last executing test programs: 1.882890717s ago: executing program 2 (id=2333): mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0) mmap$xdp(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000000, 0x13, 0xffffffffffffffff, 0x80000000) mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil) 1.842163647s ago: executing program 2 (id=2337): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x5c26, &(0x7f0000000240)={0x0, 0x0, 0x13290, 0x3}, &(0x7f0000000440)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_RENAMEAT={0x23, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000400)='./file0/../file0\x00'}) io_uring_enter(r2, 0x1, 0x0, 0x1, 0x0, 0x1000000) sendmsg$inet6(r0, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600000000b2"], 0x5b0}, 0x20008001) sendmsg$inet6(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000540)="376cd986b3ca5a60addf4bd643ae6e1941265eda7926884d6d4cc781a3b510578cd2000000000000eaab311510000000000000006503ef5510e4cf21bd348a4e32b9a738009784b2b3573bdb54a73e7257b1e9c17143f91c81d0a56517f3efdb6392dc3838f26eebeea878e98ce9cc07e304d253935d630e4d2c591ebfdccd92497456259f06173c182c05ac1d1941353fba84fe4f7829cbdc697c8424ca8aef7c179ddf7817af1ebc1cf0d6a9f3efea3d48e403f375", 0xb6}], 0x1}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r5, 0x0, 0xfffffef8) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$TOKEN_CREATE(0x24, &(0x7f00000002c0)={0x0, r6}, 0x8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000840)=ANY=[@ANYRESOCT, @ANYRESHEX, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058", @ANYBLOB="21422879a7c2354cb2d952d199487c3c578624fe65be945af31c3bef00bcbb6168ec6726b7909b5b6d34279312d5a57ea50af1ebb7b2b9801e6ada22e55c386574203ddb0b3d6d3d652da77ba58ee747fd9bf4717f7d16e4ba1f649b9767cd9357df7136826d40980b257b840eabd5e7bcab8fae57e9cf9816a2f67726f242ddedf0b2eeb245d1c99251e692fb697b059e4f20a14d7a8ef4fcac830043c71ba4855ff3e52f24100cecb836"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r7, &(0x7f00000000c0), 0xfffffff4) 1.669964896s ago: executing program 3 (id=2340): munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018000000000000000c000000f7447bdba6d388"], &(0x7f0000001f80)=""/212, 0x26, 0xd4, 0xa, 0x0, 0x0, @void, @value}, 0x28) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000004000000410000000000000001000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0340003401000000e9000000000020"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) symlinkat(&(0x7f00000001c0)='./control\x00', 0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00') sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0x14, 0x5, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x2}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc1}, 0x20044000) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000001340)=ANY=[@ANYBLOB="1800000000000000000000181100004598e4a0ff964b5b784fd3c01ad6fa3001cc64a534a3acf230c9e50fc65f80f1194fe8f7a43f5beafccfe8b2cffa2cc3993949bbadc2662966ae6d0f260793ce7ab8fdac699698fbc56eb7dc37279e777d9249c481df556eaef0b5295111d425baa174b3e53ff4a290986b8acc6e6bd3ae048d0000000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'hsr0\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r4, 0x1, 0x6}, 0x10) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000300)={'ip6gre0\x00', r4, 0x29, 0x7, 0x6, 0x7f, 0x16, @mcast1, @private0, 0x80, 0x7, 0x8, 0x5}}) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r6, 0x0, r7, 0x0, 0xf3a, 0x6) close_range(r0, 0xffffffffffffffff, 0x0) 1.636790856s ago: executing program 2 (id=2343): socketpair(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_sctp(0x2, 0x1, 0x84) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000200)=[@in={0x2, 0x0, @private=0xa010101}]}, 0x0) r4 = dup2(r3, r2) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f00000003c0)={0x0, @in={{0x2, 0x0, @private=0xa010101}}}, &(0x7f0000000340)=0x90) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYRES16=r1], &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000005c0)=[{0x200000000006, 0xde, 0x0, 0x7ffc1ffb}]}) clock_adjtime(0x4, 0x0) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r0}, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='kmem_cache_free\x00'}, 0x10) r5 = socket$inet_tcp(0x2, 0x1, 0x0) r6 = socket(0x1e, 0x4, 0x0) r7 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r6, 0x0, 0x0, 0x9200000000000000) close_range(r5, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) timer_create(0x1, &(0x7f00000001c0)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000380)=0x0) clock_gettime(0x0, &(0x7f0000000480)={0x0, 0x0}) timer_settime(r8, 0x0, &(0x7f00000004c0)={{0x0, 0x989680}, {r9, r10+60000000}}, 0x0) 1.302590135s ago: executing program 2 (id=2348): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c}}, 0x0) recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1004}], 0x1}}], 0x8, 0x34000, 0x0) 1.287562295s ago: executing program 4 (id=2349): socketpair(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_sctp(0x2, 0x1, 0x84) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000200)=[@in={0x2, 0x0, @private=0xa010101}]}, 0x0) r4 = dup2(r3, r2) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f00000003c0)={0x0, @in={{0x2, 0x0, @private=0xa010101}}}, &(0x7f0000000340)=0x90) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080)) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYRES16=r1], &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r5}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000005c0)=[{0x200000000006, 0xde, 0x0, 0x7ffc1ffb}]}) clock_adjtime(0x4, 0x0) r6 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r0}, 0x8) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000030000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000100000085000000820000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='kmem_cache_free\x00', r7}, 0x10) r8 = socket$inet_tcp(0x2, 0x1, 0x0) r9 = socket(0x1e, 0x4, 0x0) r10 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r10, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r9, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r9, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) close_range(r8, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) timer_create(0x1, &(0x7f00000001c0)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000380)=0x0) clock_gettime(0x0, &(0x7f0000000480)={0x0, 0x0}) timer_settime(r11, 0x0, &(0x7f00000004c0)={{0x0, 0x989680}, {r12, r13+60000000}}, 0x0) 1.202528205s ago: executing program 0 (id=2352): perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x4800000000003}, 0x5002, 0x5dd8, 0x3, 0x5, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x88002, 0x0) pwritev(r0, &(0x7f00000000c0)=[{0x0}], 0x1, 0x0, 0x0) 1.194957754s ago: executing program 0 (id=2355): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x200, 0x8) r2 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0) sendfile(r2, r1, 0x0, 0x6) 1.174802864s ago: executing program 4 (id=2356): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x2, 0x1, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_x_sa2={0x2, 0x13, 0x3}]}, 0x70}}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000590000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, 0x0, &(0x7f00000002c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x18, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0xffffffff, 0x0, 0x0, @void, @value, @void, @value}, 0x48) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000480)={{{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0xfffffffffffffffc, 0x0, 0x0, 0x1000000000}, 0x0, 0x0, 0x1}, {{@in=@private, 0x0, 0x6c}, 0xa, @in6=@remote, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffff, 0x1001}}, 0xe8) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xf}}, 0x1c) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000280)={0x7}, 0x8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000480)=""/199, 0x1a, 0xc7, 0x1, 0x4, 0x0, @void, @value}, 0x28) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000600)={0x0, 0x8, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000000140001006970766c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e300000000000000000000000140001006772653000000000000000000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014000100626f6e64300000000000000000000000140001006970766c616e31"], 0x4b0}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000700)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000840)={0x150, 0x0, 0x1, 0x201, 0x0, 0x0, {0x1, 0x0, 0x7}, [@CTA_NAT_SRC={0x28, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @local}, @CTA_NAT_V4_MINIP={0x8, 0x1, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private2}]}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x1004}, @CTA_TUPLE_REPLY={0x4}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_PROTOINFO={0x20, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0x1c, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_STATE={0x5, 0x1, 0xb}, @CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0x7}, @CTA_PROTOINFO_DCCP_STATE={0x5, 0x1, 0x3}]}}, @CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x6}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x1}]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x1}, @CTA_NAT_SRC={0xbc, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @loopback}, @CTA_NAT_V4_MINIP={0x8, 0x1, @local}, @CTA_NAT_PROTO={0x1c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}]}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}, @CTA_NAT_PROTO={0x54, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}]}, @CTA_NAT_V6_MINIP={0x14, 0x4, @loopback}, @CTA_NAT_V4_MINIP={0x8, 0x1, @loopback}, @CTA_NAT_V4_MINIP={0x8, 0x1, @local}]}]}, 0x150}, 0x1, 0x0, 0x0, 0x4000000}, 0x400c884) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000580)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) getcwd(&(0x7f0000000600)=""/244, 0xf4) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x0) 1.161033194s ago: executing program 0 (id=2358): ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_LEAVE_IBSS(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r1, 0x4, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void}}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4008800) gettid() listen(0xffffffffffffffff, 0x3) r2 = bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000180), &(0x7f0000000240)=r2}, 0x20) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000002c0)={r2, 0x5, 0x5, 0x6}) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r3, 0xc0a85320, &(0x7f0000000300)={{0x3, 0x8}, 'port0\x00', 0x68, 0x0, 0x8, 0x9, 0x1, 0x9, 0xfffffff9, 0x0, 0x4, 0x4}) sendmsg$NL80211_CMD_STOP_NAN(r3, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, r1, 0x100, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @void}}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x18}, 0x880) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f00000004c0)={{0x80, 0xd0}, 'port1\x00', 0x30, 0x50080, 0x6, 0x567, 0x36, 0x6, 0x8, 0x0, 0x1, 0x3}) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r3, 0xc0a85320, &(0x7f0000000580)={{0x5b, 0xd}, 'port1\x00', 0x80, 0x18, 0x3, 0x7f, 0x800, 0x5, 0x2, 0x0, 0x1, 0x7}) rt_sigprocmask(0x2, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xb, 0x4000010, r2, 0xc9f90000) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000680)={{0xd}, 'port0\x00', 0x6, 0x1002, 0x0, 0x1, 0x0, 0x2, 0xd60, 0x0, 0x2, 0x2}) r4 = socket(0x0, 0x5, 0x10001) epoll_pwait(r0, &(0x7f0000000740)=[{}, {}, {}, {}, {}], 0x5, 0x8, &(0x7f0000000780)={[0x200]}, 0x8) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) chmod(&(0x7f00000007c0)='./file0\x00', 0xc2) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000800), 0x44080) setsockopt$CAN_RAW_FILTER(r4, 0x65, 0x1, &(0x7f0000000840)=[{{0x3, 0x1, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x8) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000880)={0x5, 0x0, {0x2, 0x2, 0x3, 0x1, 0x2}, 0x7fff}) sendfile(r3, r3, &(0x7f0000000900)=0x7, 0x1000) getpeername$packet(r3, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000980)=0x14) r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000b00)={&(0x7f00000009c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0xb, [@decl_tag={0x5, 0x0, 0x0, 0x11, 0x2, 0xffffffffffffffff}]}, {0x0, [0x61, 0x30, 0x0, 0x0, 0x71, 0x2e, 0x0, 0x0, 0x0]}}, &(0x7f0000000a00)=""/235, 0x33, 0xeb, 0x1, 0x9, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=@bloom_filter={0x1e, 0x1, 0x8, 0x8, 0x200, r3, 0x1, '\x00', r6, r7, 0x1, 0x5, 0x4, 0x6, @void, @value, @void, @value}, 0x50) ioctl$sock_SIOCSIFBR(r5, 