 0xffff}) (fail_nth: 2) 1.333534446s ago: executing program 3 (id=785): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={0xffffffffffffffff}, 0x13f, 0x9}}, 0xfffffef1) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r1, 0x1000000, 0x3}}, 0x20) 1.108614429s ago: executing program 3 (id=786): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f0000000bc0)='kfree\x00', r1, 0x0, 0xfffffffffffffff4}, 0x18) socket$inet_sctp(0x2, 0x1, 0x84) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x10) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'gre0\x00', 0x0}) bind$packet(r2, &(0x7f0000000300)={0x11, 0x1b, r3, 0x1, 0xfc, 0x6, @local}, 0x14) bind$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) 1.089447311s ago: executing program 3 (id=787): symlinkat(&(0x7f0000002000)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x18) mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file0/file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x3, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/11], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r4, 0x400455c8, 0x0) syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_route(0x10, 0x3, 0x0) 745.740945ms ago: executing program 2 (id=788): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) mbind(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4005, &(0x7f0000000c00)=0xb, 0x6, 0x2) mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000c00)=0xc, 0x6, 0x2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x4, 0xc0000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3}, {0xa, 0xe}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xe7e7}, @TCA_FQ_PIE_TARGET={0x8, 0x3, 0x4}]}}]}, 0x44}}, 0x20004015) sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x99340028607454df, 0x78) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0, 0x0, 0x4}, 0x18) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) socket$netlink(0x10, 0x3, 0x0) socket$kcm(0x29, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000600)}], 0x1, 0x0, 0x480}, 0x0, 0x50, 0x1}) r2 = syz_io_uring_setup(0x221d, &(0x7f0000000100)={0x0, 0x6e7f, 0x800, 0x2, 0x5cc}, &(0x7f0000000280)=0x0, &(0x7f00000005c0)=0x0) r5 = socket$kcm(0x21, 0x2, 0x2) accept(r5, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffa, 0x0, 0x4) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x1, 0x0, 0xffffffffffffffff, 0x0, r2}) 660.953034ms ago: executing program 4 (id=789): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x2, 0x8}}, 0x20) r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000200)={'bond_slave_1\x00', {0x2, 0x4e21, @private=0xa010102}}) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x1809049, 0x0, 0xfe, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r3}, 0x18) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) r4 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, 0x0, &(0x7f0000000200)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000040)=@v3, 0x18, 0x0) 236.244926ms ago: executing program 0 (id=790): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0700000004000000800000000400000028"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0xc9028ba210c11f8b) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) r4 = gettid() r5 = getpid() rt_tgsigqueueinfo(r5, r4, 0x1f, &(0x7f0000000080)={0x11, 0x0, 0x2}) r6 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff5]}, 0x8, 0x80000) readv(r6, &(0x7f0000002940)=[{&(0x7f00000000c0)=""/121, 0x80}, {0x0}], 0x20000000000000d6) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000000)={'\x00', 0xc, 0x2, 0x803fd, 0x1, 0x800}) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x25dfdbfd, {{@in, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, {0x0, 0x7, 0x0, 0x7fffffff, 0x0, 0x2}, {0xfffffffffffffffe, 0xffffffffffffffff}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}}, 0xb8}, 0x1, 0x0, 0x0, 0x4050}, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r8, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r8, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r8, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=") r9 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r10 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x32) write(r10, &(0x7f00000001c0)="49bda8f11851b8436bebb25ac5f8202ffb", 0x11) sendfile(r10, r9, 0x0, 0x3ffff) sendfile(r10, r9, 0x0, 0x7ffffffffffffffd) sendmsg$nl_route_sched(r0, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000100)=@newtaction={0x68, 0x30, 0x9, 0x0, 0x0, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x3e, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x4, 0x3, 0x2, 0x5, 0x4470}}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x3}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0x3b}}}}]}]}, 0x68}}, 0x20000084) 114.289809ms ago: executing program 2 (id=791): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3800480, &(0x7f0000002200), 0x45, 0x786, &(0x7f00000007c0)="$eJzs3d9rW2UfAPDvSX93e9/2hRd0XhUELYyldtZNwYuJFyI4GOi1W0mzMps2o0nHWgpuiOCNoOKFoDe79se889Yft/pfeCEbU7vhxAupnDRZszXpkq1J5vb5wGme5zwnfZ5vnnOe8yTnkATwyJpI/2QiDkTEB0nEWHV9EhEDlVR/xLGt7W5urOfSJYnNzdd/Syrb3NhYz0Xdc1L7qpnHI+L7dyMOZnbWW1pdW5gtFPLL1fxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88dPbJ3sf7x09r+qx++8vRXx/5657HL7/+QxLHYXy2rj2OvTMRE9TUZSF/C27y815X1WLJ7cYM9gAdB2jF9W0d5HIix6KukmhjpZssAgE55OyI2m+lrWgIA/Kslzc//AMBDqfY5wI2N9Vxt6e0nEt117aWIGN6Kv3Z9c6ukv3rNbrhyHXT0RnLblZEkIsb3oP6JiPjsmze/SJfo0HVIgEYuXIyIU+MTO8f/ZMc9C+16poVtJu7IG/+ge75N5z/PN5r/ZW7Nf6LB/GeowbF7L+5+/Geu7EE1TaXzvxfr7m27WRd/1XhfNfefypxvIDl9ppBPx7b/RsRkDAyl+eld6pi8/vf1ZmX187/fP3rr87T+9HF7i8yV/qHbnzM3W569n5jrXbsY8UR/o/iTW/2fNJn/nmixjldfeO/TZmVp/Gm8tWVn/J21eSniqYb9v31HW7Lr/YlTld1hqrZTNPD1z5+MNqu/vv/TJa2/9l6gG9L+H909/vGk/n7NUvt1/Hhp7LtmZXePv/H+P5i8UUkPVtedny2Xl6cjBpPXdq4/vP3cWr62fRr/5JONj//d9v/0PeGpFuPvv/rrl/cef2el8c+11f/tJy7fXOhrVn9r/T9TSU1W17Qy/rXawPt57QAAAAAAAAAAAAAAAAAAAAAAAACgVZmI2B9JJnsrnclks1u/4f3/GM0UiqXywdPFlaW5qPxW9ngMZGpfdTlW932o09Xvw6/lD9+RfzYi/hcRHw+NVPLZXLEw1+vgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBqX5Pf/0/9MtTr1gEAHTPc1+sWAADdNtzf6xYAAN023NbWIx1rBwDQPe2d/wGAh4HzPwA8epz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6LATx4+ny+afG+u5ND93bnVloXju0Fy+tJBdXMllc8Xls9n5YnG+kM/miotN/9GFrYdCsXh2JpZWzk+V86XyVGl17eRicWWpfPLM4ux8/mR+oGuRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDrSqtrC7OFQn5ZQkKi7URc2DqOHpT27F0iBrdHiZGejU8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7p/AgAA//+mAybn") creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x1850, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r1}, 0x18) open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x100) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f00000000c0)=0xfff, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f00000002c0)=[@in6={0xa, 0x4e23, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, 0x80000001}], 0x1c) sendto$inet6(r2, &(0x7f0000000300)='T', 0x1, 0x20000040, &(0x7f0000000180)={0xa, 0x4e24, 0xdc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xfed}, 0x1c) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000000000007110a400000000001f010000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x6, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffcf2}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) unshare(0x2a020400) 0s ago: executing program 1 (id=792): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2400, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) close(r2) socket$inet(0x2, 0x0, 0xffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r3, 0xffffffffffffffff}, &(0x7f0000000480), &(0x7f0000000540)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r4, 0xffffffffffffffff}, &(0x7f0000000440), &(0x7f00000005c0)}, 0x20) socket$packet(0x11, 0xa, 0x300) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x1, r6}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r7}, &(0x7f0000000840), &(0x7f0000000340)=r6}, 0x20) close(0x3) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r7, &(0x7f0000000900)}, 0x20) socket$packet(0x11, 0xa, 0x300) socket$packet(0x11, 0xa, 0x300) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2688ca4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xd, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) kernel console output (not intermixed with test programs): rr -117) [ 51.194980][ T4122] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.241435][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.276036][ T4136] loop2: detected capacity change from 0 to 1024 [ 51.289341][ T4136] EXT4-fs: Ignoring removed nomblk_io_submit option [ 51.307746][ T4136] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.309224][ T4141] netlink: 20 bytes leftover after parsing attributes in process `syz.4.235'. [ 51.329601][ T4136] netlink: 14 bytes leftover after parsing attributes in process `syz.2.237'. [ 51.393037][ T4150] netlink: 'syz.4.241': attribute type 3 has an invalid length. [ 51.426143][ T4153] loop4: detected capacity change from 0 to 2048 [ 51.437828][ T4153] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.591485][ T3311] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 51.606399][ T3311] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 51.618896][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.643318][ T4158] netlink: 24 bytes leftover after parsing attributes in process `syz.4.243'. [ 51.709790][ T4160] netlink: 4 bytes leftover after parsing attributes in process `syz.0.244'. [ 51.724531][ T4160] netlink: 4 bytes leftover after parsing attributes in process `syz.0.244'. [ 51.822483][ T4164] netlink: 4 bytes leftover after parsing attributes in process `syz.1.246'. [ 51.869647][ T4168] loop1: detected capacity change from 0 to 512 [ 51.885966][ T4168] EXT4-fs: Ignoring removed nobh option [ 51.898256][ T4170] loop0: detected capacity change from 0 to 764 [ 51.907821][ T4168] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #3: comm syz.1.248: corrupted inode contents [ 51.923220][ T4168] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #3: comm syz.1.248: mark_inode_dirty error [ 51.936119][ T4168] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #3: comm syz.1.248: corrupted inode contents [ 51.948332][ T4170] rock: directory entry would overflow storage [ 51.952083][ T4168] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #3: comm syz.1.248: mark_inode_dirty error [ 51.954538][ T4170] rock: sig=0x4f50, size=4, remaining=3 [ 51.971171][ T4170] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 51.979361][ T4168] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.248: Failed to acquire dquot type 0 [ 51.991309][ T4168] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.248: corrupted inode contents [ 52.003618][ T4168] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #16: comm syz.1.248: mark_inode_dirty error [ 52.015375][ T4168] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.248: corrupted inode contents [ 52.028208][ T4168] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.248: mark_inode_dirty error [ 52.039935][ T4168] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.248: corrupted inode contents [ 52.052321][ T4168] EXT4-fs error (device loop1) in ext4_orphan_del:301: Corrupt filesystem [ 52.061766][ T4168] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.248: corrupted inode contents [ 52.074116][ T4168] EXT4-fs error (device loop1): ext4_truncate:4637: inode #16: comm syz.1.248: mark_inode_dirty error [ 52.085841][ T4168] EXT4-fs error (device loop1) in ext4_process_orphan:343: Corrupt filesystem [ 52.096724][ T4168] EXT4-fs (loop1): 1 truncate cleaned up [ 52.103013][ T4168] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.109103][ T4179] netlink: 'syz.0.252': attribute type 3 has an invalid length. [ 52.116050][ T4168] ext4 filesystem being mounted at /68/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.167735][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.177143][ T4183] loop0: detected capacity change from 0 to 2048 [ 52.187503][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.214238][ T4183] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.231401][ T4185] loop2: detected capacity change from 0 to 1024 [ 52.247644][ T4185] EXT4-fs: inline encryption not supported [ 52.253532][ T4185] EXT4-fs: Ignoring removed orlov option [ 52.286766][ T4185] ext4: Unknown parameter 'subj_type' [ 52.298927][ T4193] loop1: detected capacity change from 0 to 512 [ 52.336337][ T4193] EXT4-fs: Ignoring removed nobh option [ 52.375064][ T4193] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #3: comm syz.1.257: corrupted inode contents [ 52.385294][ T29] kauditd_printk_skb: 440 callbacks suppressed [ 52.385313][ T29] audit: type=1326 audit(1763430780.196:1995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4182 comm="syz.0.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 52.417867][ T4193] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #3: comm syz.1.257: mark_inode_dirty error [ 52.435788][ T4197] netlink: 'syz.2.258': attribute type 10 has an invalid length. [ 52.447719][ T4197] team0: Port device dummy0 added [ 52.452967][ T4193] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #3: comm syz.1.257: corrupted inode contents [ 52.456264][ T29] audit: type=1326 audit(1763430780.246:1996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4182 comm="syz.0.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 52.466688][ T3312] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 52.488363][ T29] audit: type=1326 audit(1763430780.256:1997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4182 comm="syz.0.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 52.526086][ T29] audit: type=1326 audit(1763430780.256:1998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4182 comm="syz.0.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 52.549512][ T29] audit: type=1326 audit(1763430780.256:1999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4182 comm="syz.0.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 52.549710][ T3312] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 52.572862][ T29] audit: type=1326 audit(1763430780.256:2000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4182 comm="syz.0.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 52.604883][ T29] audit: type=1326 audit(1763430780.256:2001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4182 comm="syz.0.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 52.628226][ T29] audit: type=1326 audit(1763430780.256:2002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4182 comm="syz.0.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 52.651746][ T29] audit: type=1326 audit(1763430780.256:2003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4182 comm="syz.0.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 52.661957][ T4201] loop2: detected capacity change from 0 to 1024 [ 52.675481][ T29] audit: type=1326 audit(1763430780.256:2004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4182 comm="syz.0.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 52.683667][ T4201] EXT4-fs: Ignoring removed orlov option [ 52.711390][ T4201] EXT4-fs: Ignoring removed nomblk_io_submit option [ 52.718538][ T4193] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #3: comm syz.1.257: mark_inode_dirty error [ 52.730379][ T4193] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.257: Failed to acquire dquot type 0 [ 52.743334][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.743982][ T4201] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.752838][ T4193] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.257: corrupted inode contents [ 52.777746][ T4193] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #16: comm syz.1.257: mark_inode_dirty error [ 52.789425][ T4193] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.257: corrupted inode contents [ 52.801822][ T4193] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.257: mark_inode_dirty error [ 52.815966][ T4193] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.257: corrupted inode contents [ 52.828285][ T4193] EXT4-fs error (device loop1) in ext4_orphan_del:301: Corrupt filesystem [ 52.863160][ T4193] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.257: corrupted inode contents [ 52.875561][ T4193] EXT4-fs error (device loop1): ext4_truncate:4637: inode #16: comm syz.1.257: mark_inode_dirty error [ 52.889617][ T4193] EXT4-fs error (device loop1) in ext4_process_orphan:343: Corrupt filesystem [ 52.908509][ T4193] EXT4-fs (loop1): 1 truncate cleaned up [ 52.914559][ T4193] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.929234][ T4193] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.957870][ T4215] netlink: 'syz.4.264': attribute type 3 has an invalid length. [ 52.969642][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.076528][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.091031][ T4222] ip6_vti0 speed is unknown, defaulting to 1000 [ 53.202422][ T4228] loop1: detected capacity change from 0 to 2048 [ 53.236673][ T4232] xt_CT: You must specify a L4 protocol and not use inversions on it [ 53.287989][ T4234] FAULT_INJECTION: forcing a failure. [ 53.287989][ T4234] name failslab, interval 1, probability 0, space 0, times 0 [ 53.300724][ T4234] CPU: 0 UID: 0 PID: 4234 Comm: syz.3.272 Not tainted syzkaller #0 PREEMPT(voluntary) [ 53.300776][ T4234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 53.300791][ T4234] Call Trace: [ 53.300800][ T4234] [ 53.300810][ T4234] __dump_stack+0x1d/0x30 [ 53.300855][ T4234] dump_stack_lvl+0xe8/0x140 [ 53.300874][ T4234] dump_stack+0x15/0x1b [ 53.300901][ T4234] should_fail_ex+0x265/0x280 [ 53.300943][ T4234] should_failslab+0x8c/0xb0 [ 53.301057][ T4234] kmem_cache_alloc_noprof+0x50/0x480 [ 53.301093][ T4234] ? radix_tree_node_alloc+0x8a/0x1f0 [ 53.301204][ T4234] radix_tree_node_alloc+0x8a/0x1f0 [ 53.301347][ T4234] idr_get_free+0x1fa/0x550 [ 53.301390][ T4234] idr_alloc_u32+0xca/0x180 [ 53.301422][ T4234] tcf_idr_check_alloc+0x193/0x240 [ 53.301510][ T4234] tcf_police_init+0x1ca/0xc70 [ 53.301550][ T4234] tcf_action_init_1+0x36a/0x4a0 [ 53.301585][ T4234] tcf_action_init+0x267/0x6d0 [ 53.301649][ T4234] tc_ctl_action+0x291/0x830 [ 53.301708][ T4234] ? __pfx_tc_ctl_action+0x10/0x10 [ 53.301737][ T4234] rtnetlink_rcv_msg+0x65a/0x6d0 [ 53.301773][ T4234] netlink_rcv_skb+0x123/0x220 [ 53.301862][ T4234] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 53.301898][ T4234] rtnetlink_rcv+0x1c/0x30 [ 53.301925][ T4234] netlink_unicast+0x5c0/0x690 [ 53.302021][ T4234] netlink_sendmsg+0x58b/0x6b0 [ 53.302043][ T4234] ? __pfx_netlink_sendmsg+0x10/0x10 [ 53.302068][ T4234] __sock_sendmsg+0x145/0x180 [ 53.302115][ T4234] ____sys_sendmsg+0x31e/0x4e0 [ 53.302165][ T4234] ___sys_sendmsg+0x17b/0x1d0 [ 53.302206][ T4234] __x64_sys_sendmsg+0xd4/0x160 [ 53.302234][ T4234] x64_sys_call+0x191e/0x3000 [ 53.302335][ T4234] do_syscall_64+0xd2/0x200 [ 53.302356][ T4234] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 53.302404][ T4234] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 53.302486][ T4234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.302553][ T4234] RIP: 0033:0x7f7cf746f6c9 [ 53.302572][ T4234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.302591][ T4234] RSP: 002b:00007f7cf5ed7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.302614][ T4234] RAX: ffffffffffffffda RBX: 00007f7cf76c5fa0 RCX: 00007f7cf746f6c9 [ 53.302693][ T4234] RDX: 00000000000000c0 RSI: 00002000000037c0 RDI: 0000000000000005 [ 53.302705][ T4234] RBP: 00007f7cf5ed7090 R08: 0000000000000000 R09: 0000000000000000 [ 53.302719][ T4234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 53.302733][ T4234] R13: 00007f7cf76c6038 R14: 00007f7cf76c5fa0 R15: 00007fff75e405d8 [ 53.302811][ T4234] [ 53.642391][ T4230] loop2: detected capacity change from 0 to 1024 [ 53.651003][ T4230] EXT4-fs: Ignoring removed nomblk_io_submit option [ 54.023061][ T4247] netlink: 'syz.0.277': attribute type 3 has an invalid length. [ 54.065059][ T4252] netlink: 4 bytes leftover after parsing attributes in process `syz.0.279'. [ 54.075991][ T4230] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.088773][ T4228] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.285542][ T4253] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 54.452560][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.931093][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.136098][ T4271] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 55.284799][ T4280] loop4: detected capacity change from 0 to 1024 [ 55.485118][ T4280] EXT4-fs: Ignoring removed nomblk_io_submit option [ 55.518528][ T4280] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.064625][ T4297] loop3: detected capacity change from 0 to 2048 [ 56.107201][ T4297] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.186907][ T4301] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.217594][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.235632][ T4302] __nla_validate_parse: 3 callbacks suppressed [ 56.235647][ T4302] netlink: 60 bytes leftover after parsing attributes in process `syz.2.295'. [ 56.285160][ T4301] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.358163][ T4301] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.427604][ T4301] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.521863][ T3588] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.544887][ T3588] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.571888][ T3588] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.577889][ T3317] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 56.600371][ T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.618212][ T3317] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 56.637046][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.681699][ T4318] siw: device registration error -23 [ 56.718602][ T4328] loop2: detected capacity change from 0 to 1024 [ 56.728809][ T4328] EXT4-fs: Ignoring removed nomblk_io_submit option [ 56.749592][ T4328] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.779392][ T4328] netlink: 14 bytes leftover after parsing attributes in process `syz.2.306'. [ 56.937891][ T4343] loop3: detected capacity change from 0 to 1024 [ 56.946836][ T4343] EXT4-fs: Ignoring removed nomblk_io_submit option [ 56.967895][ T4343] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 57.000522][ T4343] netlink: 14 bytes leftover after parsing attributes in process `syz.3.309'. [ 57.043082][ T4347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.310'. [ 57.054509][ T4347] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 57.081957][ T4350] loop0: detected capacity change from 0 to 1024 [ 57.089013][ T4350] EXT4-fs: Ignoring removed nomblk_io_submit option [ 57.108158][ T4350] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 57.124256][ T4350] netlink: 14 bytes leftover after parsing attributes in process `syz.0.311'. [ 57.359597][ T4359] program syz.1.312 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 57.389221][ T4361] netlink: 'syz.1.313': attribute type 3 has an invalid length. [ 57.416151][ T4363] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 57.424483][ T4363] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 57.497782][ T4369] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 57.523802][ T29] kauditd_printk_skb: 297 callbacks suppressed [ 57.523819][ T29] audit: type=1400 audit(1763430785.346:2300): avc: denied { create } for pid=4370 comm="syz.1.318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 57.552185][ T29] audit: type=1400 audit(1763430785.356:2301): avc: denied { read } for pid=4370 comm="syz.1.318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 57.581298][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.581957][ T29] audit: type=1326 audit(1763430785.406:2302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4372 comm="syz.4.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fe0ff6c9 code=0x7ffc0000 [ 57.618239][ T29] audit: type=1326 audit(1763430785.436:2303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4372 comm="syz.4.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7fa1fe0ff6c9 code=0x7ffc0000 [ 57.642026][ T29] audit: type=1326 audit(1763430785.436:2304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4372 comm="syz.4.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fe0ff6c9 code=0x7ffc0000 [ 57.665711][ T29] audit: type=1400 audit(1763430785.446:2305): avc: denied { ioctl } for pid=4370 comm="syz.1.318" path="socket:[8833]" dev="sockfs" ino=8833 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 57.690232][ T29] audit: type=1400 audit(1763430785.446:2306): avc: denied { write } for pid=4370 comm="syz.1.318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 57.710005][ T29] audit: type=1400 audit(1763430785.476:2307): avc: denied { create } for pid=4375 comm="syz.4.321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 57.729482][ T29] audit: type=1400 audit(1763430785.476:2308): avc: denied { setopt } for pid=4375 comm="syz.4.321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 57.748908][ T29] audit: type=1400 audit(1763430785.476:2309): avc: denied { write } for pid=4375 comm="syz.4.321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 57.786923][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.835198][ T4384] netlink: 'syz.2.324': attribute type 3 has an invalid length. [ 57.863627][ T4391] netlink: 20 bytes leftover after parsing attributes in process `syz.2.326'. [ 57.920795][ T4393] loop3: detected capacity change from 0 to 2048 [ 57.940449][ T4393] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 58.029615][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.141652][ T4400] ip6_vti0 speed is unknown, defaulting to 1000 [ 58.559984][ T4407] loop1: detected capacity change from 0 to 1024 [ 58.572641][ T4407] EXT4-fs: Ignoring removed nomblk_io_submit option [ 58.597724][ T3317] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 58.599525][ T4407] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 58.612613][ T3317] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 58.643692][ T4407] netlink: 14 bytes leftover after parsing attributes in process `syz.1.331'. [ 58.664730][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.791486][ T4418] loop3: detected capacity change from 0 to 1024 [ 58.807419][ T4418] EXT4-fs: Ignoring removed nomblk_io_submit option [ 58.852305][ T4422] FAULT_INJECTION: forcing a failure. [ 58.852305][ T4422] name failslab, interval 1, probability 0, space 0, times 0 [ 58.864987][ T4422] CPU: 1 UID: 0 PID: 4422 Comm: syz.4.333 Not tainted syzkaller #0 PREEMPT(voluntary) [ 58.865027][ T4422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 58.865038][ T4422] Call Trace: [ 58.865045][ T4422] [ 58.865054][ T4422] __dump_stack+0x1d/0x30 [ 58.865159][ T4422] dump_stack_lvl+0xe8/0x140 [ 58.865183][ T4422] dump_stack+0x15/0x1b [ 58.865199][ T4422] should_fail_ex+0x265/0x280 [ 58.865287][ T4422] ? copy_cgroup_ns+0x162/0x380 [ 58.865312][ T4422] should_failslab+0x8c/0xb0 [ 58.865460][ T4422] __kmalloc_cache_noprof+0x4c/0x4a0 [ 58.865492][ T4422] copy_cgroup_ns+0x162/0x380 [ 58.865515][ T4422] create_new_namespaces+0x1c2/0x3d0 [ 58.865562][ T4422] unshare_nsproxy_namespaces+0xe8/0x120 [ 58.865627][ T4422] ksys_unshare+0x3d0/0x6d0 [ 58.865726][ T4422] __x64_sys_unshare+0x1f/0x30 [ 58.865759][ T4422] x64_sys_call+0x2915/0x3000 [ 58.865787][ T4422] do_syscall_64+0xd2/0x200 [ 58.865814][ T4422] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 58.865854][ T4422] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 58.866008][ T4422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.866090][ T4422] RIP: 0033:0x7fa1fe0ff6c9 [ 58.866106][ T4422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.866129][ T4422] RSP: 002b:00007fa1fcb25038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 58.866152][ T4422] RAX: ffffffffffffffda RBX: 00007fa1fe356180 RCX: 00007fa1fe0ff6c9 [ 58.866168][ T4422] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000042000000 [ 58.866180][ T4422] RBP: 00007fa1fcb25090 R08: 0000000000000000 R09: 0000000000000000 [ 58.866198][ T4422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 58.866213][ T4422] R13: 00007fa1fe356218 R14: 00007fa1fe356180 R15: 00007ffdddce5c88 [ 58.866237][ T4422] [ 59.167689][ T4418] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 59.219978][ T4418] netlink: 14 bytes leftover after parsing attributes in process `syz.3.334'. [ 59.294894][ T4425] netlink: 24 bytes leftover after parsing attributes in process `syz.2.336'. [ 59.408341][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.677560][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.732125][ T4462] loop3: detected capacity change from 0 to 1024 [ 59.749924][ T4463] xt_CT: You must specify a L4 protocol and not use inversions on it [ 59.758027][ T4462] EXT4-fs: Ignoring removed orlov option [ 59.758061][ T4462] EXT4-fs: Ignoring removed nomblk_io_submit option [ 59.777432][ T4462] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.862717][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.345256][ T4478] loop0: detected capacity change from 0 to 764 [ 60.399686][ T4478] rock: directory entry would overflow storage [ 60.405909][ T4478] rock: sig=0x4f50, size=4, remaining=3 [ 60.411491][ T4478] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 60.455678][ T4482] FAULT_INJECTION: forcing a failure. [ 60.455678][ T4482] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 