0x8941, &(0x7f0000000c00)=@add_del={0x2, &(0x7f0000000bc0)='geneve1\x00'}) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) flock(r7, 0x4) 1.120214024s ago: executing program 0 (id=2359): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x4808, &(0x7f0000000100)={[{@init_itable}]}, 0x1, 0x512, &(0x7f0000000a00)="$eJzs3U9sI1cZAPBvZpO1N01JCj0AKnQphQVVayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHolJPcOLMAYkDUk/ckTjAjUs5IBVYgRokDkYe27vOH8dmN7bZ+PeTRn4zzzPfezua96Ivm3kBTK2bEXEUEdcj4t2IWOgcTzpbvNneWt/79MG9teMH99aSaDbf+XuS1beORc85Lc90rpmPiO+/FfHD5FTQP0TUDw63VyuV8l7nULFR3S3WDw5vb1VXN8ub5Z1SaWV5Zen1O6+VLq2vL1Z/9cmNiPjtb7708e+PvvnjVrPmO3W9/bhM7a7PPozTMhMR3x1FsAm41unP9cc5+bFO4jKlEfHZiHgpe/4X4lp2N086eZu+NcbWAQCj0GwuRHOhdx8AuOrSLAeWpIVOLmA+0rRQaOfwno+5tFKrN17ZqO3vrLdzZYsxm25sVcpLnVzhYswmG1sz5eWs3N2vlEun9u9ExHMR8dPcjWy/sFarrE/yBx8AmGLPnJr//5Vrz/8AwBWXf1TMTbIdAMD45CfdAABg7Mz/ADB9zP8AMH3M/wAwfcz/ADB9zP8AMFW+9/bbra153Hn/9fp7B/vbtfdur5fr24Xq/lphrba3W9is1Tazd/ZUB12vUqvtLr8a++8XG+V6o1g/OLxbre3vNO5m7/W+W54dS68AgIs89+JHf0oi4uiNG9kWPe/7HzhXvzDq1gGjlE66AcDEXJt0A4CJObvaFzAt/od8/I1RtgOYnJ4leu/3HM6fKZz2wVCXT60bCv9/bn3hCfL/wFNN/h+m1+Pl//0sD1eB/D9Mr2YzseY/AEwZOX4gGVDf+/v/pWbPzqnf//v/xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEyT+WxL0kJnLfD5SNNCIeLZiFiM2WRjq1JeiojPRMQfc7O51v5yRFg3CACeZulfk876X7cWXp4/XXs99+9c9hkRP/rwnZ+9v9po7C1HXE/+8fB444PO8dIk2g8ADNKdp7vzeNenD+6tdbdxtueTb7cXF23FPe5s7ZqZmMk+81muYe6fSWe/LbmktUaP7kfE58/rf5LlRhY7K5+ejt+K/exY46cn4qdZXfuz9W/xuUtoC0ybj1rjz5vnPX9p3Mw+z3/+89kI9eS649/xmfEvfTj+Xesz/t0cNsarv/vOmYPNhXbd/YgvzkQcdy/eM/504yd94r88ZPw/v/Dll/rVNX8ecSvO639yIlaxUd0t1g8Ob29VVzfLm+WdUmlleWXp9TuvlYpZjrrYzVSf9bc3kr7LW7f6P9cnfn5A/782ZP9/8Z93f/CVC+J/46vn3//nL4jfmhO/PmT81blf5/vVteKv9+n/oPv/ypDxP/7L4fqQXwUAxqB+cLi9WqmU9wYWZof4zgWF9MlOH7qQRByNOMSjQu6XP3lrXLFGWIjxBv0wIibdZYVBhUmPTMCoPXroJ90SAAAAAAAAAAAAAACgn3H8OdGk+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDV9d8AAAD///VM0sE=") r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000140)={0x371, 0x4, 0x7}) r2 = socket(0x10, 0x3, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000300)={'wpan1\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_KEY(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="010d0000", @ANYRES16=r6, @ANYBLOB="010000000000000000001800000008000300", @ANYRES32=r5, @ANYBLOB], 0x1c}}, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000e00), &(0x7f0000cab000)=0xfffffffffffffdd5) r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10) r8 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) fsopen(&(0x7f00000000c0)='ntfs3\x00', 0x1) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r9}, 0x4) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r9, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r10}, 0x10) syz_usb_disconnect(r8) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0) ioctl$EVIOCGBITSW(r8, 0x40095505, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) r11 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r11, 0x8914, &(0x7f0000000280)={'geneve0\x00'}) 1.095599924s ago: executing program 4 (id=2360): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000100"], 0x48) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000003d80)=[{{0xfffffffffffffffe, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/126, 0x7e}, 0xf1e1}], 0x1, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x7f, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0xd4) dup2(r2, r2) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@newlink={0x54, 0x10, 0x403, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20101}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x2}, @IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x54}, 0x1, 0xba01}, 0x810) 825.805243ms ago: executing program 3 (id=2367): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x0) 798.979473ms ago: executing program 3 (id=2369): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x5c26, &(0x7f0000000240)={0x0, 0x0, 0x13290, 0x3}, &(0x7f0000000440)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_RENAMEAT={0x23, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000400)='./file0/../file0\x00'}) io_uring_enter(r2, 0x1, 0x0, 0x1, 0x0, 0x1000000) sendmsg$inet6(r0, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600000000b2"], 0x5b0}, 0x20008001) sendmsg$inet6(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000540)="376cd986b3ca5a60addf4bd643ae6e1941265eda7926884d6d4cc781a3b510578cd2000000000000eaab311510000000000000006503ef5510e4cf21bd348a4e32b9a738009784b2b3573bdb54a73e7257b1e9c17143f91c81d0a56517f3efdb6392dc3838f26eebeea878e98ce9cc07e304d253935d630e4d2c591ebfdccd92497456259f06173c182c05ac1d1941353fba84fe4f7829cbdc697c8424ca8aef7c179ddf7817af1ebc1cf0d6a9f3efea3d48e403f375", 0xb6}], 0x1}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r5, 0x0, 0xfffffef8) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$TOKEN_CREATE(0x24, &(0x7f00000002c0)={0x0, r6}, 0x8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000840)=ANY=[@ANYRESOCT, @ANYRESHEX, @ANYBLOB="21422879a7c2354cb2d952d199487c3c578624fe65be945af31c3bef00bcbb6168ec6726b7909b5b6d34279312d5a57ea50af1ebb7b2b9801e6ada22e55c386574203ddb0b3d6d3d652da77ba58ee747fd9bf4717f7d16e4ba1f649b9767cd9357df7136826d40980b257b840eabd5e7bcab8fae57e9cf9816a2f67726f242ddedf0b2eeb245d1c99251e692fb697b059e4f20a14d7a8ef4fcac830043c71ba4855ff3e52f24100cecb836"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r7, &(0x7f00000000c0), 0xfffffff4) 732.705963ms ago: executing program 1 (id=2370): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f0000000400)={[{@sysvgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x4) 731.708053ms ago: executing program 3 (id=2371): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="8b33000000000000000005000000"], 0x44}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) 719.187633ms ago: executing program 1 (id=2372): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes\x00', 0x26e1, 0x0) syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000004c0)={[{}]}, 0x1, 0x453, &(0x7f0000001040)="$eJzs3U9sFFUcB/DvbrslAbRg/IP4r4JKEaW2NUESTCTKSS4GE88NLYRYqKE1EUKMJh68eTHx7EG5eeTgyXjAoyZ48aaejJEYIvGk1sx2ly5lt3RD26nu55PM7pud132/mdffzO7ryzRAzxoqHirJ1iTfJxlcWL25wtDC0/VrF47/ee3C8Urm54/9XqnX++PahePNqs2f21I8VJPhalL9oJKH2rQ7e+78mxPT01NnG+sjc6ffGpk9d/7ZU6cnTk6dnDozeuDgC+OjB8bGx1dtX1+9+O6xLa+9dOSjySu/zVz86csi3q2Nba37sVqGMnTzsWzx1Go3VrL7WsqV/hIDoSt9SYruqtXzfzB9Wey8wXzzY6nBAWtqvrCp4+b35oH/sUrKjgAoR/NCX3z/bS7r9dmD8l09vPAFsOj3641lYUt/qo06tSXf71fTUJJDl458USxZo3EYAAAAgF721eEkz7Qb/6vm/pZ6RfmBJDuSPJhkZ1Kf1/NwkkeSPJrkseZ8oi4srb90/KfSaQINq+Lq4eRQY27XzeN/zdG/bOtrrN1VrKRWOXFqeuq5JHcnGU5tU7E+ukwbl7/957tO21rH/4qlaL85FtiI49f+JX+fnpyYm7iTfWbR1feTnf3t+r9yYyZQkYKPJ9nVzRvXFos/79p7slO12/c/a2n+02RP2/xvnHivHKw/LTM/c6R+PhhpnhVu9eHo2Cud2tf/5Sryf/Ny/Z9sq7TO153tvo3LOy692Glb9+f/Hz4rzv8DldfrAQ40Xn1nYm7u7GgyUDl66+tj3cf839b5Q1PzeDSPV9H/w7vbX//vaXm33UmeSPJkY+7ynvq1P9mb5Okk+5aJ5u+XD7zRaZv8L1fR/5Nt8//G1IAl+d994dD2T452an9l+f98/Rd6uPGKz3+3t9IOKjtOAAAAAAAAAFZHtX4PvEp1/41ytbp//8I9/O7N5ur0zOzcvhMzb5+ZXLhX3rbUqs2ZXoMt80FH6+XF9bEl6+NJtif5uO+vxp0HZqYny9556HFbOuR/4Ze+sqMD1pz7tULvWkH+19YjDmD9uf5D75L/0LvkP/Qu+Q+9S/5D75L/0LtWnv8DaxoHsP5c/6En3cl9/TZaoT8bIoy2heb8qZLCaP5L/g1yNDZm4fOvk3Voqy/JRtnlZQplnpUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANo5/AwAA//9EA9s8") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc0c0583b, &(0x7f0000000040)) syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x418484, &(0x7f0000000440), 0x1, 0x77a, &(0x7f0000000800)="$eJzs3c1rHOUfAPDvbJImTfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBLSJ4EVQ8CHrp2Zd68+rLVf8LD2KpmhYrHiQym5122+xuk3STrebzgUmeZ2Z2n+e7z7w8u/MwE8CeNZb+yUUcioj3k4iRxvwkIgbqqf6IE+vr3VxdKaZTEmtrr/6W1Ne5sbpSjKbXpA40Mo9GxHfvRBzObSy3urQ8WyiXSwuN/ERt7vxEdWn5yLm5wkxppjR/bHJq6ujxZ44f616sf/y4fPDqBy89+eWJv95+5Mp73ydxIg42ljXH0S1jMdb4TAbSj/AOL3a7sB5Lel0BtiXdNfvW9/I4FCPRV08BAP9lb0bEGgCwxyTO/wCwx2S/A9xYXSlmU29/kdhd116IiKH1+LPrm+tL+hvX7Ibq10GHbyR3XBlJImK0C+WPRcSnX7/+eTrFDl2HBGjlrUsRcWZ0bOPxP9kwZmGrnuqwbF/j/9hd8x3/YPd8k/Z/nm3V/8vd6v9Ei/7PYIt9dzvuuf/v70IhHaT9v+ebxrbdbIq/YbSvkftfvc83kJw9Vy6lx7b/R8R4DAym+ckOZYxf//t6u2XN/b/fP3zjs7T89P/tNXK/9A/e+ZrpQq1wPzE3u3Yp4rH+VvEnt9o/adP/PbXJMl5+7t1P2i1L40/jzaaN8UdjdNLOWLsc8UTL9r89oi3pOD5xor45TGQbRQtf/fTxcLvym9s/ndLys+8CuyFt/+HO8Y8mzeM1q1sv44fLI9+2W3bv+Ftv//uS1+rprB9xsVCrLUxG7Ete2Tj/6O3XZvls/TT+8cdb7/+dtv/0O+GZTcbff/XXL7Yf/85K45/eUvtvPXHl5mxfu/I31/5T9dR4Y85mjn+breD9fHYAAAAAAAAAAAAAAAAAAAAAAAAAsFm5iDgYSS5/K53L5fPrz/B+OIZz5Uq1dvhsZXF+OurPyh6NgVx2q8uRpvuhTjbuh5/lj96VfzoiHoqIjwb3J9l9FKd7HDsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZA60ef5/6ufBXtcOANgxQ72uAACw65z/AWDvGRrodQ0AgN3m+z8A7D3O/wCw9zj/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsMNOnTyZTmt/rq4U0/z0haXF2cqFI9Ol6mx+brGYL1YWzudnKpWZcilfrMzd6/3Klcr5qZhfvDhRK1VrE9Wl5dNzlcX52ulzc4WZ0unSwK5EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABbU11ani2Uy6UFiW0k1h6MavQ+0dfYnLr9zoPxgATYKZE8GNXocqLHByYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf4l/AgAA//9eqCIz") connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r1, 0xe, &(0x7f0000000300)={0x7, 0x0, &(0x7f0000000240)=[{&(0x7f00000004c0)=""/196, 0xc4}], &(0x7f0000000280)=[0xa, 0x6e6, 0x6, 0x9, 0x7f, 0x80], 0x1}, 0x20) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r4}, 0x38) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) r6 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth0_to_bond\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000854}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r8}, &(0x7f0000000380), &(0x7f00000003c0)=r9}, 0x20) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100736974000c00028008000100", @ANYRES32=r7, @ANYBLOB="08000300", @ANYRES32=r7], 0x40}}, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) fsetxattr(r10, &(0x7f0000000080)=@known='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) fgetxattr(r10, &(0x7f0000000000)=@known='trusted.overlay.upper\x00', 0x0, 0xffde) 684.893313ms ago: executing program 3 (id=2373): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) socket$packet(0x11, 0xa, 0x300) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 637.833963ms ago: executing program 3 (id=2374): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xa, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="611252000000000061134c0000000000bf2000000000000015000500511b48013d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586162c17600674290ca9d8d6413b8199e34f67ceaaa78710f9f8aba4765c91382f497585ca39c595b21afa6bce62b5ab0d44e9c32ad6f0349d92962a58d39494a19a9183362382792ac85578d3de07b7e155cf4ee5e3dd51212d2831bd8e2655b2fbd88791e4c66c832a774919b28b8a62711f0f156e636804e1d3f44a5ff3d63a3a51f0c7ec0c8c25e072194ddd83aa155a537e15c0d91f502deef03f83e826718705c9aef9613ac4a325a428d147c1749196e94226671fd9573ab0d079d44b13b56f793e98ab571c58e98e022f18a3be3f318e0690fff93f44f22473dc8004fc758218349bd3f0516a72a7ea913bfa7603063ed3118b2d680cbc"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0) syz_usb_connect$hid(0x5, 0x36, 0x0, 0x0) r5 = socket$key(0xf, 0x3, 0x2) socket$netlink(0x10, 0x3, 0xa) sendmsg$key(r5, &(0x7f0000000000)={0x400000000002800, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x7, 0x40, 0x7, 0x2, 0x0, 0x0, 0x20000}, 0x10}}, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000100000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6}, 0x18) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000000)=0x10) link(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001800)={&(0x7f0000000580)='kfree\x00', r3}, 0x9) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0/../file0/../file0\x00', &(0x7f0000000100)='devpts\x00', 0x0, 0x0) umount2(&(0x7f00000003c0)='./file0\x00', 0x1) 636.410253ms ago: executing program 1 (id=2375): sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x2c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 577.900912ms ago: executing program 1 (id=2376): socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x1, 0x84) r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f00000004c0)='./file2\x00', 0x4000, &(0x7f0000000500)=ANY=[@ANYRES8=0x0], 0xfd, 0x1e7, &(0x7f0000000280)="$eJzs3UFr02AYB/Cndbapp11EEIWAF09D/QQVqSAGBKWCnhTUyyoDd6leVr+Fn8ZPo3fZqReNzLTLGie4apJNf79Lnubf9+3zFpL20rfPrrzefrGz++rTpQ+RJJ3oDmMY805sRjeWZnFEEgDAGTfP8/iSF1aT9221BADU7Nef/9FbHL+Wpz5+23ncZHcAQB0ePXl6/3aWjR6maRKxP5uOp+PiWOR372WjG+kPm+Wo/el0fO4wv5lWvzsc5OfjQkR8vpiNbhXj09W8F9evFeMPsjsPskrej416lw4AAAAAAAAAAAAAAAAAAAAAAK25GunSsfv7bG1V88EiLx4d2R+osn/PRlxebuBTbg+U7zWxKAAAAAAAAAAAAAAAAAAAADhjdt++234+mbx8Uxb9iFg9c5JiuJh4zeFNF904FW38eTFYvO9/feZOMe+s7QWepEhPRxuTNa+CXkTU1dg8z/P+8Rf+alHeI/qN35UAAAAAAAAAAAAAAAAAAOD/VP7o9+csaaMhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhB+f//axR7EfEbTz58sUGrSwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAf9j0AAP//JPUxLA==") 