60.468778][ T4482] CPU: 0 UID: 0 PID: 4482 Comm: syz.2.357 Not tainted syzkaller #0 PREEMPT(voluntary) [ 60.468808][ T4482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 60.468899][ T4482] Call Trace: [ 60.468907][ T4482] [ 60.468916][ T4482] __dump_stack+0x1d/0x30 [ 60.468943][ T4482] dump_stack_lvl+0xe8/0x140 [ 60.468968][ T4482] dump_stack+0x15/0x1b [ 60.468989][ T4482] should_fail_ex+0x265/0x280 [ 60.469088][ T4482] should_fail+0xb/0x20 [ 60.469103][ T4482] should_fail_usercopy+0x1a/0x20 [ 60.469137][ T4482] _copy_from_user+0x1c/0xb0 [ 60.469169][ T4482] __sys_bpf+0x183/0x7c0 [ 60.469221][ T4482] __x64_sys_bpf+0x41/0x50 [ 60.469260][ T4482] x64_sys_call+0x2aee/0x3000 [ 60.469288][ T4482] do_syscall_64+0xd2/0x200 [ 60.469316][ T4482] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 60.469376][ T4482] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 60.469457][ T4482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.469536][ T4482] RIP: 0033:0x7f709b68f6c9 [ 60.469555][ T4482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.469577][ T4482] RSP: 002b:00007f709a0ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 60.469600][ T4482] RAX: ffffffffffffffda RBX: 00007f709b8e5fa0 RCX: 00007f709b68f6c9 [ 60.469616][ T4482] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 60.469631][ T4482] RBP: 00007f709a0ef090 R08: 0000000000000000 R09: 0000000000000000 [ 60.469646][ T4482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.469657][ T4482] R13: 00007f709b8e6038 R14: 00007f709b8e5fa0 R15: 00007fff4aa830c8 [ 60.469757][ T4482] [ 60.672038][ T4485] loop0: detected capacity change from 0 to 1024 [ 60.687152][ T4489] Invalid logical block size (2045) [ 60.689293][ T4485] EXT4-fs: Ignoring removed nomblk_io_submit option [ 60.704428][ T4489] netlink: 'syz.4.360': attribute type 3 has an invalid length. [ 60.750616][ T4485] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 60.779441][ T4485] netlink: 14 bytes leftover after parsing attributes in process `syz.0.359'. [ 60.940219][ T3594] Bluetooth: hci1: Frame reassembly failed (-84) [ 61.398272][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.599075][ T4514] __nla_validate_parse: 1 callbacks suppressed [ 61.599102][ T4514] netlink: 4 bytes leftover after parsing attributes in process `syz.1.369'. [ 61.662896][ T4518] netlink: 4 bytes leftover after parsing attributes in process `syz.1.371'. [ 61.671901][ T4518] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 61.683364][ T4518] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 61.781112][ T4528] loop3: detected capacity change from 0 to 2048 [ 61.799054][ T4528] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 61.924113][ T3317] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 61.939176][ T3317] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 61.953607][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.309665][ T4537] netlink: 20 bytes leftover after parsing attributes in process `syz.0.378'. [ 62.586585][ T4539] ip6_vti0 speed is unknown, defaulting to 1000 [ 62.891479][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 62.897785][ T3648] Bluetooth: hci0: command 0x1003 tx timeout [ 62.969572][ T29] kauditd_printk_skb: 166 callbacks suppressed [ 62.969589][ T29] audit: type=1400 audit(1763430790.796:2476): avc: denied { create } for pid=4541 comm="syz.3.379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 62.975971][ T3648] Bluetooth: hci1: command 0x1003 tx timeout [ 63.002584][ T3649] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 63.025977][ T29] audit: type=1400 audit(1763430790.796:2477): avc: denied { setopt } for pid=4541 comm="syz.3.379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 63.074349][ T29] audit: type=1326 audit(1763430790.896:2478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4546 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 63.097787][ T29] audit: type=1326 audit(1763430790.896:2479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4546 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 63.122422][ T29] audit: type=1326 audit(1763430790.936:2480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4546 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 63.146573][ T29] audit: type=1326 audit(1763430790.936:2481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4546 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 63.170411][ T29] audit: type=1326 audit(1763430790.936:2482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4546 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f709b68df10 code=0x7ffc0000 [ 63.193850][ T29] audit: type=1326 audit(1763430790.936:2483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4546 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 63.215757][ T4550] loop1: detected capacity change from 0 to 764 [ 63.217419][ T29] audit: type=1326 audit(1763430790.936:2484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4546 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f709b690ef7 code=0x7ffc0000 [ 63.247125][ T29] audit: type=1326 audit(1763430790.936:2485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4546 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 63.300605][ T4550] rock: directory entry would overflow storage [ 63.306854][ T4550] rock: sig=0x4f50, size=4, remaining=3 [ 63.312523][ T4550] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 63.369630][ T4557] loop2: detected capacity change from 0 to 2048 [ 63.391783][ T4557] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 63.435762][ T4566] loop4: detected capacity change from 0 to 1024 [ 63.444804][ T4566] EXT4-fs: Ignoring removed nomblk_io_submit option [ 63.460947][ T4566] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 63.526763][ T3319] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 63.542180][ T3319] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 63.577388][ T3587] Bluetooth: hci0: Frame reassembly failed (-84) [ 64.017142][ T4585] siw: device registration error -23 [ 64.086246][ T4587] netlink: 4 bytes leftover after parsing attributes in process `syz.4.394'. [ 64.104538][ T4587] netlink: 4 bytes leftover after parsing attributes in process `syz.4.394'. [ 64.303728][ T4595] loop0: detected capacity change from 0 to 764 [ 64.321316][ T4595] rock: directory entry would overflow storage [ 64.327878][ T4595] rock: sig=0x4f50, size=4, remaining=3 [ 64.333648][ T4595] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 64.418135][ T4601] loop4: detected capacity change from 0 to 1024 [ 64.428762][ T4601] EXT4-fs: Ignoring removed nomblk_io_submit option [ 64.463106][ T4601] netlink: 14 bytes leftover after parsing attributes in process `syz.4.400'. [ 64.662122][ T4608] loop0: detected capacity change from 0 to 512 [ 64.677505][ T4608] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.401: bad orphan inode 11862016 [ 64.689002][ T4608] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 65.126853][ T4622] netlink: 4 bytes leftover after parsing attributes in process `syz.1.405'. [ 65.142004][ T4622] netlink: 4 bytes leftover after parsing attributes in process `syz.1.405'. [ 65.312657][ T4628] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 65.321066][ T4628] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 65.440308][ T4641] netlink: 8 bytes leftover after parsing attributes in process `syz.1.414'. [ 65.450862][ T4641] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 65.615600][ T3649] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 65.629150][ T4651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.417'. [ 65.745265][ T4655] FAULT_INJECTION: forcing a failure. [ 65.745265][ T4655] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 65.758687][ T4655] CPU: 0 UID: 0 PID: 4655 Comm: syz.2.418 Not tainted syzkaller #0 PREEMPT(voluntary) [ 65.758779][ T4655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 65.758796][ T4655] Call Trace: [ 65.758803][ T4655] [ 65.758810][ T4655] __dump_stack+0x1d/0x30 [ 65.758908][ T4655] dump_stack_lvl+0xe8/0x140 [ 65.758934][ T4655] dump_stack+0x15/0x1b [ 65.758955][ T4655] should_fail_ex+0x265/0x280 [ 65.758991][ T4655] should_fail+0xb/0x20 [ 65.759052][ T4655] should_fail_usercopy+0x1a/0x20 [ 65.759078][ T4655] _copy_to_user+0x20/0xa0 [ 65.759115][ T4655] simple_read_from_buffer+0xb5/0x130 [ 65.759142][ T4655] proc_fail_nth_read+0x10e/0x150 [ 65.759230][ T4655] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 65.759263][ T4655] vfs_read+0x1a8/0x770 [ 65.759292][ T4655] ? __rcu_read_unlock+0x4f/0x70 [ 65.759443][ T4655] ? __fget_files+0x184/0x1c0 [ 65.759473][ T4655] ? finish_task_switch+0xad/0x2b0 [ 65.759498][ T4655] ksys_read+0xda/0x1a0 [ 65.759523][ T4655] __x64_sys_read+0x40/0x50 [ 65.759606][ T4655] x64_sys_call+0x27c0/0x3000 [ 65.759674][ T4655] do_syscall_64+0xd2/0x200 [ 65.759700][ T4655] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 65.759729][ T4655] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 65.759813][ T4655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.759836][ T4655] RIP: 0033:0x7f709b68e0dc [ 65.759855][ T4655] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 65.759901][ T4655] RSP: 002b:00007f709a0ef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 65.759925][ T4655] RAX: ffffffffffffffda RBX: 00007f709b8e5fa0 RCX: 00007f709b68e0dc [ 65.759937][ T4655] RDX: 000000000000000f RSI: 00007f709a0ef0a0 RDI: 0000000000000006 [ 65.759948][ T4655] RBP: 00007f709a0ef090 R08: 0000000000000000 R09: 0000000000000000 [ 65.760005][ T4655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 65.760019][ T4655] R13: 00007f709b8e6038 R14: 00007f709b8e5fa0 R15: 00007fff4aa830c8 [ 65.760039][ T4655] [ 66.046783][ T4657] loop3: detected capacity change from 0 to 1024 [ 66.092532][ T4657] EXT4-fs: Ignoring removed nomblk_io_submit option [ 66.259260][ T4661] loop0: detected capacity change from 0 to 2048 [ 66.421516][ T4676] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 66.524129][ T4681] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.590248][ T4681] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.648418][ T3312] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 66.679723][ T4681] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.693014][ T3312] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 66.770646][ T4694] loop0: detected capacity change from 0 to 2048 [ 66.889487][ T4692] loop3: detected capacity change from 0 to 1024 [ 66.925357][ T4692] EXT4-fs: Ignoring removed nomblk_io_submit option [ 66.938860][ T4681] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.991515][ T4692] __nla_validate_parse: 5 callbacks suppressed [ 66.991534][ T4692] netlink: 14 bytes leftover after parsing attributes in process `syz.3.433'. [ 67.045989][ T3594] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.069334][ T3594] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.082880][ T4708] loop2: detected capacity change from 0 to 1024 [ 67.095941][ T3594] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.104625][ T4708] EXT4-fs: Ignoring removed orlov option [ 67.110329][ T4708] EXT4-fs: Ignoring removed nomblk_io_submit option [ 67.129282][ T3594] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.243748][ T4710] netlink: 8 bytes leftover after parsing attributes in process `syz.4.438'. [ 67.262387][ T4710] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 67.300367][ T4725] loop1: detected capacity change from 0 to 1024 [ 67.301655][ T4721] loop2: detected capacity change from 0 to 2048 [ 67.325965][ T4724] loop0: detected capacity change from 0 to 764 [ 67.358326][ T4725] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4193: comm syz.1.442: Allocating blocks 497-513 which overlap fs metadata [ 67.381063][ T4725] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117 [ 67.381183][ T4724] rock: directory entry would overflow storage [ 67.393517][ T4725] EXT4-fs (loop1): This should not happen!! Data will be lost [ 67.393517][ T4725] [ 67.399706][ T4724] rock: sig=0x4f50, size=4, remaining=3 [ 67.399734][ T4724] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 67.497375][ T4738] netlink: 4 bytes leftover after parsing attributes in process `syz.0.447'. [ 67.553281][ T3319] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 67.568837][ T3319] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 67.660354][ T4740] xt_CT: You must specify a L4 protocol and not use inversions on it [ 67.978750][ T29] kauditd_printk_skb: 142 callbacks suppressed [ 67.978766][ T29] audit: type=1326 audit(1763430795.806:2628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4760 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f7cf746f6c9 code=0x7ffc0000 [ 68.032542][ T4761] loop3: detected capacity change from 0 to 512 [ 68.057258][ T4761] EXT4-fs: Ignoring removed i_version option [ 68.063336][ T4761] EXT4-fs: Ignoring removed bh option [ 68.123530][ T4766] netlink: 4 bytes leftover after parsing attributes in process `syz.2.459'. [ 68.143034][ T29] audit: type=1326 audit(1763430795.836:2629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4760 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7cf746f703 code=0x7ffc0000 [ 68.166364][ T29] audit: type=1326 audit(1763430795.846:2630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4760 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7cf746e17f code=0x7ffc0000 [ 68.189711][ T29] audit: type=1326 audit(1763430795.856:2631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4763 comm="syz.2.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 68.213086][ T29] audit: type=1326 audit(1763430795.856:2632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4763 comm="syz.2.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 68.236566][ T29] audit: type=1326 audit(1763430795.856:2633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4763 comm="syz.2.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 68.260049][ T29] audit: type=1326 audit(1763430795.856:2634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4763 comm="syz.2.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 68.283442][ T29] audit: type=1326 audit(1763430795.856:2635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4760 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f7cf746f757 code=0x7ffc0000 [ 68.306865][ T29] audit: type=1326 audit(1763430795.856:2636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4760 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7cf746df10 code=0x7ffc0000 [ 68.330420][ T29] audit: type=1326 audit(1763430795.856:2637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4760 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7cf746f2cb code=0x7ffc0000 [ 68.376350][ T4766] netlink: 4 bytes leftover after parsing attributes in process `syz.2.459'. [ 68.733143][ T4761] ext4 filesystem being mounted at /79/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 69.194922][ T3317] EXT4-fs unmount: 21 callbacks suppressed [ 69.194939][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.427019][ T4799] Invalid logical block size (2045) [ 69.436632][ T4799] netlink: 'syz.1.465': attribute type 3 has an invalid length. [ 69.455765][ T4800] xt_CT: You must specify a L4 protocol and not use inversions on it [ 69.538975][ T4810] netlink: 4 bytes leftover after parsing attributes in process `syz.3.469'. [ 69.573770][ T4815] loop3: detected capacity change from 0 to 1024 [ 69.581480][ T4815] EXT4-fs: Ignoring removed nomblk_io_submit option [ 69.593622][ T4819] netlink: 20 bytes leftover after parsing attributes in process `syz.2.474'. [ 69.607407][ T4815] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 69.625358][ T4815] netlink: 14 bytes leftover after parsing attributes in process `syz.3.473'. [ 69.634702][ T4823] loop1: detected capacity change from 0 to 1024 [ 69.641534][ T4823] EXT4-fs: Ignoring removed nomblk_io_submit option [ 69.657169][ T4823] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 69.674873][ T4823] netlink: 14 bytes leftover after parsing attributes in process `syz.1.475'. [ 69.714902][ T4836] netlink: 20 bytes leftover after parsing attributes in process `syz.2.479'. [ 69.947248][ T4841] ip6_vti0 speed is unknown, defaulting to 1000 [ 70.412304][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.548019][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.590790][ T4847] loop1: detected capacity change from 0 to 764 [ 70.614636][ T4847] rock: directory entry would overflow storage [ 70.620896][ T4847] rock: sig=0x4f50, size=4, remaining=3 [ 70.626496][ T4847] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 70.642131][ T4850] xt_CT: You must specify a L4 protocol and not use inversions on it [ 70.723665][ T4852] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 71.019532][ T4876] loop0: detected capacity change from 0 to 2048 [ 71.127804][ T4877] ip6_vti0 speed is unknown, defaulting to 1000 [ 71.990783][ T4876] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.137902][ T4888] loop4: detected capacity change from 0 to 1024 [ 72.176529][ T4888] EXT4-fs: Ignoring removed orlov option [ 72.182341][ T4888] EXT4-fs: Ignoring removed nomblk_io_submit option [ 72.260119][ T4892] loop2: detected capacity change from 0 to 1024 [ 72.267485][ T4888] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.268183][ T4892] EXT4-fs: Ignoring removed nomblk_io_submit option [ 72.296059][ T3312] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 72.331510][ T4892] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.347114][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.356538][ T3312] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 72.386446][ T4892] __nla_validate_parse: 3 callbacks suppressed [ 72.386466][ T4892] netlink: 14 bytes leftover after parsing attributes in process `syz.2.498'. [ 72.402700][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.505677][ T4914] Invalid logical block size (2045) [ 72.512598][ T4914] netlink: 'syz.0.504': attribute type 3 has an invalid length. [ 72.568453][ T4920] loop0: detected capacity change from 0 to 1024 [ 72.575368][ T4920] EXT4-fs: Ignoring removed nomblk_io_submit option [ 72.597274][ T4920] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.615084][ T4920] netlink: 14 bytes leftover after parsing attributes in process `syz.0.507'. [ 72.895460][ T3648] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 72.895547][ T3649] Bluetooth: hci0: command 0x1003 tx timeout [ 73.100983][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.121427][ T29] kauditd_printk_skb: 4064 callbacks suppressed [ 73.121457][ T29] audit: type=1326 audit(1763430800.946:6700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4927 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 73.167146][ T29] audit: type=1326 audit(1763430800.986:6701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4927 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 73.190546][ T29] audit: type=1326 audit(1763430800.986:6702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4927 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 73.213973][ T29] audit: type=1326 audit(1763430800.986:6703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4927 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f709b68df10 code=0x7ffc0000 [ 73.237493][ T29] audit: type=1326 audit(1763430800.986:6704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4927 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f709b690ef7 code=0x7ffc0000 [ 73.251446][ T4931] loop2: detected capacity change from 0 to 2048 [ 73.260912][ T29] audit: type=1326 audit(1763430800.986:6705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4927 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 73.290660][ T29] audit: type=1326 audit(1763430800.986:6706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4927 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f709b690ef7 code=0x7ffc0000 [ 73.314079][ T29] audit: type=1326 audit(1763430800.986:6707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4927 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f709b68e32a code=0x7ffc0000 [ 73.337245][ T29] audit: type=1326 audit(1763430800.986:6708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4927 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 73.360587][ T29] audit: type=1326 audit(1763430800.986:6709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4927 comm="syz.2.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f709b68f6c9 code=0x7ffc0000 [ 73.388421][ T4931] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.404635][ T4935] netlink: 8 bytes leftover after parsing attributes in process `syz.4.510'. [ 73.436709][ T4935] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 73.508839][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.569306][ T4941] netlink: 4 bytes leftover after parsing attributes in process `syz.0.513'. [ 73.612153][ T3319] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 73.641189][ T4953] loop1: detected capacity change from 0 to 512 [ 73.665697][ T3319] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 73.689545][ T4953] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.767019][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.809613][ T4953] EXT4-fs error (device loop1): ext4_validate_block_bitmap:423: comm +}[@: bg 0: bad block bitmap checksum [ 73.854534][ T4953] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6667: Filesystem failed CRC [ 73.940283][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.139091][ T4972] FAULT_INJECTION: forcing a failure. [ 74.139091][ T4972] name failslab, interval 1, probability 0, space 0, times 0 [ 74.151899][ T4972] CPU: 0 UID: 0 PID: 4972 Comm: syz.1.521 Not tainted syzkaller #0 PREEMPT(voluntary) [ 74.151932][ T4972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 74.151947][ T4972] Call Trace: [ 74.151955][ T4972] [ 74.151962][ T4972] __dump_stack+0x1d/0x30 [ 74.151983][ T4972] dump_stack_lvl+0xe8/0x140 [ 74.152103][ T4972] dump_stack+0x15/0x1b [ 74.152125][ T4972] should_fail_ex+0x265/0x280 [ 74.152196][ T4972] should_failslab+0x8c/0xb0 [ 74.152222][ T4972] __kvmalloc_node_noprof+0x12e/0x670 [ 74.152253][ T4972] ? traverse+0xa2/0x3a0 [ 74.152344][ T4972] traverse+0xa2/0x3a0 [ 74.152363][ T4972] ? terminate_walk+0x27f/0x2a0 [ 74.152401][ T4972] seq_read_iter+0x85f/0x950 [ 74.152422][ T4972] ? _parse_integer_limit+0x170/0x190 [ 74.152541][ T4972] seq_read+0x270/0x2b0 [ 74.152561][ T4972] ? __pfx_seq_read+0x10/0x10 [ 74.152576][ T4972] proc_reg_read+0x128/0x1c0 [ 74.152595][ T4972] ? __pfx_proc_reg_read+0x10/0x10 [ 74.152613][ T4972] vfs_readv+0x3fb/0x690 [ 74.152728][ T4972] __x64_sys_preadv+0xfd/0x1c0 [ 74.152755][ T4972] x64_sys_call+0x282e/0x3000 [ 74.152781][ T4972] do_syscall_64+0xd2/0x200 [ 74.152817][ T4972] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 74.152994][ T4972] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 74.153042][ T4972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.153067][ T4972] RIP: 0033:0x7ff342fcf6c9 [ 74.153082][ T4972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.153106][ T4972] RSP: 002b:00007ff341a16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 74.153125][ T4972] RAX: ffffffffffffffda RBX: 00007ff343226090 RCX: 00007ff342fcf6c9 [ 74.153136][ T4972] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000007 [ 74.153150][ T4972] RBP: 00007ff341a16090 R08: 0000000000000000 R09: 0000000000000000 [ 74.153164][ T4972] R10: 0000000000000096 R11: 0000000000000246 R12: 0000000000000001 [ 74.153176][ T4972] R13: 00007ff343226128 R14: 00007ff343226090 R15: 00007ffcac24def8 [ 74.153198][ T4972] [ 74.372153][ T4973] usb usb1: check_ctrlrecip: process 4973 (syz.1.521) requesting ep 01 but needs 81 [ 74.375077][ T4971] ip6_vti0 speed is unknown, defaulting to 1000 [ 74.381617][ T4973] usb usb1: usbfs: process 4973 (syz.1.521) did not claim interface 0 before use [ 74.428657][ T4974] usb usb1: check_ctrlrecip: process 4974 (syz.4.522) requesting ep 01 but needs 81 [ 74.438179][ T4974] usb usb1: usbfs: process 4974 (syz.4.522) did not claim interface 0 before use [ 74.453178][ T4972] ip6_vti0 speed is unknown, defaulting to 1000 [ 74.521517][ T4976] netlink: 8 bytes leftover after parsing attributes in process `syz.3.523'. [ 74.533589][ T4976] syz2: rxe_newlink: already configured on ip6_vti0 [ 74.874464][ T4988] netlink: 4 bytes leftover after parsing attributes in process `syz.2.527'. [ 74.961955][ T4990] loop0: detected capacity change from 0 to 2048 [ 74.984506][ T4998] netlink: 12 bytes leftover after parsing attributes in process `syz.3.532'. [ 75.062028][ T4990] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.146212][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.181633][ T5018] loop4: detected capacity change from 0 to 1024 [ 75.205907][ T5018] EXT4-fs: Ignoring removed nomblk_io_submit option [ 75.228362][ T5023] xt_CT: You must specify a L4 protocol and not use inversions on it [ 75.248440][ T5018] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.271320][ T5025] loop0: detected capacity change from 0 to 1024 [ 75.274917][ T5018] netlink: 14 bytes leftover after parsing attributes in process `syz.4.539'. [ 75.278325][ T5025] EXT4-fs: Ignoring removed nomblk_io_submit option [ 75.474388][ T5032] netlink: 20 bytes leftover after parsing attributes in process `syz.2.543'. [ 75.643284][ T5025] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.662500][ T5025] netlink: 14 bytes leftover after parsing attributes in process `syz.0.542'. [ 76.147469][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.197817][ T5044] FAULT_INJECTION: forcing a failure. [ 76.197817][ T5044] name failslab, interval 1, probability 0, space 0, times 0 [ 76.210504][ T5044] CPU: 0 UID: 0 PID: 5044 Comm: syz.3.544 Not tainted syzkaller #0 PREEMPT(voluntary) [ 76.210595][ T5044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 76.210607][ T5044] Call Trace: [ 76.210613][ T5044] [ 76.210621][ T5044] __dump_stack+0x1d/0x30 [ 76.210722][ T5044] dump_stack_lvl+0xe8/0x140 [ 76.210741][ T5044] dump_stack+0x15/0x1b [ 76.210757][ T5044] should_fail_ex+0x265/0x280 [ 76.210795][ T5044] should_failslab+0x8c/0xb0 [ 76.210853][ T5044] kmem_cache_alloc_noprof+0x50/0x480 [ 76.210889][ T5044] ? skb_clone+0x151/0x1f0 [ 76.210915][ T5044] skb_clone+0x151/0x1f0 [ 76.210947][ T5044] __netlink_deliver_tap+0x2c9/0x500 [ 76.210976][ T5044] netlink_unicast+0x66b/0x690 [ 76.211006][ T5044] netlink_sendmsg+0x58b/0x6b0 [ 76.211081][ T5044] ? __pfx_netlink_sendmsg+0x10/0x10 [ 76.211100][ T5044] __sock_sendmsg+0x145/0x180 [ 76.211161][ T5044] ____sys_sendmsg+0x31e/0x4e0 [ 76.211184][ T5044] ___sys_sendmsg+0x17b/0x1d0 [ 76.211219][ T5044] __x64_sys_sendmsg+0xd4/0x160 [ 76.211245][ T5044] x64_sys_call+0x191e/0x3000 [ 76.211267][ T5044] do_syscall_64+0xd2/0x200 [ 76.211292][ T5044] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 76.211320][ T5044] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 76.211417][ T5044] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.211444][ T5044] RIP: 0033:0x7f7cf746f6c9 [ 76.211469][ T5044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.211491][ T5044] RSP: 002b:00007f7cf5ed7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.211637][ T5044] RAX: ffffffffffffffda RBX: 00007f7cf76c5fa0 RCX: 00007f7cf746f6c9 [ 76.211649][ T5044] RDX: 0000000000000000 RSI: 0000200000007940 RDI: 0000000000000003 [ 76.211661][ T5044] RBP: 00007f7cf5ed7090 R08: 0000000000000000 R09: 0000000000000000 [ 76.211672][ T5044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 76.211726][ T5044] R13: 00007f7cf76c6038 R14: 00007f7cf76c5fa0 R15: 00007fff75e405d8 [ 76.211750][ T5044] [ 76.474912][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.618757][ T5058] loop2: detected capacity change from 0 to 2048 [ 76.703145][ T5065] ip6_vti0 speed is unknown, defaulting to 1000 [ 76.710721][ T5058] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.176423][ T5071] ip6_vti0 speed is unknown, defaulting to 1000 [ 77.220120][ T5077] loop3: detected capacity change from 0 to 512 [ 77.248056][ T5077] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 77.291902][ T5077] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 77.375732][ T5077] EXT4-fs (loop3): 1 truncate cleaned up [ 77.470687][ T5077] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.491264][ T3319] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 77.508369][ T3319] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 77.508639][ T5085] loop4: detected capacity change from 0 to 512 [ 77.531419][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.560683][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.573698][ T5087] __nla_validate_parse: 9 callbacks suppressed [ 77.573713][ T5087] netlink: 8 bytes leftover after parsing attributes in process `syz.0.560'. [ 77.591075][ T5085] EXT4-fs (loop4): 1 orphan inode deleted [ 77.605805][ T3587] EXT4-fs error (device loop4): ext4_release_dquot:6981: comm kworker/u8:21: Failed to release dquot type 1 [ 77.622208][ T5085] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.640553][ T5093] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 77.654239][ T5091] loop2: detected capacity change from 0 to 1024 [ 77.684291][ T5091] EXT4-fs: Ignoring removed nomblk_io_submit option [ 77.693814][ T5085] ext4 filesystem being mounted at /97/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.716897][ T5096] netlink: 20 bytes leftover after parsing attributes in process `syz.3.562'. [ 77.827441][ T5091] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.861214][ T5091] netlink: 14 bytes leftover after parsing attributes in process `syz.2.559'. [ 77.902362][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.389680][ T29] kauditd_printk_skb: 191 callbacks suppressed [ 78.389698][ T29] audit: type=1326 audit(1763430806.216:6900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5114 comm="syz.0.