577.138172ms ago: executing program 1 (id=2377): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 546.543262ms ago: executing program 1 (id=2378): munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018000000000000000c000000f7447bdba6d388"], &(0x7f0000001f80)=""/212, 0x26, 0xd4, 0xa, 0x0, 0x0, @void, @value}, 0x28) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000004000000410000000000000001000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0340003401000000e9000000000020"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) symlinkat(&(0x7f00000001c0)='./control\x00', 0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00') sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0x14, 0x5, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x2}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xc1}, 0x20044000) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000001340)=ANY=[@ANYBLOB="1800000000000000000000181100004598e4a0ff964b5b784fd3c01ad6fa3001cc64a534a3acf230c9e50fc65f80f1194fe8f7a43f5beafccfe8b2cffa2cc3993949bbadc2662966ae6d0f260793ce7ab8fdac699698fbc56eb7dc37279e777d9249c481df556eaef0b5295111d425baa174b3e53ff4a290986b8acc6e6bd3ae048d0000000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'hsr0\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r4, 0x1, 0x6}, 0x10) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000300)={'ip6gre0\x00', r4, 0x29, 0x7, 0x6, 0x7f, 0x16, @mcast1, @private0, 0x80, 0x7, 0x8, 0x5}}) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r5, 0x0, r6, 0x0, 0xf3a, 0x6) close_range(r0, 0xffffffffffffffff, 0x0) 410.288942ms ago: executing program 2 (id=2379): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYBLOB="0000000000000000b7080000000000007b8af8fe00000000bfa200000000000007020000f8ffffffb703000008000000b70400008f2000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x31, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f0000000400)={[{@sysvgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=") r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x4) fstat(r2, &(0x7f0000000440)) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f00001ea000/0x1000)=nil, 0x1000, 0x8003, &(0x7f0000000200)=0x5, 0x9, 0x2) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='module_request\x00', r1, 0x0, 0x8}, 0x18) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) 249.717861ms ago: executing program 0 (id=2380): perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x4800000000003}, 0x5002, 0x5dd8, 0x3, 0x5, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x88002, 0x0) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)="de", 0x1}], 0x1, 0x0, 0x0) 208.054251ms ago: executing program 4 (id=2381): socket(0x10, 0x803, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) setitimer(0x2, &(0x7f00000000c0), 0x0) 103.96156ms ago: executing program 4 (id=2382): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f0000000400)={[{@sysvgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x4) 100.491781ms ago: executing program 2 (id=2383): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f0000000400)={[{@sysvgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=") r2 = openat(0xffffffffffffff9c, 0x0, 0x141042, 0x4) fstat(r2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f00001ea000/0x1000)=nil, 0x1000, 0x8003, &(0x7f0000000200)=0x5, 0x9, 0x2) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r1, 0x0, 0x8}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x48, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) 33.37152ms ago: executing program 0 (id=2384): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) socket$packet(0x11, 0xa, 0x300) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 0s ago: executing program 4 (id=2385): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) mount(&(0x7f0000000480)=@loop={'/dev/loop', 0x0}, &(0x7f0000000e40)='./file0/../file0\x00', &(0x7f0000000e80)='pipefs\x00', 0x20800, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) bind$bt_hci(r0, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) link(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='./file0\x00') r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10) r3 = msgget(0x1, 0x2b0) msgrcv(r3, 0x0, 0x0, 0x2, 0x2000) msgrcv(r3, 0x0, 0x0, 0x2, 0x0) msgsnd(r3, &(0x7f0000000280)={0x2}, 0x8, 0x800) setresuid(0x0, 0x0, 0x0) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07000000000001090224"], 0x0) r4 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r4, &(0x7f00000038c0)=[{{&(0x7f0000000000)={0xa, 0xfffc, 0x20000000, @mcast2, 0x7}, 0x1c, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000001100)='./file0\x00', 0x0, &(0x7f0000000ec0)={[{@nodioread_nolock}, {@usrjquota}, {@delalloc}, {@dioread_lock}, {@max_batch_time={'max_batch_time', 0x3d, 0x5}}, {@mblk_io_submit}, {@minixdf}, {@barrier_val}, {@min_batch_time={'min_batch_time', 0x3d, 0x2}}, {}]}, 0x45, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==") r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b) ioctl$FIBMAP(r5, 0x660c, 0x0) kernel console output (not intermixed with test programs): team0: Device gtp0 is of different type [ 85.604448][ T7067] xt_CT: You must specify a L4 protocol and not use inversions on it [ 86.017723][ T7103] team0: Device gtp0 is of different type [ 86.039512][ T7106] xt_CT: You must specify a L4 protocol and not use inversions on it [ 86.446791][ T7117] netlink: 'syz.3.1382': attribute type 13 has an invalid length. [ 86.598990][ T7125] loop1: detected capacity change from 0 to 128 [ 86.776028][ T7125] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 86.787383][ T7139] __nla_validate_parse: 6 callbacks suppressed [ 86.787401][ T7139] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1391'. [ 86.814756][ T7125] ext4 filesystem being mounted at /281/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 86.875187][ T7149] loop2: detected capacity change from 0 to 128 [ 86.906997][ T7125] hub 6-0:1.0: USB hub found [ 86.912193][ T7125] hub 6-0:1.0: 8 ports detected [ 86.912478][ T7149] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 86.932610][ T7155] ipvlan2: entered promiscuous mode [ 86.941886][ T7155] bridge0: port 3(ipvlan2) entered blocking state [ 86.948397][ T7155] bridge0: port 3(ipvlan2) entered disabled state [ 86.954988][ T7149] ext4 filesystem being mounted at /287/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 86.965780][ T7155] ipvlan2: entered allmulticast mode [ 86.971116][ T7155] bridge0: entered allmulticast mode [ 86.981546][ T7155] ipvlan2: left allmulticast mode [ 86.986876][ T7155] bridge0: left allmulticast mode [ 86.994092][ T3297] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 87.039757][ T7160] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1400' sets config #0 [ 87.041582][ T7157] team0: Device gtp0 is of different type [ 87.113237][ T7167] hub 6-0:1.0: USB hub found [ 87.126900][ T7167] hub 6-0:1.0: 8 ports detected [ 87.183062][ T7173] netlink: 'syz.0.1406': attribute type 13 has an invalid length. [ 87.284172][ T7149] Set syz1 is full, maxelem 65536 reached [ 87.325219][ T3304] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 87.351534][ T7185] netlink: 'syz.0.1412': attribute type 13 has an invalid length. [ 87.448574][ T7192] geneve0: entered allmulticast mode [ 87.591903][ T7204] FAULT_INJECTION: forcing a failure. [ 87.591903][ T7204] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 87.605027][ T7204] CPU: 0 UID: 0 PID: 7204 Comm: syz.0.1413 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 87.605051][ T7204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 87.605062][ T7204] Call Trace: [ 87.605068][ T7204] [ 87.605075][ T7204] dump_stack_lvl+0xf2/0x150 [ 87.605148][ T7204] dump_stack+0x15/0x1a [ 87.605168][ T7204] should_fail_ex+0x223/0x230 [ 87.605196][ T7204] should_fail+0xb/0x10 [ 87.605245][ T7204] should_fail_usercopy+0x1a/0x20 [ 87.605280][ T7204] _copy_from_user+0x1c/0xa0 [ 87.605321][ T7204] br_ioctl_stub+0xef/0x5d0 [ 87.605353][ T7204] ? do_vfs_ioctl+0x96e/0x1530 [ 87.605478][ T7204] ? __pfx_br_ioctl_stub+0x10/0x10 [ 87.605506][ T7204] sock_ioctl+0x3dd/0x600 [ 87.605532][ T7204] ? __pfx_sock_ioctl+0x10/0x10 [ 87.605655][ T7204] __se_sys_ioctl+0xc9/0x140 [ 87.605719][ T7204] __x64_sys_ioctl+0x43/0x50 [ 87.605828][ T7204] x64_sys_call+0x1690/0x2dc0 [ 87.605855][ T7204] do_syscall_64+0xc9/0x1c0 [ 87.605894][ T7204] ? clear_bhb_loop+0x55/0xb0 [ 87.605950][ T7204] ? clear_bhb_loop+0x55/0xb0 [ 87.605974][ T7204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.606017][ T7204] RIP: 0033:0x7f55bb62cd29 [ 87.606035][ T7204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.606105][ T7204] RSP: 002b:00007f55b9c70038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 87.606153][ T7204] RAX: ffffffffffffffda RBX: 00007f55bb846080 RCX: 00007f55bb62cd29 [ 87.606167][ T7204] RDX: 0000000020000040 RSI: 00000000000089a1 RDI: 0000000000000009 [ 87.606178][ T7204] RBP: 00007f55b9c70090 R08: 0000000000000000 R09: 0000000000000000 [ 87.606189][ T7204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 87.606201][ T7204] R13: 0000000000000000 R14: 00007f55bb846080 R15: 00007ffc7ba5fde8 [ 87.606260][ T7204] [ 87.848212][ T7213] loop4: detected capacity change from 0 to 128 [ 87.859639][ T7213] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 87.882759][ T7213] ext4 filesystem being mounted at /326/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 88.002399][ T7219] team0: Device gtp0 is of different type [ 88.013163][ T7218] hub 6-0:1.0: USB hub found [ 88.029986][ T7218] hub 6-0:1.0: 8 ports detected [ 88.058327][ T7219] xt_CT: You must specify a L4 protocol and not use inversions on it [ 88.084087][ T7221] netlink: 'syz.1.1424': attribute type 13 has an invalid length. [ 88.119436][ T7223] x_tables: duplicate underflow at hook 2 [ 88.152404][ T7213] Set syz1 is full, maxelem 65536 reached [ 88.192447][ T3296] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 88.335082][ T7246] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 88.343961][ T7246] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 88.352862][ T7246] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 88.361945][ T7246] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 88.407605][ T7246] vxlan0: entered promiscuous mode [ 88.412904][ T7246] vxlan0: entered allmulticast mode [ 88.422128][ T7246] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 88.431070][ T7246] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 88.440017][ T7246] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 88.449167][ T7246] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 88.462801][ T7261] loop3: detected capacity change from 0 to 128 [ 88.486248][ T7259] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1442'. [ 88.486422][ T7261] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 88.507881][ T7261] ext4 filesystem being mounted at /269/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 88.573301][ T7261] hub 6-0:1.0: USB hub found [ 88.578026][ T7261] hub 6-0:1.0: 8 ports detected [ 88.630028][ T3302] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 88.658259][ T7275] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1448'. [ 88.709144][ T7280] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1451'. [ 88.875734][ T7291] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1455'. [ 88.887351][ T7299] loop3: detected capacity change from 0 to 128 [ 88.965798][ T7299] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 88.978253][ T7299] ext4 filesystem being mounted at /274/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 89.043611][ T7299] hub 6-0:1.0: USB hub found [ 89.049082][ T7299] hub 6-0:1.0: 8 ports detected [ 89.070517][ T3302] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 89.105080][ T7312] loop3: detected capacity change from 0 to 128 [ 89.126655][ T7312] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 89.145725][ T7312] ext4 filesystem being mounted at /275/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 89.177713][ T7319] netlink: 'syz.4.1466': attribute type 13 has an invalid length. [ 89.204335][ T7321] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1467'. [ 89.248438][ T7312] hub 6-0:1.0: USB hub found [ 89.254371][ T7312] hub 6-0:1.0: 8 ports detected [ 89.304723][ T3302] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 89.340370][ T29] kauditd_printk_skb: 478 callbacks suppressed [ 89.340386][ T29] audit: type=1326 audit(1737671174.175:5556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.4.