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 78.453756][ T29] audit: type=1326 audit(1763430806.256:6901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5114 comm="syz.0.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 78.477146][ T29] audit: type=1326 audit(1763430806.256:6902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5114 comm="syz.0.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 78.500669][ T29] audit: type=1326 audit(1763430806.256:6903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5114 comm="syz.0.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 78.523992][ T29] audit: type=1326 audit(1763430806.256:6904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5114 comm="syz.0.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 78.547337][ T29] audit: type=1326 audit(1763430806.256:6905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5114 comm="syz.0.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 78.570758][ T29] audit: type=1326 audit(1763430806.256:6906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5114 comm="syz.0.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 78.594109][ T29] audit: type=1326 audit(1763430806.256:6907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5114 comm="syz.0.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 78.617431][ T29] audit: type=1326 audit(1763430806.256:6908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5114 comm="syz.0.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 78.640782][ T29] audit: type=1326 audit(1763430806.256:6909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5114 comm="syz.0.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 78.672092][ T5117] netlink: 20 bytes leftover after parsing attributes in process `syz.1.569'. [ 78.683868][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.699034][ T5115] loop0: detected capacity change from 0 to 2048 [ 78.734017][ T5119] FAULT_INJECTION: forcing a failure. [ 78.734017][ T5119] name failslab, interval 1, probability 0, space 0, times 0 [ 78.746839][ T5119] CPU: 1 UID: 0 PID: 5119 Comm: syz.3.571 Not tainted syzkaller #0 PREEMPT(voluntary) [ 78.746977][ T5119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 78.746994][ T5119] Call Trace: [ 78.747001][ T5119] [ 78.747010][ T5119] __dump_stack+0x1d/0x30 [ 78.747037][ T5119] dump_stack_lvl+0xe8/0x140 [ 78.747097][ T5119] dump_stack+0x15/0x1b [ 78.747119][ T5119] should_fail_ex+0x265/0x280 [ 78.747161][ T5119] should_failslab+0x8c/0xb0 [ 78.747188][ T5119] __kmalloc_cache_node_noprof+0x54/0x4a0 [ 78.747291][ T5119] ? __get_vm_area_node+0x106/0x1d0 [ 78.747392][ T5119] __get_vm_area_node+0x106/0x1d0 [ 78.747565][ T5119] __vmalloc_node_range_noprof+0x28c/0xed0 [ 78.747606][ T5119] ? bpf_prog_alloc_no_stats+0x47/0x3b0 [ 78.747647][ T5119] ? search_extable+0x53/0x80 [ 78.747669][ T5119] ? strncpy_from_kernel_nofault+0x78/0x130 [ 78.747746][ T5119] ? cred_has_capability+0x210/0x280 [ 78.747777][ T5119] ? bpf_prog_alloc_no_stats+0x47/0x3b0 [ 78.747830][ T5119] __vmalloc_noprof+0x83/0xc0 [ 78.747864][ T5119] ? bpf_prog_alloc_no_stats+0x47/0x3b0 [ 78.747964][ T5119] bpf_prog_alloc_no_stats+0x47/0x3b0 [ 78.748006][ T5119] ? bpf_prog_alloc+0x2a/0x150 [ 78.748048][ T5119] bpf_prog_alloc+0x3c/0x150 [ 78.748163][ T5119] bpf_prog_load+0x506/0x1100 [ 78.748279][ T5119] ? security_bpf+0x2b/0x90 [ 78.748417][ T5119] __sys_bpf+0x469/0x7c0 [ 78.748447][ T5119] __x64_sys_bpf+0x41/0x50 [ 78.748478][ T5119] x64_sys_call+0x2aee/0x3000 [ 78.748499][ T5119] do_syscall_64+0xd2/0x200 [ 78.748522][ T5119] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 78.748590][ T5119] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 78.748666][ T5119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.748746][ T5119] RIP: 0033:0x7f7cf746f6c9 [ 78.748765][ T5119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.748852][ T5119] RSP: 002b:00007f7cf5ed7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 78.748871][ T5119] RAX: ffffffffffffffda RBX: 00007f7cf76c5fa0 RCX: 00007f7cf746f6c9 [ 78.748883][ T5119] RDX: 000000000000006d RSI: 00002000000000c0 RDI: 0000000000000005 [ 78.748894][ T5119] RBP: 00007f7cf5ed7090 R08: 0000000000000000 R09: 0000000000000000 [ 78.748907][ T5119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 78.748922][ T5119] R13: 00007f7cf76c6038 R14: 00007f7cf76c5fa0 R15: 00007fff75e405d8 [ 78.748962][ T5119] [ 78.749003][ T5119] syz.3.571: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null) [ 78.837356][ T5115] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.841568][ T5119] ,cpuset=/,mems_allowed=0 [ 79.024277][ T5119] CPU: 1 UID: 0 PID: 5119 Comm: syz.3.571 Not tainted syzkaller #0 PREEMPT(voluntary) [ 79.024313][ T5119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 79.024344][ T5119] Call Trace: [ 79.024353][ T5119] [ 79.024363][ T5119] __dump_stack+0x1d/0x30 [ 79.024391][ T5119] dump_stack_lvl+0xe8/0x140 [ 79.024445][ T5119] dump_stack+0x15/0x1b [ 79.024468][ T5119] warn_alloc+0x12b/0x1a0 [ 79.024525][ T5119] __vmalloc_node_range_noprof+0x2b1/0xed0 [ 79.024567][ T5119] ? search_extable+0x53/0x80 [ 79.024598][ T5119] ? strncpy_from_kernel_nofault+0x78/0x130 [ 79.024742][ T5119] ? cred_has_capability+0x210/0x280 [ 79.024784][ T5119] ? bpf_prog_alloc_no_stats+0x47/0x3b0 [ 79.024846][ T5119] __vmalloc_noprof+0x83/0xc0 [ 79.024877][ T5119] ? bpf_prog_alloc_no_stats+0x47/0x3b0 [ 79.024924][ T5119] bpf_prog_alloc_no_stats+0x47/0x3b0 [ 79.024964][ T5119] ? bpf_prog_alloc+0x2a/0x150 [ 79.025083][ T5119] bpf_prog_alloc+0x3c/0x150 [ 79.025117][ T5119] bpf_prog_load+0x506/0x1100 [ 79.025199][ T5119] ? security_bpf+0x2b/0x90 [ 79.025294][ T5119] __sys_bpf+0x469/0x7c0 [ 79.025350][ T5119] __x64_sys_bpf+0x41/0x50 [ 79.025394][ T5119] x64_sys_call+0x2aee/0x3000 [ 79.025480][ T5119] do_syscall_64+0xd2/0x200 [ 79.025507][ T5119] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 79.025559][ T5119] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 79.025705][ T5119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.025733][ T5119] RIP: 0033:0x7f7cf746f6c9 [ 79.025768][ T5119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.025790][ T5119] RSP: 002b:00007f7cf5ed7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 79.025815][ T5119] RAX: ffffffffffffffda RBX: 00007f7cf76c5fa0 RCX: 00007f7cf746f6c9 [ 79.025895][ T5119] RDX: 000000000000006d RSI: 00002000000000c0 RDI: 0000000000000005 [ 79.025911][ T5119] RBP: 00007f7cf5ed7090 R08: 0000000000000000 R09: 0000000000000000 [ 79.025941][ T5119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 79.025957][ T5119] R13: 00007f7cf76c6038 R14: 00007f7cf76c5fa0 R15: 00007fff75e405d8 [ 79.026027][ T5119] [ 79.046516][ T5129] loop4: detected capacity change from 0 to 2048 [ 79.049125][ T5119] Mem-Info: [ 79.095738][ T3312] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 79.096755][ T5119] active_anon:22892 inactive_anon:0 isolated_anon:0 [ 79.096755][ T5119] active_file:18062 inactive_file:2310 isolated_file:0 [ 79.096755][ T5119] unevictable:0 dirty:518 writeback:0 [ 79.096755][ T5119] slab_reclaimable:3290 slab_unreclaimable:15793 [ 79.096755][ T5119] mapped:32346 shmem:18961 pagetables:1161 [ 79.096755][ T5119] sec_pagetables:0 bounce:0 [ 79.096755][ T5119] kernel_misc_reclaimable:0 [ 79.096755][ T5119] free:1827796 free_pcp:4862 free_cma:0 [ 79.101710][ T3312] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 79.107062][ T5119] Node 0 active_anon:91568kB inactive_anon:0kB active_file:72248kB inactive_file:9240kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:129384kB dirty:2072kB writeback:0kB shmem:75844kB kernel_stack:3632kB pagetables:4644kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 79.162702][ T5129] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.167135][ T5119] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 79.389561][ T5119] lowmem_reserve[]: 0 2881 7859 7859 [ 79.394905][ T5119] Node 0 DMA32 free:2946728kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2950256kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:0kB free_cma:0kB [ 79.426085][ T5119] lowmem_reserve[]: 0 0 4978 4978 [ 79.431214][ T5119] Node 0 Normal free:4340840kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:91568kB inactive_anon:0kB active_file:77584kB inactive_file:9240kB unevictable:0kB writepending:2072kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:18128kB local_pcp:6628kB free_cma:0kB [ 79.464397][ T5119] lowmem_reserve[]: 0 0 0 0 [ 79.468963][ T5119] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 79.476739][ T3311] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 79.481906][ T5119] Node 0 DMA32: 4*4kB (M) 3*8kB (M) 4*16kB (M) 2*32kB (M) 4*64kB (M) 2*128kB (M) 2*256kB (M) 3*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2946728kB [ 79.497101][ T3311] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 79.512683][ T5119] Node 0 Normal: 2*4kB (UM) 17*8kB (U) 115*16kB (UME) 191*32kB (UME) 209*64kB (UME) 154*128kB (UME) 107*256kB (UME) 32*512kB (UM) 14*1024kB (UM) 9*2048kB (UE) 1031*4096kB (UM) = 4340704kB [ 79.540252][ T5119] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 79.549651][ T5119] 39291 total pagecache pages [ 79.554385][ T5119] 0 pages in swap cache [ 79.558605][ T5119] Free swap = 124996kB [ 79.562872][ T5119] Total swap = 124996kB [ 79.567108][ T5119] 2097051 pages RAM [ 79.570919][ T5119] 0 pages HighMem/MovableOnly [ 79.575772][ T5119] 81087 pages reserved [ 79.581514][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.595098][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.631421][ T5144] netlink: 8 bytes leftover after parsing attributes in process `syz.0.574'. [ 79.729314][ T5146] ip6_vti0 speed is unknown, defaulting to 1000 [ 80.056216][ T5148] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 80.161843][ T5152] xt_CT: You must specify a L4 protocol and not use inversions on it [ 80.182807][ T5151] loop4: detected capacity change from 0 to 2048 [ 80.202877][ T5154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.580'. [ 80.266017][ T5151] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.378931][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.424319][ T5169] loop4: detected capacity change from 0 to 2048 [ 80.439111][ T5169] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.456038][ T5175] FAULT_INJECTION: forcing a failure. [ 80.456038][ T5175] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 80.469467][ T5175] CPU: 0 UID: 0 PID: 5175 Comm: syz.0.588 Not tainted syzkaller #0 PREEMPT(voluntary) [ 80.469496][ T5175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 80.469508][ T5175] Call Trace: [ 80.469514][ T5175] [ 80.469521][ T5175] __dump_stack+0x1d/0x30 [ 80.469607][ T5175] dump_stack_lvl+0xe8/0x140 [ 80.469689][ T5175] dump_stack+0x15/0x1b [ 80.469706][ T5175] should_fail_ex+0x265/0x280 [ 80.469799][ T5175] should_fail_alloc_page+0xf2/0x100 [ 80.469829][ T5175] __alloc_frozen_pages_noprof+0xff/0x360 [ 80.469942][ T5175] alloc_pages_mpol+0xb3/0x260 [ 80.469963][ T5175] alloc_pages_noprof+0x90/0x130 [ 80.470024][ T5175] __pud_alloc+0x47/0x470 [ 80.470048][ T5175] handle_mm_fault+0x1882/0x2be0 [ 80.470070][ T5175] ? __rcu_read_unlock+0x4f/0x70 [ 80.470124][ T5175] ? mt_find+0x21b/0x330 [ 80.470207][ T5175] do_user_addr_fault+0x3fe/0x1080 [ 80.470232][ T5175] exc_page_fault+0x62/0xa0 [ 80.470263][ T5175] asm_exc_page_fault+0x26/0x30 [ 80.470284][ T5175] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 80.470393][ T5175] Code: f9 01 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 0f f9 01 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 80.470411][ T5175] RSP: 0018:ffffc9001c79bc98 EFLAGS: 00050206 [ 80.470444][ T5175] RAX: ffff88810b016da0 RBX: ffff8881191ae000 RCX: 0000000000000800 [ 80.470457][ T5175] RDX: 0000000000000001 RSI: 0000200000000240 RDI: ffff8881191ae000 [ 80.470470][ T5175] RBP: 0000200000000240 R08: 0000000000000254 R09: 0000000000000000 [ 80.470544][ T5175] R10: 00018881191ae000 R11: 00018881191ae7ff R12: 0000200000000a40 [ 80.470617][ T5175] R13: ffffc9001c79be08 R14: 0000000000000800 R15: 00007ffffffff000 [ 80.470636][ T5175] _copy_from_iter+0x144/0xe80 [ 80.470661][ T5175] ? should_failslab+0x8c/0xb0 [ 80.470689][ T5175] ? __kvmalloc_node_noprof+0x3ce/0x670 [ 80.470780][ T5175] ? file_tty_write+0x1a3/0x690 [ 80.470804][ T5175] file_tty_write+0x322/0x690 [ 80.470834][ T5175] ? __pfx_tty_write+0x10/0x10 [ 80.470853][ T5175] tty_write+0x25/0x30 [ 80.470874][ T5175] vfs_write+0x52a/0x960 [ 80.470928][ T5175] ksys_write+0xda/0x1a0 [ 80.470991][ T5175] __x64_sys_write+0x40/0x50 [ 80.471067][ T5175] x64_sys_call+0x2802/0x3000 [ 80.471111][ T5175] do_syscall_64+0xd2/0x200 [ 80.471132][ T5175] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 80.471160][ T5175] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 80.471208][ T5175] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.471229][ T5175] RIP: 0033:0x7fbe76c4f6c9 [ 80.471243][ T5175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.471261][ T5175] RSP: 002b:00007fbe756b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 80.471354][ T5175] RAX: ffffffffffffffda RBX: 00007fbe76ea5fa0 RCX: 00007fbe76c4f6c9 [ 80.471367][ T5175] RDX: 00000000fffffecc RSI: 0000200000000240 RDI: 0000000000000003 [ 80.471379][ T5175] RBP: 00007fbe756b7090 R08: 0000000000000000 R09: 0000000000000000 [ 80.471390][ T5175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 80.471402][ T5175] R13: 00007fbe76ea6038 R14: 00007fbe76ea5fa0 R15: 00007ffc09239d18 [ 80.471421][ T5175] [ 80.828705][ T5183] netlink: 4 bytes leftover after parsing attributes in process `syz.0.590'. [ 80.871422][ T5185] loop0: detected capacity change from 0 to 1024 [ 80.890014][ T5185] EXT4-fs: Ignoring removed nomblk_io_submit option [ 80.928085][ T5185] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.942037][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.948090][ T5185] netlink: 14 bytes leftover after parsing attributes in process `syz.0.591'. [ 81.032313][ T5197] netlink: 20 bytes leftover after parsing attributes in process `syz.4.595'. [ 81.276168][ T5199] ip6_vti0 speed is unknown, defaulting to 1000 [ 81.704166][ T5206] loop1: detected capacity change from 0 to 2048 [ 81.727075][ T5206] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.748271][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.779356][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.926611][ T5217] Invalid logical block size (2045) [ 81.927749][ T5217] netlink: 'syz.0.602': attribute type 3 has an invalid length. [ 82.351187][ T5229] loop4: detected capacity change from 0 to 512 [ 82.372877][ T5226] ip6_vti0 speed is unknown, defaulting to 1000 [ 82.398800][ T5229] EXT4-fs error (device loop4): ext4_init_orphan_info:581: comm syz.4.606: inode #0: comm syz.4.606: iget: illegal inode # [ 82.398984][ T5229] EXT4-fs (loop4): get orphan inode failed [ 82.399059][ T5229] EXT4-fs (loop4): mount failed [ 82.486550][ T5229] netlink: 8 bytes leftover after parsing attributes in process `syz.4.606'. [ 82.515608][ T5236] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 82.515608][ T5236] program syz.2.609 not setting count and/or reply_len properly [ 82.611315][ T5239] netlink: 12 bytes leftover after parsing attributes in process `syz.2.610'. [ 82.692291][ T5243] loop0: detected capacity change from 0 to 2048 [ 82.727749][ T5245] netlink: 60 bytes leftover after parsing attributes in process `ÿ'. [ 82.738580][ T5245] IPVS: Unknown mcast interface: [ 82.751399][ T5245] loop2: detected capacity change from 0 to 512 [ 82.758513][ T5245] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 82.846858][ T5243] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.890337][ T5245] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 82.945907][ T5245] ext4 filesystem being mounted at /137/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.997598][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.019158][ T5245] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 98 vs 96 free clusters [ 83.058938][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 83.134319][ T5264] loop3: detected capacity change from 0 to 1024 [ 83.145775][ T5264] EXT4-fs: Ignoring removed nomblk_io_submit option [ 83.146000][ T5261] netlink: 'syz.2.616': attribute type 12 has an invalid length. [ 83.153728][ T5225] syz.4.606 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 83.174260][ T5225] CPU: 1 UID: 0 PID: 5225 Comm: syz.4.606 Not tainted syzkaller #0 PREEMPT(voluntary) [ 83.174324][ T5225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 83.174337][ T5225] Call Trace: [ 83.174345][ T5225] [ 83.174353][ T5225] __dump_stack+0x1d/0x30 [ 83.174384][ T5225] dump_stack_lvl+0xe8/0x140 [ 83.174413][ T5225] dump_stack+0x15/0x1b [ 83.174431][ T5225] dump_header+0x81/0x220 [ 83.174470][ T5225] oom_kill_process+0x342/0x400 [ 83.174556][ T5225] out_of_memory+0x979/0xb80 [ 83.174619][ T5225] try_charge_memcg+0x610/0xa10 [ 83.174665][ T5225] obj_cgroup_charge_pages+0xa6/0x150 [ 83.174698][ T5225] __memcg_kmem_charge_page+0x9f/0x170 [ 83.174727][ T5225] __alloc_frozen_pages_noprof+0x188/0x360 [ 83.174773][ T5225] alloc_pages_mpol+0xb3/0x260 [ 83.174798][ T5225] ? alloc_pages_noprof+0x61/0x130 [ 83.174864][ T5225] alloc_pages_noprof+0x90/0x130 [ 83.174893][ T5225] __vmalloc_node_range_noprof+0x7a5/0xed0 [ 83.174955][ T5225] __kvmalloc_node_noprof+0x483/0x670 [ 83.174997][ T5225] ? ip_set_alloc+0x24/0x30 [ 83.175090][ T5225] ? ip_set_alloc+0x24/0x30 [ 83.175284][ T5225] ? __kmalloc_cache_noprof+0x249/0x4a0 [ 83.175321][ T5225] ip_set_alloc+0x24/0x30 [ 83.175431][ T5225] hash_netiface_create+0x282/0x740 [ 83.175503][ T5225] ? __pfx_hash_netiface_create+0x10/0x10 [ 83.175546][ T5225] ip_set_create+0x3cc/0x970 [ 83.175580][ T5225] ? __nla_parse+0x40/0x60 [ 83.175608][ T5225] nfnetlink_rcv_msg+0x4c6/0x590 [ 83.175675][ T5225] netlink_rcv_skb+0x123/0x220 [ 83.175717][ T5225] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 83.175802][ T5225] nfnetlink_rcv+0x167/0x16c0 [ 83.175840][ T5225] ? kmem_cache_free+0xe4/0x3d0 [ 83.175880][ T5225] ? __kfree_skb+0x109/0x150 [ 83.175931][ T5225] ? nlmon_xmit+0x4f/0x60 [ 83.175969][ T5225] ? consume_skb+0x49/0x150 [ 83.176009][ T5225] ? nlmon_xmit+0x4f/0x60 [ 83.176033][ T5225] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 83.176105][ T5225] ? __dev_queue_xmit+0x1200/0x2000 [ 83.176128][ T5225] ? __dev_queue_xmit+0x182/0x2000 [ 83.176159][ T5225] ? ref_tracker_free+0x37d/0x3e0 [ 83.176264][ T5225] ? __netlink_deliver_tap+0x4dc/0x500 [ 83.176289][ T5225] netlink_unicast+0x5c0/0x690 [ 83.176325][ T5225] netlink_sendmsg+0x58b/0x6b0 [ 83.176431][ T5225] ? __pfx_netlink_sendmsg+0x10/0x10 [ 83.176534][ T5225] __sock_sendmsg+0x145/0x180 [ 83.176561][ T5225] ____sys_sendmsg+0x31e/0x4e0 [ 83.176584][ T5225] ___sys_sendmsg+0x17b/0x1d0 [ 83.176697][ T5225] __x64_sys_sendmsg+0xd4/0x160 [ 83.176746][ T5225] x64_sys_call+0x191e/0x3000 [ 83.176775][ T5225] do_syscall_64+0xd2/0x200 [ 83.176803][ T5225] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 83.176869][ T5225] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 83.176944][ T5225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.176971][ T5225] RIP: 0033:0x7fa1fe0ff6c9 [ 83.176990][ T5225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.177013][ T5225] RSP: 002b:00007fa1fcb67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.177074][ T5225] RAX: ffffffffffffffda RBX: 00007fa1fe355fa0 RCX: 00007fa1fe0ff6c9 [ 83.177087][ T5225] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000004 [ 83.177099][ T5225] RBP: 00007fa1fe181f91 R08: 0000000000000000 R09: 0000000000000000 [ 83.177111][ T5225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 83.177123][ T5225] R13: 00007fa1fe356038 R14: 00007fa1fe355fa0 R15: 00007ffdddce5c88 [ 83.177147][ T5225] [ 83.520761][ T5225] memory: usage 307200kB, limit 307200kB, failcnt 635 [ 83.527722][ T5225] memory+swap: usage 307424kB, limit 9007199254740988kB, failcnt 0 [ 83.529815][ T29] kauditd_printk_skb: 177 callbacks suppressed [ 83.529834][ T29] audit: type=1400 audit(1763430811.356:7087): avc: denied { mounton } for pid=5260 comm="syz.2.616" path="/proc/347/task/348/net" dev="proc" ino=12527 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 83.535711][ T5225] kmem: usage 307176kB, limit 9007199254740988kB, failcnt 0 [ 83.535727][ T5225] Memory cgroup stats for /syz4: [ 83.567898][ T5225] cache 0 [ 83.572644][ T29] audit: type=1400 audit(1763430811.356:7088): avc: denied { mount } for pid=5260 comm="syz.2.616" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 83.577598][ T5225] rss 0 [ 83.577606][ T5225] shmem 0 [ 83.577631][ T5225] mapped_file 0 [ 83.577638][ T5225] dirty 0 [ 83.577644][ T5225] writeback 0 [ 83.577650][ T5225] workingset_refault_anon 80 [ 83.577658][ T5225] workingset_refault_file 213 [ 83.627044][ T5225] swap 229376 [ 83.630337][ T5225] swapcached 0 [ 83.633716][ T5225] pgpgin 62106 [ 83.637134][ T5225] pgpgout 62100 [ 83.640604][ T5225] pgfault 67892 [ 83.644079][ T5225] pgmajfault 193 [ 83.647707][ T5225] inactive_anon 0 [ 83.651356][ T5225] active_anon 0 [ 83.654824][ T5225] inactive_file 0 [ 83.658490][ T5225] active_file 24576 [ 83.660052][ T5264] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.662338][ T5225] unevictable 0 [ 83.662350][ T5225] hierarchical_memory_limit 314572800 [ 83.683282][ T5225] hierarchical_memsw_limit 9223372036854771712 [ 83.689474][ T5225] total_cache 0 [ 83.692943][ T5225] total_rss 0 [ 83.696312][ T5225] total_shmem 0 [ 83.699872][ T5225] total_mapped_file 0 [ 83.701739][ T29] audit: type=1326 audit(1763430811.526:7089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5269 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff342fcf6c9 code=0x7ffc0000 [ 83.703976][ T5225] total_dirty 0 [ 83.703988][ T5225] total_writeback 0 [ 83.703999][ T5225] total_workingset_refault_anon 80 [ 83.736985][ T5264] netlink: 14 bytes leftover after parsing attributes in process `syz.3.617'. [ 83.739710][ T5225] total_workingset_refault_file 213 [ 83.739721][ T5225] total_swap 229376 [ 83.757603][ T5225] total_swapcached 0 [ 83.761595][ T5225] total_pgpgin 62106 [ 83.765572][ T5225] total_pgpgout 62100 [ 83.769591][ T5225] total_pgfault 67892 [ 83.773585][ T5225] total_pgmajfault 193 [ 83.777728][ T5225] total_inactive_anon 0 [ 83.778151][ T29] audit: type=1326 audit(1763430811.556:7090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5269 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7ff342fcf6c9 code=0x7ffc0000 [ 83.781902][ T5225] total_active_anon 0 [ 83.781913][ T5225] total_inactive_file 0 [ 83.781924][ T5225] total_active_file 24576 [ 83.781935][ T5225] total_unevictable 0 [ 83.805356][ T29] audit: type=1326 audit(1763430811.556:7091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5269 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff342fcf6c9 code=0x7ffc0000 [ 83.809306][ T5225] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 83.813472][ T29] audit: type=1326 audit(1763430811.556:7092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5269 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7ff342fcf6c9 code=0x7ffc0000 [ 83.817805][ T5225] ,cpuset=/ [ 83.821786][ T29] audit: type=1326 audit(1763430811.556:7093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5269 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff342fcf6c9 code=0x7ffc0000 [ 83.845063][ T5225] ,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.606,pid=5224,uid=0 [ 83.852009][ T29] audit: type=1326 audit(1763430811.556:7094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5269 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff342fcf6c9 code=0x7ffc0000 [ 83.852042][ T29] audit: type=1326 audit(1763430811.556:7095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5269 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff342fcf6c9 code=0x7ffc0000 [ 83.875366][ T5225] Memory cgroup out of memory: Killed process 5224 (syz.4.606) total-vm:100352kB, anon-rss:1268kB, file-rss:26804kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 83.878542][ T29] audit: type=1326 audit(1763430811.556:7096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5269 comm="syz.1.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7ff342fcf6c9 code=0x7ffc0000 [ 84.198257][ T5281] netlink: 4 bytes leftover after parsing attributes in process `syz.2.621'. [ 84.213566][ T5282] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 84.228221][ T5281] netlink: 4 bytes leftover after parsing attributes in process `syz.2.621'. [ 84.322452][ T5284] FAULT_INJECTION: forcing a failure. [ 84.322452][ T5284] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 84.335893][ T5284] CPU: 0 UID: 0 PID: 5284 Comm: syz.2.622 Not tainted syzkaller #0 PREEMPT(voluntary) [ 84.335955][ T5284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 84.335967][ T5284] Call Trace: [ 84.335974][ T5284] [ 84.335981][ T5284] __dump_stack+0x1d/0x30 [ 84.336078][ T5284] dump_stack_lvl+0xe8/0x140 [ 84.336104][ T5284] dump_stack+0x15/0x1b [ 84.336122][ T5284] should_fail_ex+0x265/0x280 [ 84.336218][ T5284] should_fail_alloc_page+0xf2/0x100 [ 84.336248][ T5284] __alloc_frozen_pages_noprof+0xff/0x360 [ 84.336303][ T5284] alloc_pages_mpol+0xb3/0x260 [ 84.336331][ T5284] alloc_pages_noprof+0x90/0x130 [ 84.336355][ T5284] __pud_alloc+0x47/0x470 [ 84.336383][ T5284] handle_mm_fault+0x1882/0x2be0 [ 84.336455][ T5284] ? __rcu_read_unlock+0x4f/0x70 [ 84.336547][ T5284] ? mt_find+0x21b/0x330 [ 84.336584][ T5284] do_user_addr_fault+0x3fe/0x1080 [ 84.336614][ T5284] exc_page_fault+0x62/0xa0 [ 84.336706][ T5284] asm_exc_page_fault+0x26/0x30 [ 84.336809][ T5284] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 84.336845][ T5284] Code: f9 01 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 0f f9 01 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 84.336869][ T5284] RSP: 0018:ffffc9001cdd7c98 EFLAGS: 00050206 [ 84.336956][ T5284] RAX: ffff888128f8aba0 RBX: ffff88810b0b8000 RCX: 0000000000000800 [ 84.336972][ T5284] RDX: 0000000000000001 RSI: 0000200000000240 RDI: ffff88810b0b8000 [ 84.336988][ T5284] RBP: 0000200000000240 R08: 0000000000000bc1 R09: 0000000000000000 [ 84.337003][ T5284] R10: 000188810b0b8000 R11: 000188810b0b87ff R12: 0000200000000a40 [ 84.337019][ T5284] R13: ffffc9001cdd7e08 R14: 0000000000000800 R15: 00007ffffffff000 [ 84.337038][ T5284] _copy_from_iter+0x144/0xe80 [ 84.337203][ T5284] ? should_failslab+0x8c/0xb0 [ 84.337235][ T5284] ? __kvmalloc_node_noprof+0x3ce/0x670 [ 84.337265][ T5284] ? file_tty_write+0x1a3/0x690 [ 84.337298][ T5284] file_tty_write+0x322/0x690 [ 84.337327][ T5284] ? __pfx_tty_write+0x10/0x10 [ 84.337351][ T5284] tty_write+0x25/0x30 [ 84.337376][ T5284] vfs_write+0x52a/0x960 [ 84.337407][ T5284] ksys_write+0xda/0x1a0 [ 84.337515][ T5284] __x64_sys_write+0x40/0x50 [ 84.337595][ T5284] x64_sys_call+0x2802/0x3000 [ 84.337684][ T5284] do_syscall_64+0xd2/0x200 [ 84.337710][ T5284] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 84.337743][ T5284] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 84.337855][ T5284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.337896][ T5284] RIP: 0033:0x7f709b68f6c9 [ 84.337914][ T5284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.337937][ T5284] RSP: 002b:00007f709a0ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 84.337981][ T5284] RAX: ffffffffffffffda RBX: 00007f709b8e5fa0 RCX: 00007f709b68f6c9 [ 84.337992][ T5284] RDX: 00000000fffffecc RSI: 0000200000000240 RDI: 0000000000000003 [ 84.338004][ T5284] RBP: 00007f709a0ef090 R08: 0000000000000000 R09: 0000000000000000 [ 84.338047][ T5284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 84.338061][ T5284] R13: 00007f709b8e6038 R14: 00007f709b8e5fa0 R15: 00007fff4aa830c8 [ 84.338078][ T5284] [ 84.739773][ T5290] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.790315][ T5295] netlink: 8 bytes leftover after parsing attributes in process `syz.2.625'. [ 84.821135][ T5296] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 84.837814][ T5296] infiniband syb2: RDMA CMA: cma_listen_on_dev, error -98 [ 84.847414][ T5290] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.869153][ T5295] netlink: 8 bytes leftover after parsing attributes in process `syz.2.625'. [ 84.889019][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.904186][ T5225] syz.4.606 (5225) used greatest stack depth: 7240 bytes left [ 84.914953][ T5290] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.016918][ T5290] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.081721][ T5307] loop4: detected capacity change from 0 to 2048 [ 85.089355][ T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.112106][ T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.140292][ T5311] loop3: detected capacity change from 0 to 1024 [ 85.150922][ T5307] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.164049][ T12] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.178403][ T5311] EXT4-fs: Ignoring removed nomblk_io_submit option [ 85.199190][ T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.218523][ T5311] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.258881][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.268940][ T5311] netlink: 14 bytes leftover after parsing attributes in process `syz.3.634'. [ 85.310028][ T5321] loop4: detected capacity change from 0 to 512 [ 85.327460][ T5321] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.340655][ T5321] ext4 filesystem being mounted at /112/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 85.354016][ T5321] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #2: comm syz.4.636: corrupted inode contents [ 85.366348][ T5321] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #2: comm syz.4.636: mark_inode_dirty error [ 85.378408][ T5321] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #2: comm syz.4.636: corrupted inode contents [ 85.390585][ T5321] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.636: mark_inode_dirty error [ 85.469077][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.496538][ T5328] loop4: detected capacity change from 0 to 764 [ 85.509013][ T5328] rock: directory entry would overflow storage [ 85.515424][ T5328] rock: sig=0x4f50, size=4, remaining=3 [ 85.521832][ T5328] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 85.607866][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 85.971200][ T5345] netlink: 4 bytes leftover after parsing attributes in process `syz.1.644'. [ 86.008014][ T5347] netlink: 20 bytes leftover after parsing attributes in process `syz.1.645'. [ 86.124209][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.141180][ T23] kernel write not supported for file /313/clear_refs (pid: 23 comm: kworker/1:0) [ 86.158452][ T5357] loop3: detected capacity change from 0 to 764 [ 86.168533][ T5357] rock: directory entry would overflow storage [ 86.174726][ T5357] rock: sig=0x4f50, size=4, remaining=3 [ 86.180594][ T5360] loop2: detected capacity change from 0 to 512 [ 86.187144][ T5357] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 86.188451][ T5360] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.253170][ T5363] ip6_vti0 speed is unknown, defaulting to 1000 [ 86.501363][ T5360] EXT4-fs error (device loop2): ext4_validate_block_bitmap:423: comm +}[@: bg 0: bad block bitmap checksum [ 86.541914][ T5360] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Filesystem failed CRC [ 86.638120][ T5367] loop3: detected capacity change from 0 to 512 [ 86.647322][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.664665][ T5369] FAULT_INJECTION: forcing a failure. [ 86.664665][ T5369] name failslab, interval 1, probability 0, space 0, times 0 [ 86.677456][ T5369] CPU: 1 UID: 0 PID: 5369 Comm: syz.2.653 Not tainted syzkaller #0 PREEMPT(voluntary) [ 86.677570][ T5369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 86.677590][ T5369] Call Trace: [ 86.677598][ T5369] [ 86.677606][ T5369] __dump_stack+0x1d/0x30 [ 86.677634][ T5369] dump_stack_lvl+0xe8/0x140 [ 86.677725][ T5369] dump_stack+0x15/0x1b [ 86.677745][ T5369] should_fail_ex+0x265/0x280 [ 86.677790][ T5369] should_failslab+0x8c/0xb0 [ 86.677868][ T5369] __kmalloc_noprof+0xa5/0x570 [ 86.677893][ T5369] ? memcg_list_lru_alloc+0x195/0x490 [ 86.677924][ T5369] memcg_list_lru_alloc+0x195/0x490 [ 86.677996][ T5369] __memcg_slab_post_alloc_hook+0x1a7/0x580 [ 86.678091][ T5369] kmem_cache_alloc_lru_noprof+0x2c1/0x490 [ 86.678162][ T5369] ? alloc_inode+0x9a/0x170 [ 86.678185][ T5369] alloc_inode+0x9a/0x170 [ 86.678226][ T5369] alloc_anon_inode+0x1e/0x170 [ 86.678249][ T5369] anon_inode_make_secure_inode+0x33/0xf0 [ 86.678270][ T5369] __se_sys_memfd_secret+0xcc/0x230 [ 86.678362][ T5369] __x64_sys_memfd_secret+0x1f/0x30 [ 86.678466][ T5369] x64_sys_call+0x2c85/0x3000 [ 86.678556][ T5369] do_syscall_64+0xd2/0x200 [ 86.678584][ T5369] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 86.678672][ T5369] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 86.678721][ T5369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.678740][ T5369] RIP: 0033:0x7f709b68f6c9 [ 86.678753][ T5369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.678769][ T5369] RSP: 002b:00007f709a0ef038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf [ 86.678837][ T5369] RAX: ffffffffffffffda RBX: 00007f709b8e5fa0 RCX: 00007f709b68f6c9 [ 86.678848][ T5369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 86.678858][ T5369] RBP: 00007f709a0ef090 R08: 0000000000000000 R09: 0000000000000000 [ 86.678894][ T5369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 86.678904][ T5369] R13: 00007f709b8e6038 R14: 00007f709b8e5fa0 R15: 00007fff4aa830c8 [ 86.678922][ T5369] [ 86.685202][ T5367] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.970813][ T5367] EXT4-fs error (device loop3): ext4_validate_block_bitmap:423: comm +}[@: bg 0: bad block bitmap checksum [ 86.971898][ T5381] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 86.983613][ T5367] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Filesystem failed CRC [ 87.074219][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.335455][ T5388] ip6_vti0 speed is unknown, defaulting to 1000 [ 87.864033][ T3649] Bluetooth: hci0: command 0x1003 tx timeout [ 87.874138][ T3648] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 88.011674][ T5393] loop3: detected capacity change from 0 to 1024 [ 88.039794][ T5394] loop0: detected capacity change from 0 to 2048 [ 88.046882][ T5396] loop4: detected capacity change from 0 to 764 [ 88.055913][ T5393] EXT4-fs: Ignoring removed nomblk_io_submit option [ 88.078650][ T5396] rock: directory entry would overflow storage [ 88.084903][ T5396] rock: sig=0x4f50, size=4, remaining=3 [ 88.090570][ T5396] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 88.119876][ T5394] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.137986][ T5393] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.147205][ T5401] __nla_validate_parse: 1 callbacks suppressed [ 88.147279][ T5401] netlink: 4 bytes leftover after parsing attributes in process `syz.1.665'. [ 88.182973][ T5393] netlink: 14 bytes leftover after parsing attributes in process `syz.3.660'. [ 88.364780][ T5417] netlink: 20 bytes leftover after parsing attributes in process `syz.1.670'. [ 88.533621][ T3312] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 88.644208][ T5423] ip6_vti0 speed is unknown, defaulting to 1000 [ 89.199543][ T3312] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 89.209194][ T5422] netlink: 8 bytes leftover after parsing attributes in process `syz.4.671'. [ 89.237420][ T5422] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 89.567032][ T29] kauditd_printk_skb: 172 callbacks suppressed [ 89.567074][ T29] audit: type=1326 audit(1763430817.396:7269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5421 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fe0ff6c9 code=0x7ffc0000 [ 89.667181][ T29] audit: type=1326 audit(1763430817.426:7270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5421 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa1fe0ff6c9 code=0x7ffc0000 [ 89.690567][ T29] audit: type=1326 audit(1763430817.426:7271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5421 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fe0ff6c9 code=0x7ffc0000 [ 89.713984][ T29] audit: type=1326 audit(1763430817.426:7272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5421 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fa1fe0ff6c9 code=0x7ffc0000 [ 89.737420][ T29] audit: type=1326 audit(1763430817.426:7273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5421 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fe0ff6c9 code=0x7ffc0000 [ 89.760752][ T29] audit: type=1326 audit(1763430817.426:7274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5421 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa1fe0ff6c9 code=0x7ffc0000 [ 89.783937][ T29] audit: type=1326 audit(1763430817.426:7275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5421 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fe0ff6c9 code=0x7ffc0000 [ 89.807292][ T29] audit: type=1326 audit(1763430817.426:7276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5421 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa1fe0ff6c9 code=0x7ffc0000 [ 89.830588][ T29] audit: type=1326 audit(1763430817.426:7277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5421 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fe0ff6c9 code=0x7ffc0000 [ 89.854023][ T29] audit: type=1326 audit(1763430817.426:7278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5421 comm="syz.4.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fa1fe0ff6c9 code=0x7ffc0000 [ 89.891563][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.987857][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.103906][ T5432] loop2: detected capacity change from 0 to 2048 [ 90.108144][ T5436] netlink: 4 bytes leftover after parsing attributes in process `syz.1.677'. [ 90.126649][ T5434] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.149322][ T5438] loop3: detected capacity change from 0 to 2048 [ 90.159256][ T5432] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 90.200046][ T5434] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.242757][ T5451] loop1: detected capacity change from 0 to 2048 [ 90.289292][ T5434] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.334413][ T5458] loop2: detected capacity change from 0 to 2048 [ 90.366758][ T3317] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 90.367494][ T5434] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.381614][ T3317] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 90.440392][ T5466] loop1: detected capacity change from 0 to 2048 [ 90.451226][ T5468] loop3: detected capacity change from 0 to 1024 [ 90.458534][ T5468] EXT4-fs: Ignoring removed nomblk_io_submit option [ 90.486067][ T3588] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.494968][ T3588] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.527506][ T3588] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.544666][ T5468] netlink: 14 bytes leftover after parsing attributes in process `syz.3.685'. [ 90.567797][ T3588] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.687100][ T3319] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 90.703682][ T3319] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 90.756785][ T5490] loop2: detected capacity change from 0 to 512 [ 90.765939][ T5492] Illegal XDP return value 4294967274 on prog (id 510) dev N/A, expect packet loss! [ 90.789333][ T5490] EXT4-fs error (device loop2): ext4_validate_block_bitmap:423: comm +}[@: bg 0: bad block bitmap checksum [ 90.801274][ T5490] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Filesystem failed CRC [ 90.807571][ T5492] netlink: 8 bytes leftover after parsing attributes in process `syz.4.694'. [ 90.847673][ T5498] loop2: detected capacity change from 0 to 764 [ 90.857737][ T5498] rock: directory entry would overflow storage [ 90.863991][ T5498] rock: sig=0x4f50, size=4, remaining=3 [ 90.869943][ T5498] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 91.370546][ T5506] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.417591][ T5506] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.467244][ T5506] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.518062][ T5506] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.595278][ T12] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.607546][ T3574] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.626507][ T5523] loop1: detected capacity change from 0 to 764 [ 91.628012][ T3588] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.641361][ T3588] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.654265][ T5523] rock: directory entry would overflow storage [ 91.660568][ T5523] rock: sig=0x4f50, size=4, remaining=3 [ 91.666253][ T5523] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 91.708848][ T5530] loop1: detected capacity change from 0 to 512 [ 91.716581][ T5529] netlink: 40 bytes leftover after parsing attributes in process `syz.4.710'. [ 91.770637][ T5530] EXT4-fs error (device loop1): ext4_validate_block_bitmap:423: comm +}[@: bg 0: bad block bitmap checksum [ 91.783163][ T5530] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6667: Filesystem failed CRC [ 91.849888][ T5544] loop4: detected capacity change from 0 to 512 [ 91.876064][ T5544] EXT4-fs error (device loop4): ext4_validate_block_bitmap:423: comm +}[@: bg 0: bad block bitmap checksum [ 91.888158][ T5544] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6667: Filesystem failed CRC [ 91.948317][ T5553] loop1: detected capacity change from 0 to 764 [ 91.969673][ T5553] rock: directory entry would overflow storage [ 91.976108][ T5553] rock: sig=0x4f50, size=4, remaining=3 [ 91.981750][ T5553] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 92.029862][ T5547] xt_CT: You must specify a L4 protocol and not use inversions on it [ 92.396084][ T5567] netlink: 8 bytes leftover after parsing attributes in process `syz.4.725'. [ 92.407013][ T5567] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 92.692365][ T5575] netlink: 20 bytes leftover after parsing attributes in process `syz.2.728'. [ 92.932342][ T5577] ip6_vti0 speed is unknown, defaulting to 1000 [ 93.406420][ T5580] loop1: detected capacity change from 0 to 512 [ 93.604472][ T5580] EXT4-fs error (device loop1): ext4_validate_block_bitmap:423: comm +}[@: bg 0: bad block bitmap checksum [ 93.632873][ T5580] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6667: Filesystem failed CRC [ 93.648808][ T5585] netlink: 8 bytes leftover after parsing attributes in process `syz.4.730'. [ 93.674174][ T5585] rdma_rxe: rxe_newlink: failed to add ip6_vti0 [ 93.708635][ T5587] netlink: 28 bytes leftover after parsing attributes in process `syz.0.732'. [ 93.775419][ T3649] Bluetooth: hci0: command 0x1003 tx timeout [ 93.792986][ T3648] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 93.796732][ T5593] netlink: 4 bytes leftover after parsing attributes in process `syz.4.735'. [ 93.819364][ T5595] netlink: 4 bytes leftover after parsing attributes in process `syz.0.736'. [ 93.917434][ T5601] loop0: detected capacity change from 0 to 2048 [ 93.938041][ T5608] loop2: detected capacity change from 0 to 764 [ 93.956030][ T5607] loop1: detected capacity change from 0 to 2048 [ 93.992931][ T5608] rock: directory entry would overflow storage [ 93.999439][ T5608] rock: sig=0x4f50, size=4, remaining=3 [ 94.005054][ T5608] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 94.091554][ T5621] loop2: detected capacity change from 0 to 512 [ 94.165026][ T5621] EXT4-fs error (device loop2): ext4_validate_block_bitmap:423: comm +}[@: bg 0: bad block bitmap checksum [ 94.186534][ T5621] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Filesystem failed CRC [ 94.246027][ T5626] netlink: 28 bytes leftover after parsing attributes in process `syz.2.745'. [ 94.289791][ T5628] loop2: detected capacity change from 0 to 2048 [ 94.301622][ T3312] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 94.326176][ T3312] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 94.338834][ T5633] FAULT_INJECTION: forcing a failure. [ 94.338834][ T5633] name failslab, interval 1, probability 0, space 0, times 0 [ 94.351532][ T5633] CPU: 0 UID: 0 PID: 5633 Comm: syz.3.748 Not tainted syzkaller #0 PREEMPT(voluntary) [ 94.351564][ T5633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 94.351637][ T5633] Call Trace: [ 94.351709][ T5633] [ 94.351718][ T5633] __dump_stack+0x1d/0x30 [ 94.351753][ T5633] dump_stack_lvl+0xe8/0x140 [ 94.351779][ T5633] dump_stack+0x15/0x1b [ 94.351801][ T5633] should_fail_ex+0x265/0x280 [ 94.351842][ T5633] should_failslab+0x8c/0xb0 [ 94.351973][ T5633] kmem_cache_alloc_noprof+0x50/0x480 [ 94.352007][ T5633] ? audit_log_start+0x342/0x720 [ 94.352107][ T5633] audit_log_start+0x342/0x720 [ 94.352132][ T5633] ? kstrtouint+0x76/0xc0 [ 94.352171][ T5633] audit_seccomp+0x48/0x100 [ 94.352244][ T5633] ? __seccomp_filter+0x82d/0x1250 [ 94.352277][ T5633] __seccomp_filter+0x83e/0x1250 [ 94.352310][ T5633] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 94.352407][ T5633] ? vfs_write+0x7e8/0x960 [ 94.352436][ T5633] ? __rcu_read_unlock+0x4f/0x70 [ 94.352466][ T5633] ? __fget_files+0x184/0x1c0 [ 94.352500][ T5633] __secure_computing+0x82/0x150 [ 94.352581][ T5633] syscall_trace_enter+0xcf/0x1e0 [ 94.352615][ T5633] do_syscall_64+0xac/0x200 [ 94.352648][ T5633] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 94.352753][ T5633] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 94.352792][ T5633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.352818][ T5633] RIP: 0033:0x7f7cf746f6c9 [ 94.352882][ T5633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.352904][ T5633] RSP: 002b:00007f7cf5ed7038 EFLAGS: 00000246 ORIG_RAX: 000000000000014d [ 94.352927][ T5633] RAX: ffffffffffffffda RBX: 00007f7cf76c5fa0 RCX: 00007f7cf746f6c9 [ 94.352942][ T5633] RDX: 0000000000000005 RSI: 0000000000000002 RDI: 00007f7cf8202000 [ 94.352956][ T5633] RBP: 00007f7cf5ed7090 R08: 0000200000000e40 R09: 0000000000000000 [ 94.352991][ T5633] R10: 0000200000000d80 R11: 0000000000000246 R12: 0000000000000001 [ 94.353006][ T5633] R13: 00007f7cf76c6038 R14: 00007f7cf76c5fa0 R15: 00007fff75e405d8 [ 94.353070][ T5633] [ 94.584938][ T5635] netlink: 4 bytes leftover after parsing attributes in process `syz.0.747'. [ 94.594780][ T3315] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 94.615613][ T3315] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 94.634074][ T29] kauditd_printk_skb: 285 callbacks suppressed [ 94.634128][ T29] audit: type=1326 audit(1763430822.456:7562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5636 comm="syz.0.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 94.663890][ T29] audit: type=1326 audit(1763430822.466:7563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5636 comm="syz.0.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 94.687433][ T29] audit: type=1326 audit(1763430822.466:7564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5636 comm="syz.0.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 94.710973][ T29] audit: type=1326 audit(1763430822.466:7565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5636 comm="syz.0.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 94.734658][ T29] audit: type=1326 audit(1763430822.466:7566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5636 comm="syz.0.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 94.758807][ T29] audit: type=1326 audit(1763430822.466:7567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5636 comm="syz.0.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 94.782526][ T29] audit: type=1326 audit(1763430822.466:7568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5636 comm="syz.0.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 94.805988][ T29] audit: type=1326 audit(1763430822.466:7569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5636 comm="syz.0.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 94.829412][ T29] audit: type=1326 audit(1763430822.466:7570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5636 comm="syz.0.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 94.852774][ T29] audit: type=1326 audit(1763430822.466:7571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5636 comm="syz.0.751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe76c4f6c9 code=0x7ffc0000 [ 94.872024][ T5643] netlink: 4 bytes leftover after parsing attributes in process `syz.2.750'. [ 94.923269][ T5637] netlink: 84 bytes leftover after parsing attributes in process `syz.0.751'. [ 94.984680][ T5651] netlink: 28 bytes leftover after parsing attributes in process `syz.3.756'. [ 95.017863][ T5659] FAULT_INJECTION: forcing a failure. [ 95.017863][ T5659] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 95.031231][ T5659] CPU: 1 UID: 0 PID: 5659 Comm: syz.2.760 Not tainted syzkaller #0 PREEMPT(voluntary) [ 95.031257][ T5659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 95.031272][ T5659] Call Trace: [ 95.031279][ T5659] [ 95.031286][ T5659] __dump_stack+0x1d/0x30 [ 95.031308][ T5659] dump_stack_lvl+0xe8/0x140 [ 95.031328][ T5659] dump_stack+0x15/0x1b [ 95.031408][ T5659] should_fail_ex+0x265/0x280 [ 95.031449][ T5659] should_fail_alloc_page+0xf2/0x100 [ 95.031488][ T5659] __alloc_frozen_pages_noprof+0xff/0x360 [ 95.031554][ T5659] alloc_pages_mpol+0xb3/0x260 [ 95.031580][ T5659] alloc_frozen_pages_noprof+0x90/0x110 [ 95.031607][ T5659] ___kmalloc_large_node+0x52/0x100 [ 95.031645][ T5659] ? path_openat+0x1bf8/0x2170 [ 95.031666][ T5659] __kmalloc_large_node_noprof+0x16/0xa0 [ 95.031760][ T5659] __kmalloc_noprof+0x348/0x570 [ 95.031847][ T5659] ? iovec_from_user+0x84/0x210 [ 95.031915][ T5659] iovec_from_user+0x84/0x210 [ 95.031940][ T5659] __import_iovec+0xf3/0x540 [ 95.032006][ T5659] ? kstrtouint_from_user+0x9f/0xf0 [ 95.032031][ T5659] import_iovec+0x61/0x80 [ 95.032141][ T5659] vfs_readv+0xf1/0x690 [ 95.032191][ T5659] __x64_sys_preadv+0xfd/0x1c0 [ 95.032242][ T5659] x64_sys_call+0x282e/0x3000 [ 95.032340][ T5659] do_syscall_64+0xd2/0x200 [ 95.032362][ T5659] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 95.032405][ T5659] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 95.032458][ T5659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.032482][ T5659] RIP: 0033:0x7f709b68f6c9 [ 95.032497][ T5659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.032514][ T5659] RSP: 002b:00007f709a0ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 95.032542][ T5659] RAX: ffffffffffffffda RBX: 00007f709b8e5fa0 RCX: 00007f709b68f6c9 [ 95.032557][ T5659] RDX: 00000000000003e8 RSI: 0000200000001300 RDI: 0000000000000003 [ 95.032572][ T5659] RBP: 00007f709a0ef090 R08: 0000000000000000 R09: 0000000000000000 [ 95.032587][ T5659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.032602][ T5659] R13: 00007f709b8e6038 R14: 00007f709b8e5fa0 R15: 00007fff4aa830c8 [ 95.032625][ T5659] [ 95.318299][ T5668] FAULT_INJECTION: forcing a failure. [ 95.318299][ T5668] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 95.331524][ T5668] CPU: 1 UID: 0 PID: 5668 Comm: syz.2.764 Not tainted syzkaller #0 PREEMPT(voluntary) [ 95.331588][ T5668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 95.331605][ T5668] Call Trace: [ 95.331613][ T5668] [ 95.331622][ T5668] __dump_stack+0x1d/0x30 [ 95.331647][ T5668] dump_stack_lvl+0xe8/0x140 [ 95.331671][ T5668] dump_stack+0x15/0x1b [ 95.331725][ T5668] should_fail_ex+0x265/0x280 [ 95.331767][ T5668] should_fail+0xb/0x20 [ 95.331845][ T5668] should_fail_usercopy+0x1a/0x20 [ 95.331871][ T5668] _copy_from_user+0x1c/0xb0 [ 95.331968][ T5668] ___sys_sendmsg+0xc1/0x1d0 [ 95.332010][ T5668] __sys_sendmmsg+0x178/0x300 [ 95.332048][ T5668] __x64_sys_sendmmsg+0x57/0x70 [ 95.332111][ T5668] x64_sys_call+0x1c4a/0x3000 [ 95.332141][ T5668] do_syscall_64+0xd2/0x200 [ 95.332163][ T5668] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 95.332227][ T5668] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 95.332270][ T5668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.332292][ T5668] RIP: 0033:0x7f709b68f6c9 [ 95.332307][ T5668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.332324][ T5668] RSP: 002b:00007f709a0ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 95.332381][ T5668] RAX: ffffffffffffffda RBX: 00007f709b8e5fa0 RCX: 00007f709b68f6c9 [ 95.332397][ T5668] RDX: 0000000000000003 RSI: 0000200000004540 RDI: 0000000000000005 [ 95.332412][ T5668] RBP: 00007f709a0ef090 R08: 0000000000000000 R09: 0000000000000000 [ 95.332427][ T5668] R10: 00000000240080e4 R11: 0000000000000246 R12: 0000000000000001 [ 95.332466][ T5668] R13: 00007f709b8e6038 R14: 00007f709b8e5fa0 R15: 00007fff4aa830c8 [ 95.332485][ T5668] [ 95.516511][ T5673] netlink: 4 bytes leftover after parsing attributes in process `syz.3.766'. [ 95.584586][ T5679] ip6_vti0 speed is unknown, defaulting to 1000 [ 95.644920][ T5688] loop1: detected capacity change from 0 to 1024 [ 95.652850][ T5688] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 95.813737][ T5699] Invalid logical block size (2045) [ 95.820159][ T5699] netlink: 'syz.1.776': attribute type 3 has an invalid length. [ 96.561003][ T5705] loop2: detected capacity change from 0 to 2048 [ 96.568082][ T5707] loop3: detected capacity change from 0 to 2048 [ 96.736180][ T5721] FAULT_INJECTION: forcing a failure. [ 96.736180][ T5721] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 96.749455][ T5721] CPU: 0 UID: 0 PID: 5721 Comm: syz.2.784 Not tainted syzkaller #0 PREEMPT(voluntary) [ 96.749485][ T5721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 96.749498][ T5721] Call Trace: [ 96.749504][ T5721] [ 96.749545][ T5721] __dump_stack+0x1d/0x30 [ 96.749573][ T5721] dump_stack_lvl+0xe8/0x140 [ 96.749598][ T5721] dump_stack+0x15/0x1b [ 96.749621][ T5721] should_fail_ex+0x265/0x280 [ 96.749700][ T5721] should_fail+0xb/0x20 [ 96.749720][ T5721] should_fail_usercopy+0x1a/0x20 [ 96.749747][ T5721] _copy_to_user+0x20/0xa0 [ 96.749780][ T5721] simple_read_from_buffer+0xb5/0x130 [ 96.749848][ T5721] proc_fail_nth_read+0x10e/0x150 [ 96.749890][ T5721] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 96.749970][ T5721] vfs_read+0x1a8/0x770 [ 96.750020][ T5721] ? __rcu_read_unlock+0x4f/0x70 [ 96.750047][ T5721] ? __fget_files+0x184/0x1c0 [ 96.750083][ T5721] ? selinux_task_setrlimit+0x138/0x150 [ 96.750194][ T5721] ksys_read+0xda/0x1a0 [ 96.750229][ T5721] __x64_sys_read+0x40/0x50 [ 96.750261][ T5721] x64_sys_call+0x27c0/0x3000 [ 96.750318][ T5721] do_syscall_64+0xd2/0x200 [ 96.750339][ T5721] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 96.750371][ T5721] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 96.750415][ T5721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.750475][ T5721] RIP: 0033:0x7f709b68e0dc [ 96.750490][ T5721] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 96.750554][ T5721] RSP: 002b:00007f709a0ef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 96.750578][ T5721] RAX: ffffffffffffffda RBX: 00007f709b8e5fa0 RCX: 00007f709b68e0dc [ 96.750593][ T5721] RDX: 000000000000000f RSI: 00007f709a0ef0a0 RDI: 0000000000000003 [ 96.750609][ T5721] RBP: 00007f709a0ef090 R08: 0000000000000000 R09: 0000000000000000 [ 96.750624][ T5721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 96.750638][ T5721] R13: 00007f709b8e6038 R14: 00007f709b8e5fa0 R15: 00007fff4aa830c8 [ 96.750774][ T5721] [ 97.043873][ T5729] ip6_vti0 speed is unknown, defaulting to 1000 [ 97.223919][ T3648] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 97.298298][ T3649] Bluetooth: hci1: sending frame failed (-49) [ 97.304741][ T3648] Bluetooth: hci1: Opcode 0x1003 failed: -49 [ 97.844040][ T5741] loop0: detected capacity change from 0 to 128 [ 98.091675][ T5742] ================================================================== [ 98.099820][ T5742] BUG: KCSAN: data-race in __mark_inode_dirty / __mark_inode_dirty [ 98.107795][ T5742] [ 98.110140][ T5742] write to 0xffff888119c18a28 of 4 bytes by task 5741 on cpu 1: [ 98.117793][ T5742] __mark_inode_dirty+0x248/0x750 [ 98.122863][ T5742] mark_buffer_dirty+0x133/0x210 [ 98.127831][ T5742] __block_write_begin_int+0x84b/0xf90 [ 98.133337][ T5742] cont_write_begin+0x5fc/0x970 [ 98.138234][ T5742] fat_write_begin+0x4f/0xe0 [ 98.142861][ T5742] generic_perform_write+0x184/0x490 [ 98.148183][ T5742] __generic_file_write_iter+0x9e/0x120 [ 98.153762][ T5742] generic_file_write_iter+0x8d/0x2f0 [ 98.159265][ T5742] iter_file_splice_write+0x666/0xa60 [ 98.164678][ T5742] direct_splice_actor+0x156/0x2a0 [ 98.169823][ T5742] splice_direct_to_actor+0x312/0x680 [ 98.175308][ T5742] do_splice_direct+0xda/0x150 [ 98.176567][ T5741] syz.0.790: attempt to access beyond end of device [ 98.176567][ T5741] loop0: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 98.180109][ T5742] do_sendfile+0x380/0x650 [ 98.193575][ T5741] Buffer I/O error on dev loop0, logical block 128, lost async page write [ 98.197914][ T5742] __x64_sys_sendfile64+0x105/0x150 [ 98.212043][ T5742] x64_sys_call+0x2bb4/0x3000 [ 98.216834][ T5742] do_syscall_64+0xd2/0x200 [ 98.221389][ T5742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.227310][ T5742] [ 98.229650][ T5742] read to 0xffff888119c18a28 of 4 bytes by task 5742 on cpu 0: [ 98.237201][ T5742] __mark_inode_dirty+0x55/0x750 [ 98.242169][ T5742] fat_update_time+0x1ec/0x200 [ 98.246967][ T5742] touch_atime+0x148/0x340 [ 98.251406][ T5742] filemap_splice_read+0x6ba/0x740 [ 98.256545][ T5742] splice_direct_to_actor+0x26f/0x680 [ 98.261939][ T5742] do_splice_direct+0xda/0x150 [ 98.266724][ T5742] do_sendfile+0x380/0x650 [ 98.271161][ T5742] __x64_sys_sendfile64+0x105/0x150 [ 98.276383][ T5742] x64_sys_call+0x2bb4/0x3000 [ 98.281096][ T5742] do_syscall_64+0xd2/0x200 [ 98.285611][ T5742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.291523][ T5742] [ 98.293864][ T5742] value changed: 0x00000010 -> 0x00000070 [ 98.299584][ T5742] [ 98.301907][ T5742] Reported by Kernel Concurrency Sanitizer on: [ 98.308092][ T5742] CPU: 0 UID: 0 PID: 5742 Comm: syz.0.790 Not tainted syzkaller #0 PREEMPT(voluntary) [ 98.317737][ T5742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 98.327811][ T5742] ================================================================== [ 98.337560][ T5745] loop2: detected capacity change from 0 to 2048 [ 98.346629][ T5742] syz.0.790: attempt to access beyond end of device [ 98.346629][ T5742] loop0: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 98.360119][ T5742] Buffer I/O error on dev loop0, logical block 128, lost async page write