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 89.373467][ T29] audit: type=1326 audit(1737671174.205:5557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.4.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 89.396927][ T29] audit: type=1326 audit(1737671174.205:5558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.4.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 89.401093][ T7325] loop4: detected capacity change from 0 to 512 [ 89.420405][ T29] audit: type=1326 audit(1737671174.205:5559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.4.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 89.450257][ T29] audit: type=1326 audit(1737671174.205:5560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.4.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 89.474463][ T29] audit: type=1326 audit(1737671174.215:5561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.4.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 89.498004][ T29] audit: type=1326 audit(1737671174.235:5562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.4.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 89.521436][ T29] audit: type=1326 audit(1737671174.235:5563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.4.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 89.544909][ T29] audit: type=1326 audit(1737671174.235:5564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.4.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 89.568450][ T29] audit: type=1326 audit(1737671174.235:5565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7324 comm="syz.4.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 89.593788][ T7325] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.609883][ T7327] team0: Device gtp0 is of different type [ 89.622170][ T7325] ext4 filesystem being mounted at /345/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.661797][ T7337] xt_CT: You must specify a L4 protocol and not use inversions on it [ 89.672652][ T7336] loop0: detected capacity change from 0 to 128 [ 89.696298][ T7336] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 89.711584][ T7336] ext4 filesystem being mounted at /262/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 89.754156][ T7344] vlan2: entered allmulticast mode [ 89.771715][ T7325] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.879717][ T7348] hub 6-0:1.0: USB hub found [ 89.884481][ T7348] hub 6-0:1.0: 8 ports detected [ 89.903419][ T7344] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 89.999228][ T7336] Set syz1 is full, maxelem 65536 reached [ 90.016083][ T7361] loop4: detected capacity change from 0 to 128 [ 90.025028][ T7358] netlink: 'syz.3.1478': attribute type 13 has an invalid length. [ 90.043919][ T7361] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 90.056472][ T7361] ext4 filesystem being mounted at /348/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 90.067805][ T3305] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 90.135107][ T7369] FAULT_INJECTION: forcing a failure. [ 90.135107][ T7369] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 90.148226][ T7369] CPU: 1 UID: 0 PID: 7369 Comm: syz.3.1482 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 90.148256][ T7369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 90.148271][ T7369] Call Trace: [ 90.148279][ T7369] [ 90.148287][ T7369] dump_stack_lvl+0xf2/0x150 [ 90.148313][ T7369] dump_stack+0x15/0x1a [ 90.148332][ T7369] should_fail_ex+0x223/0x230 [ 90.148441][ T7369] should_fail+0xb/0x10 [ 90.148528][ T7369] should_fail_usercopy+0x1a/0x20 [ 90.148560][ T7369] _copy_from_user+0x1c/0xa0 [ 90.148608][ T7369] copy_msghdr_from_user+0x54/0x2a0 [ 90.148639][ T7369] ? __fget_files+0x17c/0x1c0 [ 90.148669][ T7369] __sys_sendmsg+0x13e/0x230 [ 90.148776][ T7369] __x64_sys_sendmsg+0x46/0x50 [ 90.148796][ T7369] x64_sys_call+0x2734/0x2dc0 [ 90.148820][ T7369] do_syscall_64+0xc9/0x1c0 [ 90.148859][ T7369] ? clear_bhb_loop+0x55/0xb0 [ 90.148898][ T7369] ? clear_bhb_loop+0x55/0xb0 [ 90.148917][ T7369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.148952][ T7369] RIP: 0033:0x7f1e4e2bcd29 [ 90.148967][ T7369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.148988][ T7369] RSP: 002b:00007f1e4c927038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 90.149081][ T7369] RAX: ffffffffffffffda RBX: 00007f1e4e4d5fa0 RCX: 00007f1e4e2bcd29 [ 90.149093][ T7369] RDX: 0000000024008040 RSI: 0000000020000080 RDI: 000000000000000c [ 90.149105][ T7369] RBP: 00007f1e4c927090 R08: 0000000000000000 R09: 0000000000000000 [ 90.149128][ T7369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 90.149142][ T7369] R13: 0000000000000000 R14: 00007f1e4e4d5fa0 R15: 00007ffc2c3ad968 [ 90.149195][ T7369] [ 90.149936][ T7369] xt_hashlimit: max too large, truncated to 1048576 [ 90.163512][ T7370] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 90.287292][ T7371] hub 6-0:1.0: USB hub found [ 90.300407][ T7370] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 90.312900][ T7371] hub 6-0:1.0: 8 ports detected [ 90.350367][ T7370] loop0: detected capacity change from 0 to 2048 [ 90.362556][ T7370] EXT4-fs: Ignoring removed mblk_io_submit option [ 90.386971][ T7370] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 90.405956][ T7361] Set syz1 is full, maxelem 65536 reached [ 90.481079][ T3296] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 90.508355][ T7376] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1481: bg 0: block 234: padding at end of block bitmap is not set [ 90.536526][ T7203] geneve0: left allmulticast mode [ 90.542540][ T7376] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 90.555088][ T7376] EXT4-fs (loop0): This should not happen!! Data will be lost [ 90.555088][ T7376] [ 90.564759][ T7376] EXT4-fs (loop0): Total free blocks count 0 [ 90.570814][ T7376] EXT4-fs (loop0): Free/Dirty block details [ 90.576773][ T7376] EXT4-fs (loop0): free_blocks=0 [ 90.581726][ T7376] EXT4-fs (loop0): dirty_blocks=5472 [ 90.587057][ T7376] EXT4-fs (loop0): Block reservation details [ 90.593078][ T7376] EXT4-fs (loop0): i_reserved_data_blocks=342 [ 90.629525][ T7386] netlink: 'syz.3.1487': attribute type 13 has an invalid length. [ 90.675845][ T7387] xt_CT: You must specify a L4 protocol and not use inversions on it [ 90.711114][ T7396] team0: Device gtp0 is of different type [ 90.720603][ T7383] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1483'. [ 90.747853][ T7398] loop3: detected capacity change from 0 to 128 [ 90.779653][ T7398] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 90.792421][ T7398] ext4 filesystem being mounted at /286/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 90.810480][ T7404] loop1: detected capacity change from 0 to 128 [ 90.823535][ T7404] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 90.848169][ T7404] ext4 filesystem being mounted at /299/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 90.860348][ T7398] hub 6-0:1.0: USB hub found [ 90.865030][ T7398] hub 6-0:1.0: 8 ports detected [ 90.871713][ T7408] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1494'. [ 90.897314][ T3302] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 90.909116][ T7404] hub 6-0:1.0: USB hub found [ 90.913805][ T7404] hub 6-0:1.0: 8 ports detected [ 90.947310][ T3297] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 91.000171][ T7413] loop2: detected capacity change from 0 to 512 [ 91.037279][ T7413] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.052411][ T7422] netlink: 'syz.1.1500': attribute type 13 has an invalid length. [ 91.061781][ T7413] ext4 filesystem being mounted at /294/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.076410][ T7426] x_tables: duplicate underflow at hook 2 [ 91.247455][ T7413] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.381232][ T7452] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1512'. [ 91.383331][ T7453] loop1: detected capacity change from 0 to 512 [ 91.437925][ T7457] xt_hashlimit: max too large, truncated to 1048576 [ 91.448559][ T7453] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 91.457435][ T7453] EXT4-fs (loop1): invalid journal inode [ 91.463100][ T7453] EXT4-fs (loop1): can't get journal size [ 91.469885][ T7453] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a042c119, mo2=0002] [ 91.477890][ T7453] System zones: 1-12, 13-13 [ 91.484807][ T7453] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.1513: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 91.501873][ T7453] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.1513: couldn't read orphan inode 15 (err -117) [ 91.514358][ T7453] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 91.529060][ T7453] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1513'. [ 91.565048][ T3297] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.582787][ T7468] team0: Device gtp0 is of different type [ 91.628244][ T7468] xt_CT: You must specify a L4 protocol and not use inversions on it [ 91.663569][ T7479] team0: Device gtp0 is of different type [ 91.740115][ T7491] ipvlan2: entered promiscuous mode [ 91.745919][ T7491] bridge0: port 3(ipvlan2) entered blocking state [ 91.752406][ T7491] bridge0: port 3(ipvlan2) entered disabled state [ 91.763780][ T7491] ipvlan2: entered allmulticast mode [ 91.769191][ T7491] bridge0: entered allmulticast mode [ 91.775868][ T7491] ipvlan2: left allmulticast mode [ 91.780932][ T7491] bridge0: left allmulticast mode [ 91.861716][ T7492] __nla_validate_parse: 1 callbacks suppressed [ 91.861731][ T7492] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1526'. [ 92.119648][ T7508] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1532'. [ 92.167894][ T7516] team0: Device gtp0 is of different type [ 92.213970][ T7517] xt_CT: You must specify a L4 protocol and not use inversions on it [ 92.536529][ T7524] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1538'. [ 92.695762][ T7537] xt_hashlimit: max too large, truncated to 1048576 [ 92.823319][ T7547] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1549'. [ 93.074423][ T7578] netlink: 'syz.2.1561': attribute type 13 has an invalid length. [ 93.105752][ T28] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 93.110449][ T7584] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1563'. [ 93.122631][ T7582] FAULT_INJECTION: forcing a failure. [ 93.122631][ T7582] name failslab, interval 1, probability 0, space 0, times 0 [ 93.140227][ T7582] CPU: 0 UID: 0 PID: 7582 Comm: syz.1.1562 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 93.140257][ T7582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 93.140271][ T7582] Call Trace: [ 93.140279][ T7582] [ 93.140288][ T7582] dump_stack_lvl+0xf2/0x150 [ 93.140314][ T7582] dump_stack+0x15/0x1a [ 93.140334][ T7582] should_fail_ex+0x223/0x230 [ 93.140366][ T7582] should_failslab+0x8f/0xb0 [ 93.140387][ T7582] kmem_cache_alloc_noprof+0x52/0x320 [ 93.140412][ T7582] ? vm_area_alloc+0x2c/0x130 [ 93.140430][ T7582] vm_area_alloc+0x2c/0x130 [ 93.140446][ T7582] __mmap_region+0x6b5/0x1400 [ 93.140481][ T7582] ? selinux_file_open+0x34a/0x3b0 [ 93.140537][ T7582] mmap_region+0x164/0x1e0 [ 93.140566][ T7582] do_mmap+0x732/0xbb0 [ 93.140589][ T7582] vm_mmap_pgoff+0x16d/0x2d0 [ 93.140615][ T7582] ksys_mmap_pgoff+0x286/0x330 [ 93.140639][ T7582] x64_sys_call+0x1940/0x2dc0 [ 93.140663][ T7582] do_syscall_64+0xc9/0x1c0 [ 93.140699][ T7582] ? clear_bhb_loop+0x55/0xb0 [ 93.140722][ T7582] ? clear_bhb_loop+0x55/0xb0 [ 93.140745][ T7582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.140786][ T7582] RIP: 0033:0x7f2397e2cd29 [ 93.140803][ T7582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.140824][ T7582] RSP: 002b:00007f2396491038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 93.140846][ T7582] RAX: ffffffffffffffda RBX: 00007f2398045fa0 RCX: 00007f2397e2cd29 [ 93.140860][ T7582] RDX: 000000000000f5ff RSI: 0000000000004000 RDI: 0000000020ffc000 [ 93.140873][ T7582] RBP: 00007f2396491090 R08: 0000000000000004 R09: 0000000000000000 [ 93.140886][ T7582] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001 [ 93.140899][ T7582] R13: 0000000000000000 R14: 00007f2398045fa0 R15: 00007ffd14aeb868 [ 93.140920][ T7582] [ 93.350129][ T7599] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1565'. [ 93.369933][ T7601] capability: warning: `syz.2.1569' uses 32-bit capabilities (legacy support in use) [ 93.425760][ T7608] blktrace: Concurrent blktraces are not allowed on loop9 [ 93.573220][ T7620] xt_hashlimit: max too large, truncated to 1048576 [ 93.604946][ T7625] loop2: detected capacity change from 0 to 128 [ 93.612130][ T7619] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1578'. [ 93.621193][ T7619] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1578'. [ 93.630437][ T7619] netlink: 'syz.4.1578': attribute type 5 has an invalid length. [ 93.638362][ T7619] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1578'. [ 93.648492][ T7632] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 93.664361][ T7632] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 93.665328][ T7625] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 93.682692][ T7632] loop1: detected capacity change from 0 to 2048 [ 93.690858][ T7632] EXT4-fs: Ignoring removed mblk_io_submit option [ 93.698587][ T7625] ext4 filesystem being mounted at /313/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 93.716769][ T7632] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.905760][ T7643] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1575: bg 0: block 234: padding at end of block bitmap is not set [ 93.932714][ T7649] hub 6-0:1.0: USB hub found [ 93.966107][ T7649] hub 6-0:1.0: 8 ports detected [ 93.971212][ T7643] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 93.983715][ T7643] EXT4-fs (loop1): This should not happen!! Data will be lost [ 93.983715][ T7643] [ 93.994082][ T7643] EXT4-fs (loop1): Total free blocks count 0 [ 94.000246][ T7643] EXT4-fs (loop1): Free/Dirty block details [ 94.006198][ T7643] EXT4-fs (loop1): free_blocks=0 [ 94.011252][ T7643] EXT4-fs (loop1): dirty_blocks=8192 [ 94.016694][ T7643] EXT4-fs (loop1): Block reservation details [ 94.022784][ T7643] EXT4-fs (loop1): i_reserved_data_blocks=512 [ 94.081982][ T7653] netlink: 'syz.0.1588': attribute type 21 has an invalid length. [ 94.146030][ T7625] Set syz1 is full, maxelem 65536 reached [ 94.153345][ T7660] netlink: 'syz.3.1591': attribute type 13 has an invalid length. [ 94.183769][ T7662] netlink: 'syz.4.1592': attribute type 13 has an invalid length. [ 94.244145][ T7673] loop3: detected capacity change from 0 to 128 [ 94.253280][ T3304] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 94.253862][ T7673] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 94.283335][ T7673] ext4 filesystem being mounted at /324/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 94.322468][ T7682] xt_hashlimit: max too large, truncated to 1048576 [ 94.323917][ T7680] loop0: detected capacity change from 0 to 512 [ 94.355345][ T7673] hub 6-0:1.0: USB hub found [ 94.360101][ T29] kauditd_printk_skb: 483 callbacks suppressed [ 94.360116][ T29] audit: type=1400 audit(1737671179.195:6049): avc: denied { getopt } for pid=7683 comm="syz.4.1601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 94.386507][ T7673] hub 6-0:1.0: 8 ports detected [ 94.411642][ T3302] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 94.426562][ T7680] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.439538][ T7690] FAULT_INJECTION: forcing a failure. [ 94.439538][ T7690] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 94.452109][ T7680] ext4 filesystem being mounted at /274/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.452629][ T7690] CPU: 0 UID: 0 PID: 7690 Comm: syz.2.1604 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 94.452696][ T7690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 94.452718][ T7690] Call Trace: [ 94.452726][ T7690] [ 94.452735][ T7690] dump_stack_lvl+0xf2/0x150 [ 94.452834][ T7690] dump_stack+0x15/0x1a [ 94.452854][ T7690] should_fail_ex+0x223/0x230 [ 94.452888][ T7690] should_fail+0xb/0x10 [ 94.452916][ T7690] should_fail_usercopy+0x1a/0x20 [ 94.452971][ T7690] _copy_to_user+0x20/0xa0 [ 94.453010][ T7690] simple_read_from_buffer+0xa0/0x110 [ 94.453051][ T7690] proc_fail_nth_read+0xf9/0x140 [ 94.453093][ T7690] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 94.453168][ T7690] vfs_read+0x1a2/0x700 [ 94.453202][ T7690] ? __rcu_read_unlock+0x4e/0x70 [ 94.453320][ T7690] ? __fget_files+0x17c/0x1c0 [ 94.453349][ T7690] ksys_read+0xe8/0x1b0 [ 94.453386][ T7690] __x64_sys_read+0x42/0x50 [ 94.453429][ T7690] x64_sys_call+0x2874/0x2dc0 [ 94.453467][ T7690] do_syscall_64+0xc9/0x1c0 [ 94.453508][ T7690] ? clear_bhb_loop+0x55/0xb0 [ 94.453532][ T7690] ? clear_bhb_loop+0x55/0xb0 [ 94.453556][ T7690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.453673][ T7690] RIP: 0033:0x7fbd875ab73c [ 94.453691][ T7690] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 94.453712][ T7690] RSP: 002b:00007fbd85c11030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 94.453743][ T7690] RAX: ffffffffffffffda RBX: 00007fbd877c5fa0 RCX: 00007fbd875ab73c [ 94.453758][ T7690] RDX: 000000000000000f RSI: 00007fbd85c110a0 RDI: 0000000000000005 [ 94.453772][ T7690] RBP: 00007fbd85c11090 R08: 0000000000000000 R09: 0000000000000000 [ 94.453786][ T7690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.453800][ T7690] R13: 0000000000000000 R14: 00007fbd877c5fa0 R15: 00007ffdc68ad408 [ 94.453822][ T7690] [ 94.501775][ T7694] netlink: 'syz.2.1606': attribute type 13 has an invalid length. [ 94.518187][ T7695] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1603'. [ 94.534291][ T29] audit: type=1326 audit(1737671179.375:6050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7679 comm="syz.0.1600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f55bb62b690 code=0x7ffc0000 [ 94.697322][ T29] audit: type=1326 audit(1737671179.375:6051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7679 comm="syz.0.1600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f55bb62ba77 code=0x7ffc0000 [ 94.720695][ T29] audit: type=1326 audit(1737671179.375:6052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7679 comm="syz.0.1600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f55bb62b690 code=0x7ffc0000 [ 94.744196][ T29] audit: type=1326 audit(1737671179.375:6053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7679 comm="syz.0.1600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 94.767687][ T29] audit: type=1326 audit(1737671179.375:6054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7679 comm="syz.0.1600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 94.791351][ T29] audit: type=1326 audit(1737671179.415:6055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7679 comm="syz.0.1600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 94.798557][ T7680] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.814776][ T29] audit: type=1326 audit(1737671179.425:6056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7679 comm="syz.0.1600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 94.847348][ T29] audit: type=1326 audit(1737671179.425:6057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7679 comm="syz.0.1600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 94.870789][ T29] audit: type=1326 audit(1737671179.425:6058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7679 comm="syz.0.1600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 94.938755][ T7713] xt_hashlimit: max too large, truncated to 1048576 [ 94.989574][ T7724] team0: Device gtp0 is of different type [ 95.030787][ T7729] netlink: 'syz.3.1619': attribute type 13 has an invalid length. [ 95.061690][ T7731] xt_CT: You must specify a L4 protocol and not use inversions on it [ 95.310839][ T7749] loop0: detected capacity change from 0 to 128 [ 95.331972][ T7749] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 95.354798][ T7749] ext4 filesystem being mounted at /277/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 95.467894][ T7760] hub 6-0:1.0: USB hub found [ 95.475488][ T7760] hub 6-0:1.0: 8 ports detected [ 95.633863][ T7749] Set syz1 is full, maxelem 65536 reached [ 95.713469][ T3305] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 95.725735][ T7771] loop2: detected capacity change from 0 to 128 [ 95.870141][ T7783] netlink: 'syz.4.1643': attribute type 13 has an invalid length. [ 95.911397][ T7786] netlink: 'syz.4.1645': attribute type 13 has an invalid length. [ 96.049665][ T1004] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 96.201876][ T7803] loop3: detected capacity change from 0 to 512 [ 96.216866][ T7805] loop4: detected capacity change from 0 to 512 [ 96.262390][ T7805] ext4 filesystem being mounted at /383/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.273726][ T7803] infiniband syz2: set down [ 96.278356][ T7803] infiniband syz2: added veth0_to_bond [ 96.294449][ T7803] RDS/IB: syz2: added [ 96.304259][ T7803] smc: adding ib device syz2 with port count 1 [ 96.321878][ T7803] smc: ib device syz2 port 1 has pnetid [ 96.663803][ T7836] team0: Device gtp0 is of different type [ 96.747235][ T7836] xt_CT: You must specify a L4 protocol and not use inversions on it [ 96.807053][ T7850] can0: slcan on ttyS3. [ 96.844787][ T7850] SELinux: Context Ü is not valid (left unmapped). [ 96.890860][ T7861] loop0: detected capacity change from 0 to 128 [ 96.901886][ T7861] ext4 filesystem being mounted at /284/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 96.912431][ T7849] can0 (unregistered): slcan off ttyS3. [ 96.937757][ T7866] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 96.946374][ T7866] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 96.967975][ T7866] loop1: detected capacity change from 0 to 2048 [ 96.974655][ T7866] EXT4-fs: Ignoring removed mblk_io_submit option [ 97.100170][ T7875] __nla_validate_parse: 1 callbacks suppressed [ 97.100189][ T7875] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1673'. [ 97.129968][ T7876] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1672: bg 0: block 234: padding at end of block bitmap is not set [ 97.149329][ T7876] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 97.161851][ T7876] EXT4-fs (loop1): This should not happen!! Data will be lost [ 97.161851][ T7876] [ 97.171588][ T7876] EXT4-fs (loop1): Total free blocks count 0 [ 97.177616][ T7876] EXT4-fs (loop1): Free/Dirty block details [ 97.183582][ T7876] EXT4-fs (loop1): free_blocks=0 [ 97.188568][ T7876] EXT4-fs (loop1): dirty_blocks=6848 [ 97.193858][ T7876] EXT4-fs (loop1): Block reservation details [ 97.200018][ T7876] EXT4-fs (loop1): i_reserved_data_blocks=428 [ 97.333380][ T36] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 97.346259][ T36] EXT4-fs (loop1): This should not happen!! Data will be lost [ 97.346259][ T36] [ 97.410855][ T7892] team0: Device gtp0 is of different type [ 97.530099][ T7921] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1681'. [ 97.546369][ T7892] xt_CT: You must specify a L4 protocol and not use inversions on it [ 97.620940][ T7940] netlink: 'syz.3.1684': attribute type 13 has an invalid length. [ 97.673872][ T7951] FAULT_INJECTION: forcing a failure. [ 97.673872][ T7951] name failslab, interval 1, probability 0, space 0, times 0 [ 97.686669][ T7951] CPU: 0 UID: 0 PID: 7951 Comm: syz.3.1686 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 97.686698][ T7951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 97.686714][ T7951] Call Trace: [ 97.686722][ T7951] [ 97.686730][ T7951] dump_stack_lvl+0xf2/0x150 [ 97.686753][ T7951] dump_stack+0x15/0x1a [ 97.686770][ T7951] should_fail_ex+0x223/0x230 [ 97.686805][ T7951] should_failslab+0x8f/0xb0 [ 97.686868][ T7951] kmem_cache_alloc_node_noprof+0x59/0x320 [ 97.686903][ T7951] ? __alloc_skb+0x10b/0x310 [ 97.686954][ T7951] __alloc_skb+0x10b/0x310 [ 97.687011][ T7951] netlink_alloc_large_skb+0xad/0xe0 [ 97.687039][ T7951] netlink_sendmsg+0x3b4/0x6e0 [ 97.687076][ T7951] ? __pfx_netlink_sendmsg+0x10/0x10 [ 97.687108][ T7951] __sock_sendmsg+0x140/0x180 [ 97.687213][ T7951] ____sys_sendmsg+0x312/0x410 [ 97.687237][ T7951] __sys_sendmsg+0x19d/0x230 [ 97.687273][ T7951] __x64_sys_sendmsg+0x46/0x50 [ 97.687299][ T7951] x64_sys_call+0x2734/0x2dc0 [ 97.687326][ T7951] do_syscall_64+0xc9/0x1c0 [ 97.687378][ T7951] ? clear_bhb_loop+0x55/0xb0 [ 97.687402][ T7951] ? clear_bhb_loop+0x55/0xb0 [ 97.687428][ T7951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.687471][ T7951] RIP: 0033:0x7f1e4e2bcd29 [ 97.687524][ T7951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.687552][ T7951] RSP: 002b:00007f1e4c927038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 97.687576][ T7951] RAX: ffffffffffffffda RBX: 00007f1e4e4d5fa0 RCX: 00007f1e4e2bcd29 [ 97.687590][ T7951] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003 [ 97.687604][ T7951] RBP: 00007f1e4c927090 R08: 0000000000000000 R09: 0000000000000000 [ 97.687647][ T7951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.687659][ T7951] R13: 0000000000000000 R14: 00007f1e4e4d5fa0 R15: 00007ffc2c3ad968 [ 97.687676][ T7951] [ 98.108209][ T8033] netlink: 'syz.2.1691': attribute type 13 has an invalid length. [ 98.243540][ T8057] xt_hashlimit: max too large, truncated to 1048576 [ 98.419270][ T8083] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1703'. [ 98.476035][ T8089] netlink: 'syz.2.1706': attribute type 13 has an invalid length. [ 98.872779][ T8110] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1715'. [ 99.149278][ T8136] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1725'. [ 99.189256][ T8138] xt_CT: You must specify a L4 protocol and not use inversions on it [ 99.223637][ T8142] loop3: detected capacity change from 0 to 128 [ 99.234529][ T8142] EXT4-fs mount: 8 callbacks suppressed [ 99.234545][ T8142] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 99.277927][ T8142] ext4 filesystem being mounted at /350/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 99.349565][ T8142] hub 6-0:1.0: USB hub found [ 99.354375][ T8142] hub 6-0:1.0: 8 ports detected [ 99.374418][ T3302] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 99.395475][ T29] kauditd_printk_skb: 282 callbacks suppressed [ 99.395490][ T29] audit: type=1400 audit(1737671184.235:6341): avc: denied { bind } for pid=8156 comm="syz.4.1734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 99.429714][ T29] audit: type=1400 audit(1737671184.265:6342): avc: denied { create } for pid=8156 comm="syz.4.1734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 99.479463][ T29] audit: type=1400 audit(1737671184.315:6343): avc: denied { setopt } for pid=8156 comm="syz.4.1734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 99.530844][ T8171] team0: Device gtp0 is of different type [ 99.558499][ T8176] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1742'. [ 99.566790][ T8171] xt_CT: You must specify a L4 protocol and not use inversions on it [ 99.605402][ T29] audit: type=1326 audit(1737671184.435:6344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8178 comm="syz.3.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4e2bcd29 code=0x7ffc0000 [ 99.616210][ T8181] loop4: detected capacity change from 0 to 128 [ 99.628954][ T29] audit: type=1326 audit(1737671184.435:6345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8178 comm="syz.3.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4e2bcd29 code=0x7ffc0000 [ 99.658687][ T29] audit: type=1326 audit(1737671184.435:6346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8178 comm="syz.3.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f1e4e2bcd29 code=0x7ffc0000 [ 99.682125][ T29] audit: type=1326 audit(1737671184.435:6347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8178 comm="syz.3.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4e2bcd29 code=0x7ffc0000 [ 99.705746][ T29] audit: type=1326 audit(1737671184.435:6348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8178 comm="syz.3.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4e2bcd29 code=0x7ffc0000 [ 99.712068][ T8179] loop3: detected capacity change from 0 to 512 [ 99.729169][ T29] audit: type=1326 audit(1737671184.435:6349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8178 comm="syz.3.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f1e4e2bcd29 code=0x7ffc0000 [ 99.729811][ T29] audit: type=1326 audit(1737671184.525:6350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8178 comm="syz.3.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e4e2bcd29 code=0x7ffc0000 [ 99.783509][ T8181] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 99.796026][ T8181] ext4 filesystem being mounted at /401/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 99.808492][ T8179] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.821619][ T8179] ext4 filesystem being mounted at /354/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.889630][ T8179] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.924351][ T8193] hub 6-0:1.0: USB hub found [ 99.929179][ T8193] hub 6-0:1.0: 8 ports detected [ 100.020397][ T8197] xt_hashlimit: max too large, truncated to 1048576 [ 100.044842][ T8181] Set syz1 is full, maxelem 65536 reached [ 100.105648][ T3296] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 100.176957][ T8217] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1756'. [ 100.227836][ T8221] ipvlan3: entered promiscuous mode [ 100.233329][ T8221] bridge0: port 3(ipvlan3) entered blocking state [ 100.239834][ T8221] bridge0: port 3(ipvlan3) entered disabled state [ 100.246660][ T8221] ipvlan3: entered allmulticast mode [ 100.251979][ T8221] bridge0: entered allmulticast mode [ 100.257954][ T8221] ipvlan3: left allmulticast mode [ 100.263002][ T8221] bridge0: left allmulticast mode [ 100.340564][ T8232] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1763'. [ 100.465546][ T8232] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1763'. [ 100.494571][ T8232] loop4: detected capacity change from 0 to 512 [ 100.501646][ T8232] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 100.514775][ T8232] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 100.524948][ T8232] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (64533!=33349) [ 100.534665][ T8232] EXT4-fs (loop4): group descriptors corrupted! [ 100.740829][ T8276] loop2: detected capacity change from 0 to 512 [ 100.747673][ T8276] ======================================================= [ 100.747673][ T8276] WARNING: The mand mount option has been deprecated and [ 100.747673][ T8276] and is ignored by this kernel. Remove the mand [ 100.747673][ T8276] option from the mount to silence this warning. [ 100.747673][ T8276] ======================================================= [ 100.808849][ T8276] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 100.816977][ T8276] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 100.828804][ T8276] System zones: 0-1, 15-15, 18-18, 34-34 [ 100.835061][ T8276] EXT4-fs (loop2): orphan cleanup on readonly fs [ 100.841653][ T8276] EXT4-fs warning (device loop2): ext4_enable_quotas:7142: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 100.856277][ T8276] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 100.863148][ T8276] EXT4-fs error (device loop2): ext4_orphan_get:1415: comm syz.2.1783: bad orphan inode 16 [ 100.875330][ T8276] ext4_test_bit(bit=15, block=18) = 1 [ 100.880816][ T8276] is_bad_inode(inode)=0 [ 100.885009][ T8276] NEXT_ORPHAN(inode)=0 [ 100.889209][ T8276] max_ino=32 [ 100.892420][ T8276] i_nlink=2 [ 100.897498][ T8276] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 100.939768][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.972860][ T8301] netlink: 'syz.2.1791': attribute type 13 has an invalid length. [ 101.010188][ T8305] loop4: detected capacity change from 0 to 128 [ 101.035167][ T8305] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 101.047602][ T8305] ext4 filesystem being mounted at /413/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 101.105526][ T8312] loop1: detected capacity change from 0 to 512 [ 101.134428][ T8314] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1799'. [ 101.159158][ T8312] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.171903][ T8312] ext4 filesystem being mounted at /340/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 101.245158][ T8323] hub 6-0:1.0: USB hub found [ 101.264918][ T8323] hub 6-0:1.0: 8 ports detected [ 101.297153][ T8312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.308972][ T8305] Set syz1 is full, maxelem 65536 reached [ 101.335589][ T8325] netlink: 'syz.2.1802': attribute type 13 has an invalid length. [ 101.347070][ T3296] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 101.427347][ T8340] netlink: 'syz.4.1807': attribute type 13 has an invalid length. [ 101.441313][ T8335] loop2: detected capacity change from 0 to 512 [ 101.477621][ T8348] netlink: 'syz.3.1811': attribute type 1 has an invalid length. [ 101.488783][ T8335] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 101.496845][ T8335] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 101.516163][ T8335] System zones: 0-1, 15-15, 18-18, 34-34 [ 101.522102][ T8335] EXT4-fs (loop2): orphan cleanup on readonly fs [ 101.533255][ T8335] EXT4-fs warning (device loop2): ext4_enable_quotas:7142: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 101.547944][ T8335] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 101.562197][ T8335] EXT4-fs error (device loop2): ext4_orphan_get:1415: comm syz.2.1808: bad orphan inode 16 [ 101.572681][ T8335] ext4_test_bit(bit=15, block=18) = 1 [ 101.578152][ T8335] is_bad_inode(inode)=0 [ 101.582319][ T8335] NEXT_ORPHAN(inode)=0 [ 101.586447][ T8335] max_ino=32 [ 101.589686][ T8335] i_nlink=2 [ 101.599162][ T8335] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 101.637331][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.703279][ T8372] netlink: 'syz.4.1821': attribute type 13 has an invalid length. [ 101.717456][ T8370] loop2: detected capacity change from 0 to 128 [ 101.732309][ T8370] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 101.744949][ T8370] ext4 filesystem being mounted at /380/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 101.830105][ T8385] team0: Device gtp0 is of different type [ 101.866035][ T8392] FAULT_INJECTION: forcing a failure. [ 101.866035][ T8392] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 101.879156][ T8392] CPU: 1 UID: 0 PID: 8392 Comm: syz.3.1828 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 101.879186][ T8392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 101.879201][ T8392] Call Trace: [ 101.879209][ T8392] [ 101.879235][ T8392] dump_stack_lvl+0xf2/0x150 [ 101.879259][ T8392] dump_stack+0x15/0x1a [ 101.879278][ T8392] should_fail_ex+0x223/0x230 [ 101.879311][ T8392] should_fail+0xb/0x10 [ 101.879339][ T8392] should_fail_usercopy+0x1a/0x20 [ 101.879373][ T8392] _copy_from_user+0x1c/0xa0 [ 101.879438][ T8392] copy_msghdr_from_user+0x54/0x2a0 [ 101.879468][ T8392] ? __fget_files+0x17c/0x1c0 [ 101.879498][ T8392] __sys_sendmsg+0x13e/0x230 [ 101.879540][ T8392] __x64_sys_sendmsg+0x46/0x50 [ 101.879643][ T8392] x64_sys_call+0x2734/0x2dc0 [ 101.879667][ T8392] do_syscall_64+0xc9/0x1c0 [ 101.879735][ T8392] ? clear_bhb_loop+0x55/0xb0 [ 101.879759][ T8392] ? clear_bhb_loop+0x55/0xb0 [ 101.879822][ T8392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.879869][ T8392] RIP: 0033:0x7f1e4e2bcd29 [ 101.879884][ T8392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.879901][ T8392] RSP: 002b:00007f1e4c927038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 101.879921][ T8392] RAX: ffffffffffffffda RBX: 00007f1e4e4d5fa0 RCX: 00007f1e4e2bcd29 [ 101.879933][ T8392] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003 [ 101.879944][ T8392] RBP: 00007f1e4c927090 R08: 0000000000000000 R09: 0000000000000000 [ 101.879955][ T8392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 101.880020][ T8392] R13: 0000000000000000 R14: 00007f1e4e4d5fa0 R15: 00007ffc2c3ad968 [ 101.880057][ T8392] [ 101.882184][ T8393] hub 6-0:1.0: USB hub found [ 102.007869][ T8370] Set syz1 is full, maxelem 65536 reached [ 102.016618][ T8393] hub 6-0:1.0: 8 ports detected [ 102.094563][ T3304] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 102.109758][ T8399] loop3: detected capacity change from 0 to 512 [ 102.118055][ T8398] loop0: detected capacity change from 0 to 512 [ 102.148245][ T8398] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.161998][ T8399] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 102.164669][ T8398] ext4 filesystem being mounted at /315/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.199728][ T8399] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.219893][ T8399] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1145: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 102.250687][ T8398] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.260998][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.274866][ T8415] hsr0: entered promiscuous mode [ 102.311802][ T8420] netlink: 'syz.4.1837': attribute type 13 has an invalid length. [ 102.349314][ T8425] hsr0: left promiscuous mode [ 102.399061][ T8430] loop0: detected capacity change from 0 to 128 [ 102.424343][ T8430] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 102.459485][ T8438] loop3: detected capacity change from 0 to 128 [ 102.465489][ T8430] ext4 filesystem being mounted at /317/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 102.491695][ T8441] __nla_validate_parse: 4 callbacks suppressed [ 102.491715][ T8441] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1845'. [ 102.517827][ T8438] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 102.530873][ T8438] ext4 filesystem being mounted at /369/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 102.585379][ T8451] loop4: detected capacity change from 0 to 128 [ 102.606554][ T3302] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 102.617101][ T8452] hub 6-0:1.0: USB hub found [ 102.621836][ T8452] hub 6-0:1.0: 8 ports detected [ 102.718179][ T8458] FAULT_INJECTION: forcing a failure. [ 102.718179][ T8458] name failslab, interval 1, probability 0, space 0, times 0 [ 102.730854][ T8458] CPU: 0 UID: 0 PID: 8458 Comm: syz.1.1852 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 102.730884][ T8458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 102.730899][ T8458] Call Trace: [ 102.730906][ T8458] [ 102.730914][ T8458] dump_stack_lvl+0xf2/0x150 [ 102.730954][ T8458] dump_stack+0x15/0x1a [ 102.730972][ T8458] should_fail_ex+0x223/0x230 [ 102.730998][ T8458] ? __se_sys_mount+0xf2/0x2d0 [ 102.731017][ T8458] should_failslab+0x8f/0xb0 [ 102.731037][ T8458] __kmalloc_cache_noprof+0x4e/0x320 [ 102.731144][ T8458] ? memdup_user+0x9f/0xc0 [ 102.731185][ T8458] __se_sys_mount+0xf2/0x2d0 [ 102.731208][ T8458] ? fput+0x1c4/0x200 [ 102.731233][ T8458] ? ksys_write+0x176/0x1b0 [ 102.731264][ T8458] __x64_sys_mount+0x67/0x80 [ 102.731343][ T8458] x64_sys_call+0x2c84/0x2dc0 [ 102.731491][ T8458] do_syscall_64+0xc9/0x1c0 [ 102.731530][ T8458] ? clear_bhb_loop+0x55/0xb0 [ 102.731554][ T8458] ? clear_bhb_loop+0x55/0xb0 [ 102.731578][ T8458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.731735][ T8458] RIP: 0033:0x7f2397e2cd29 [ 102.731753][ T8458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.731775][ T8458] RSP: 002b:00007f2396491038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 102.731810][ T8458] RAX: ffffffffffffffda RBX: 00007f2398045fa0 RCX: 00007f2397e2cd29 [ 102.731821][ T8458] RDX: 0000000020000280 RSI: 00000000200002c0 RDI: 0000000000000000 [ 102.731833][ T8458] RBP: 00007f2396491090 R08: 0000000020000340 R09: 0000000000000000 [ 102.731844][ T8458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 102.731858][ T8458] R13: 0000000000000000 R14: 00007f2398045fa0 R15: 00007ffd14aeb868 [ 102.731877][ T8458] [ 102.965706][ T8430] Set syz1 is full, maxelem 65536 reached [ 103.021059][ T8462] program syz.1.1854 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 103.055813][ T3305] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 103.094315][ T8477] loop0: detected capacity change from 0 to 128 [ 103.131046][ T8477] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 103.174398][ T8477] ext4 filesystem being mounted at /318/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 103.231672][ T8495] loop1: detected capacity change from 0 to 128 [ 103.257681][ T8495] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 103.270413][ T8495] ext4 filesystem being mounted at /351/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 103.352113][ T8502] hub 6-0:1.0: USB hub found [ 103.370224][ T8502] hub 6-0:1.0: 8 ports detected [ 103.462191][ T8477] Set syz1 is full, maxelem 65536 reached [ 103.468225][ T8507] hub 6-0:1.0: USB hub found [ 103.473147][ T8507] hub 6-0:1.0: 8 ports detected [ 103.494289][ T3297] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 103.540080][ T3305] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 103.564559][ T8513] xt_hashlimit: max too large, truncated to 1048576 [ 103.615709][ T8520] 9pnet_fd: Insufficient options for proto=fd [ 103.781616][ T8534] FAULT_INJECTION: forcing a failure. [ 103.781616][ T8534] name failslab, interval 1, probability 0, space 0, times 0 [ 103.794526][ T8534] CPU: 0 UID: 0 PID: 8534 Comm: syz.1.1884 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 103.794547][ T8534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 103.794558][ T8534] Call Trace: [ 103.794563][ T8534] [ 103.794569][ T8534] dump_stack_lvl+0xf2/0x150 [ 103.794589][ T8534] dump_stack+0x15/0x1a [ 103.794602][ T8534] should_fail_ex+0x223/0x230 [ 103.794747][ T8534] ? sctp_add_bind_addr+0x6f/0x1e0 [ 103.794771][ T8534] should_failslab+0x8f/0xb0 [ 103.794788][ T8534] __kmalloc_cache_noprof+0x4e/0x320 [ 103.794811][ T8534] ? sctp_get_port_local+0x79c/0xa90 [ 103.794846][ T8534] sctp_add_bind_addr+0x6f/0x1e0 [ 103.794869][ T8534] sctp_do_bind+0x434/0x4c0 [ 103.794925][ T8534] sctp_connect_new_asoc+0x15b/0x3b0 [ 103.795012][ T8534] sctp_sendmsg+0xf05/0x1920 [ 103.795044][ T8534] ? __pfx_sctp_sendmsg+0x10/0x10 [ 103.795218][ T8534] inet_sendmsg+0xc5/0xd0 [ 103.795235][ T8534] __sock_sendmsg+0x102/0x180 [ 103.795269][ T8534] __sys_sendto+0x1a8/0x230 [ 103.795402][ T8534] __x64_sys_sendto+0x78/0x90 [ 103.795442][ T8534] x64_sys_call+0x29fa/0x2dc0 [ 103.795467][ T8534] do_syscall_64+0xc9/0x1c0 [ 103.795600][ T8534] ? clear_bhb_loop+0x55/0xb0 [ 103.795618][ T8534] ? clear_bhb_loop+0x55/0xb0 [ 103.795635][ T8534] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.795665][ T8534] RIP: 0033:0x7f2397e2cd29 [ 103.795729][ T8534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.795747][ T8534] RSP: 002b:00007f2396491038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 103.795765][ T8534] RAX: ffffffffffffffda RBX: 00007f2398045fa0 RCX: 00007f2397e2cd29 [ 103.795775][ T8534] RDX: 0000000000034000 RSI: 0000000020000180 RDI: 0000000000000006 [ 103.795786][ T8534] RBP: 00007f2396491090 R08: 0000000020000480 R09: 000000000000001c [ 103.795796][ T8534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.795806][ T8534] R13: 0000000000000000 R14: 00007f2398045fa0 R15: 00007ffd14aeb868 [ 103.795822][ T8534] [ 104.023923][ T8538] netlink: 'syz.3.1887': attribute type 13 has an invalid length. [ 104.120098][ T8550] syz2: rxe_newlink: already configured on veth0_to_bond [ 104.193927][ T8556] rdma_rxe: rxe_newlink: failed to add veth0_to_bond [ 104.196880][ T8555] loop3: detected capacity change from 0 to 128 [ 104.228471][ T8555] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 104.240892][ T8555] ext4 filesystem being mounted at /378/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 104.289292][ T8555] hub 6-0:1.0: USB hub found [ 104.294034][ T8555] hub 6-0:1.0: 8 ports detected [ 104.304809][ T8563] FAULT_INJECTION: forcing a failure. [ 104.304809][ T8563] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 104.318024][ T8563] CPU: 1 UID: 0 PID: 8563 Comm: syz.1.1896 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 104.318053][ T8563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 104.318068][ T8563] Call Trace: [ 104.318076][ T8563] [ 104.318085][ T8563] dump_stack_lvl+0xf2/0x150 [ 104.318190][ T8563] dump_stack+0x15/0x1a [ 104.318206][ T8563] should_fail_ex+0x223/0x230 [ 104.318238][ T8563] should_fail+0xb/0x10 [ 104.318266][ T8563] should_fail_usercopy+0x1a/0x20 [ 104.318295][ T8563] _copy_to_user+0x20/0xa0 [ 104.318365][ T8563] simple_read_from_buffer+0xa0/0x110 [ 104.318405][ T8563] proc_fail_nth_read+0xf9/0x140 [ 104.318441][ T8563] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 104.318585][ T8563] vfs_read+0x1a2/0x700 [ 104.318615][ T8563] ? __rcu_read_unlock+0x4e/0x70 [ 104.318653][ T8563] ? __fget_files+0x17c/0x1c0 [ 104.318681][ T8563] ksys_read+0xe8/0x1b0 [ 104.318769][ T8563] __x64_sys_read+0x42/0x50 [ 104.318798][ T8563] x64_sys_call+0x2874/0x2dc0 [ 104.318824][ T8563] do_syscall_64+0xc9/0x1c0 [ 104.318897][ T8563] ? clear_bhb_loop+0x55/0xb0 [ 104.318922][ T8563] ? clear_bhb_loop+0x55/0xb0 [ 104.318993][ T8563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.319037][ T8563] RIP: 0033:0x7f2397e2b73c [ 104.319051][ T8563] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 104.319138][ T8563] RSP: 002b:00007f2396491030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 104.319159][ T8563] RAX: ffffffffffffffda RBX: 00007f2398045fa0 RCX: 00007f2397e2b73c [ 104.319171][ T8563] RDX: 000000000000000f RSI: 00007f23964910a0 RDI: 0000000000000004 [ 104.319182][ T8563] RBP: 00007f2396491090 R08: 0000000000000000 R09: 0000000000000000 [ 104.319193][ T8563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.319204][ T8563] R13: 0000000000000000 R14: 00007f2398045fa0 R15: 00007ffd14aeb868 [ 104.319285][ T8563] [ 104.330316][ T3302] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 104.588821][ T8569] macsec1: entered allmulticast mode [ 104.594304][ T8569] syz_tun: entered allmulticast mode [ 104.604009][ T8569] syz_tun: left allmulticast mode [ 104.626334][ T8574] loop0: detected capacity change from 0 to 128 [ 104.671253][ T8574] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 104.702743][ T8574] ext4 filesystem being mounted at /323/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 104.792108][ T3305] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 104.816386][ T8597] netlink: 'syz.1.1908': attribute type 13 has an invalid length. [ 104.821779][ T29] kauditd_printk_skb: 265 callbacks suppressed [ 104.821797][ T29] audit: type=1326 audit(1737671189.655:6612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8599 comm="syz.4.1911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 104.854017][ T29] audit: type=1326 audit(1737671189.655:6613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8599 comm="syz.4.1911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 104.864346][ T8602] hsr0: entered promiscuous mode [ 104.885584][ T29] audit: type=1326 audit(1737671189.715:6614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8599 comm="syz.4.1911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 104.909018][ T29] audit: type=1326 audit(1737671189.715:6615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8599 comm="syz.4.1911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 104.932521][ T29] audit: type=1326 audit(1737671189.715:6616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8599 comm="syz.4.1911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 104.963319][ T8600] loop4: detected capacity change from 0 to 512 [ 104.971609][ T29] audit: type=1326 audit(1737671189.725:6617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8599 comm="syz.4.1911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 104.995485][ T29] audit: type=1326 audit(1737671189.725:6618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8599 comm="syz.4.1911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 105.018946][ T29] audit: type=1326 audit(1737671189.725:6619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8599 comm="syz.4.1911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 105.042715][ T29] audit: type=1326 audit(1737671189.725:6620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8599 comm="syz.4.1911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 105.042750][ T29] audit: type=1326 audit(1737671189.725:6621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8599 comm="syz.4.1911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fb812cd29 code=0x7ffc0000 [ 105.089843][ T8611] hsr0: left promiscuous mode [ 105.096091][ T8600] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.145452][ T8600] ext4 filesystem being mounted at /442/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.164308][ T8616] FAULT_INJECTION: forcing a failure. [ 105.164308][ T8616] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 105.177449][ T8616] CPU: 0 UID: 0 PID: 8616 Comm: syz.2.1916 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 105.177479][ T8616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 105.177495][ T8616] Call Trace: [ 105.177503][ T8616] [ 105.177512][ T8616] dump_stack_lvl+0xf2/0x150 [ 105.177577][ T8616] dump_stack+0x15/0x1a [ 105.177601][ T8616] should_fail_ex+0x223/0x230 [ 105.177637][ T8616] should_fail+0xb/0x10 [ 105.177663][ T8616] should_fail_usercopy+0x1a/0x20 [ 105.177698][ T8616] _copy_to_user+0x20/0xa0 [ 105.177730][ T8616] simple_read_from_buffer+0xa0/0x110 [ 105.177781][ T8616] proc_fail_nth_read+0xf9/0x140 [ 105.177820][ T8616] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 105.177854][ T8616] vfs_read+0x1a2/0x700 [ 105.177906][ T8616] ? __rcu_read_unlock+0x4e/0x70 [ 105.177945][ T8616] ? __fget_files+0x17c/0x1c0 [ 105.177969][ T8616] ksys_read+0xe8/0x1b0 [ 105.177998][ T8616] __x64_sys_read+0x42/0x50 [ 105.178075][ T8616] x64_sys_call+0x2874/0x2dc0 [ 105.178102][ T8616] do_syscall_64+0xc9/0x1c0 [ 105.178143][ T8616] ? clear_bhb_loop+0x55/0xb0 [ 105.178165][ T8616] ? clear_bhb_loop+0x55/0xb0 [ 105.178232][ T8616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.178297][ T8616] RIP: 0033:0x7fbd875ab73c [ 105.178312][ T8616] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 105.178334][ T8616] RSP: 002b:00007fbd85c11030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 105.178365][ T8616] RAX: ffffffffffffffda RBX: 00007fbd877c5fa0 RCX: 00007fbd875ab73c [ 105.178379][ T8616] RDX: 000000000000000f RSI: 00007fbd85c110a0 RDI: 0000000000000004 [ 105.178394][ T8616] RBP: 00007fbd85c11090 R08: 0000000000000000 R09: 0000000000000000 [ 105.178409][ T8616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.178421][ T8616] R13: 0000000000000000 R14: 00007fbd877c5fa0 R15: 00007ffdc68ad408 [ 105.178443][ T8616] [ 105.383433][ T8633] netlink: 'syz.1.1922': attribute type 13 has an invalid length. [ 105.402117][ T8600] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.412535][ T8618] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 105.494205][ T8646] FAULT_INJECTION: forcing a failure. [ 105.494205][ T8646] name failslab, interval 1, probability 0, space 0, times 0 [ 105.507039][ T8646] CPU: 0 UID: 0 PID: 8646 Comm: syz.4.1929 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 105.507067][ T8646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 105.507080][ T8646] Call Trace: [ 105.507087][ T8646] [ 105.507096][ T8646] dump_stack_lvl+0xf2/0x150 [ 105.507174][ T8646] dump_stack+0x15/0x1a [ 105.507193][ T8646] should_fail_ex+0x223/0x230 [ 105.507406][ T8646] ? sctp_add_bind_addr+0x6f/0x1e0 [ 105.507436][ T8646] should_failslab+0x8f/0xb0 [ 105.507459][ T8646] __kmalloc_cache_noprof+0x4e/0x320 [ 105.507490][ T8646] ? sctp_get_port_local+0x79c/0xa90 [ 105.507602][ T8646] sctp_add_bind_addr+0x6f/0x1e0 [ 105.507634][ T8646] sctp_do_bind+0x434/0x4c0 [ 105.507747][ T8646] sctp_connect_new_asoc+0x15b/0x3b0 [ 105.507784][ T8646] sctp_sendmsg+0xf05/0x1920 [ 105.507820][ T8646] ? __pfx_sctp_sendmsg+0x10/0x10 [ 105.507851][ T8646] inet_sendmsg+0xc5/0xd0 [ 105.507874][ T8646] __sock_sendmsg+0x102/0x180 [ 105.507903][ T8646] __sys_sendto+0x1a8/0x230 [ 105.507962][ T8646] __x64_sys_sendto+0x78/0x90 [ 105.508012][ T8646] x64_sys_call+0x29fa/0x2dc0 [ 105.508033][ T8646] do_syscall_64+0xc9/0x1c0 [ 105.508154][ T8646] ? clear_bhb_loop+0x55/0xb0 [ 105.508176][ T8646] ? clear_bhb_loop+0x55/0xb0 [ 105.508198][ T8646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.508236][ T8646] RIP: 0033:0x7f5fb812cd29 [ 105.508329][ T8646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.508392][ T8646] RSP: 002b:00007f5fb6797038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 105.508413][ T8646] RAX: ffffffffffffffda RBX: 00007f5fb8345fa0 RCX: 00007f5fb812cd29 [ 105.508427][ T8646] RDX: 0000000000034000 RSI: 0000000020000180 RDI: 0000000000000006 [ 105.508440][ T8646] RBP: 00007f5fb6797090 R08: 0000000020000480 R09: 000000000000001c [ 105.508454][ T8646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.508467][ T8646] R13: 0000000000000000 R14: 00007f5fb8345fa0 R15: 00007ffc5c7110f8 [ 105.508545][ T8646] [ 105.512570][ T8641] bond_slave_1: mtu less than device minimum [ 105.667685][ T8660] process 'syz.0.1927' launched './file1' with NULL argv: empty string added [ 105.783983][ T8665] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1936'. [ 105.862925][ T8662] netlink: 'syz.3.1934': attribute type 13 has an invalid length. [ 105.886889][ T8672] FAULT_INJECTION: forcing a failure. [ 105.886889][ T8672] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 105.900096][ T8672] CPU: 0 UID: 0 PID: 8672 Comm: syz.2.1938 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 105.900120][ T8672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 105.900190][ T8672] Call Trace: [ 105.900197][ T8672] [ 105.900205][ T8672] dump_stack_lvl+0xf2/0x150 [ 105.900233][ T8672] dump_stack+0x15/0x1a [ 105.900253][ T8672] should_fail_ex+0x223/0x230 [ 105.900354][ T8672] should_fail+0xb/0x10 [ 105.900378][ T8672] should_fail_usercopy+0x1a/0x20 [ 105.900406][ T8672] strncpy_from_user+0x25/0x210 [ 105.900430][ T8672] strncpy_from_user_nofault+0x66/0xe0 [ 105.900486][ T8672] bpf_probe_read_compat_str+0xb3/0x130 [ 105.900513][ T8672] bpf_prog_597e1462992804d8+0x46/0x48 [ 105.900528][ T8672] bpf_trace_run2+0x104/0x1d0 [ 105.900648][ T8672] ? selinux_release_secctx+0x45/0x80 [ 105.900678][ T8672] ? selinux_release_secctx+0x45/0x80 [ 105.900796][ T8672] kfree+0x247/0x2f0 [ 105.900825][ T8672] ? audit_log_format+0x8b/0xc0 [ 105.900858][ T8672] selinux_release_secctx+0x45/0x80 [ 105.900885][ T8672] security_release_secctx+0x41/0x60 [ 105.901012][ T8672] audit_log_task_context+0xb2/0x180 [ 105.901048][ T8672] audit_log_task+0xf9/0x1c0 [ 105.901079][ T8672] audit_seccomp+0x68/0x130 [ 105.901165][ T8672] __seccomp_filter+0x6fa/0x1180 [ 105.901203][ T8672] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 105.901245][ T8672] ? vfs_write+0x596/0x920 [ 105.901302][ T8672] __secure_computing+0x9f/0x1c0 [ 105.901336][ T8672] syscall_trace_enter+0xd1/0x1f0 [ 105.901377][ T8672] ? fpregs_assert_state_consistent+0x83/0xa0 [ 105.901421][ T8672] do_syscall_64+0xaa/0x1c0 [ 105.901526][ T8672] ? clear_bhb_loop+0x55/0xb0 [ 105.901550][ T8672] ? clear_bhb_loop+0x55/0xb0 [ 105.901569][ T8672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.901616][ T8672] RIP: 0033:0x7fbd875acd29 [ 105.901647][ T8672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.901668][ T8672] RSP: 002b:00007fbd85c11038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 105.901691][ T8672] RAX: ffffffffffffffda RBX: 00007fbd877c5fa0 RCX: 00007fbd875acd29 [ 105.901706][ T8672] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: ffffffffffffffff [ 105.901717][ T8672] RBP: 00007fbd85c11090 R08: 0000000100000000 R09: 0000000000000005 [ 105.901757][ T8672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.901767][ T8672] R13: 0000000000000000 R14: 00007fbd877c5fa0 R15: 00007ffdc68ad408 [ 105.901833][ T8672] [ 105.914666][ T8675] loop3: detected capacity change from 0 to 128 [ 105.943522][ T8677] loop2: detected capacity change from 0 to 128 [ 105.970326][ T8675] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 106.182049][ T8679] loop4: detected capacity change from 0 to 256 [ 106.225074][ T8679] FAT-fs (loop4): IO charset macturkish not found [ 106.343068][ T8677] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 106.392355][ T8677] ext4 filesystem being mounted at /404/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 106.452829][ T8675] ext4 filesystem being mounted at /388/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 106.650879][ T8675] hub 6-0:1.0: USB hub found [ 106.666026][ T8675] hub 6-0:1.0: 8 ports detected [ 106.691229][ T8689] netlink: 'syz.1.1944': attribute type 13 has an invalid length. [ 106.701100][ T3302] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 106.853494][ T8693] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1945'. [ 106.953458][ T8695] loop1: detected capacity change from 0 to 512 [ 106.960296][ T8695] EXT4-fs: Ignoring removed i_version option [ 106.966434][ T8695] EXT4-fs: Ignoring removed mblk_io_submit option [ 106.993081][ T8707] loop3: detected capacity change from 0 to 128 [ 107.003039][ T8695] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 107.023699][ T8707] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 107.038003][ T8695] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2863: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 107.051674][ T8707] ext4 filesystem being mounted at /390/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 107.063334][ T8695] EXT4-fs (loop1): 1 truncate cleaned up [ 107.071799][ T8695] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.105354][ T8695] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 107.125923][ T8707] hub 6-0:1.0: USB hub found [ 107.130792][ T8707] hub 6-0:1.0: 8 ports detected [ 107.201425][ T8677] Set syz1 is full, maxelem 65536 reached [ 107.229552][ T3302] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 107.239268][ T3297] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.262142][ T8712] netlink: 4856 bytes leftover after parsing attributes in process `syz.1.1950'. [ 107.296425][ T3304] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 107.340868][ T8714] netlink: 'syz.3.1949': attribute type 13 has an invalid length. [ 107.401594][ T8720] xt_hashlimit: max too large, truncated to 1048576 [ 107.438459][ T8718] FAULT_INJECTION: forcing a failure. [ 107.438459][ T8718] name failslab, interval 1, probability 0, space 0, times 0 [ 107.451272][ T8718] CPU: 1 UID: 0 PID: 8718 Comm: syz.1.1952 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 107.451301][ T8718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 107.451316][ T8718] Call Trace: [ 107.451324][ T8718] [ 107.451332][ T8718] dump_stack_lvl+0xf2/0x150 [ 107.451354][ T8718] dump_stack+0x15/0x1a [ 107.451369][ T8718] should_fail_ex+0x223/0x230 [ 107.451468][ T8718] ? genl_start+0x11e/0x3a0 [ 107.451504][ T8718] should_failslab+0x8f/0xb0 [ 107.451528][ T8718] __kmalloc_cache_noprof+0x4e/0x320 [ 107.451641][ T8718] genl_start+0x11e/0x3a0 [ 107.451671][ T8718] __netlink_dump_start+0x32a/0x520 [ 107.451700][ T8718] genl_rcv_msg+0x4e5/0x6c0 [ 107.451815][ T8718] ? __pfx_nl80211_dump_survey+0x10/0x10 [ 107.451846][ T8718] ? __pfx_genl_start+0x10/0x10 [ 107.451877][ T8718] ? __pfx_genl_dumpit+0x10/0x10 [ 107.451907][ T8718] ? __pfx_genl_done+0x10/0x10 [ 107.451974][ T8718] netlink_rcv_skb+0x12c/0x230 [ 107.451996][ T8718] ? __pfx_genl_rcv_msg+0x10/0x10 [ 107.452036][ T8718] genl_rcv+0x28/0x40 [ 107.452067][ T8718] netlink_unicast+0x599/0x670 [ 107.452090][ T8718] netlink_sendmsg+0x5cc/0x6e0 [ 107.452130][ T8718] ? __pfx_netlink_sendmsg+0x10/0x10 [ 107.452161][ T8718] __sock_sendmsg+0x140/0x180 [ 107.452196][ T8718] ____sys_sendmsg+0x312/0x410 [ 107.452265][ T8718] __sys_sendmsg+0x19d/0x230 [ 107.452306][ T8718] __x64_sys_sendmsg+0x46/0x50 [ 107.452331][ T8718] x64_sys_call+0x2734/0x2dc0 [ 107.452357][ T8718] do_syscall_64+0xc9/0x1c0 [ 107.452394][ T8718] ? clear_bhb_loop+0x55/0xb0 [ 107.452451][ T8718] ? clear_bhb_loop+0x55/0xb0 [ 107.452474][ T8718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.452515][ T8718] RIP: 0033:0x7f2397e2cd29 [ 107.452533][ T8718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.452591][ T8718] RSP: 002b:00007f2396491038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 107.452663][ T8718] RAX: ffffffffffffffda RBX: 00007f2398045fa0 RCX: 00007f2397e2cd29 [ 107.452677][ T8718] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000009 [ 107.452772][ T8718] RBP: 00007f2396491090 R08: 0000000000000000 R09: 0000000000000000 [ 107.452783][ T8718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.452795][ T8718] R13: 0000000000000000 R14: 00007f2398045fa0 R15: 00007ffd14aeb868 [ 107.452812][ T8718] [ 107.806332][ T8738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 107.814948][ T8738] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 107.864763][ T8738] loop2: detected capacity change from 0 to 2048 [ 107.871492][ T8738] EXT4-fs: Ignoring removed mblk_io_submit option [ 107.896120][ T8738] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.069628][ T8745] team0: Device gtp0 is of different type [ 108.088249][ T8738] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1958: bg 0: block 234: padding at end of block bitmap is not set [ 108.102926][ T8738] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 117 [ 108.115813][ T8738] EXT4-fs (loop2): This should not happen!! Data will be lost [ 108.115813][ T8738] [ 108.164154][ T8754] loop4: detected capacity change from 0 to 512 [ 108.175048][ T8754] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.246669][ T8754] rdma_rxe: rxe_newlink: failed to add veth0_to_bond [ 108.275039][ T8761] loop1: detected capacity change from 0 to 128 [ 108.307593][ T3296] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.326569][ T8761] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 108.356367][ T8761] ext4 filesystem being mounted at /378/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 108.441111][ T8761] hub 6-0:1.0: USB hub found [ 108.446000][ T8761] hub 6-0:1.0: 8 ports detected [ 108.541818][ T8775] netlink: 'syz.0.1974': attribute type 11 has an invalid length. [ 108.568024][ T3297] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 108.577584][ T8776] netlink: 'syz.0.1974': attribute type 11 has an invalid length. [ 108.701059][ T8786] loop1: detected capacity change from 0 to 512 [ 108.731310][ T8786] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 108.758728][ T8786] ext4 filesystem being mounted at /379/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.772843][ T8786] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8786 comm=syz.1.1976 [ 108.843917][ T3297] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 108.860667][ T8798] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1981'. [ 109.054545][ T8818] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1988'. [ 109.155247][ T8825] ipvlan2: entered promiscuous mode [ 109.161240][ T8825] bridge0: port 3(ipvlan2) entered blocking state [ 109.167752][ T8825] bridge0: port 3(ipvlan2) entered disabled state [ 109.174503][ T8825] ipvlan2: entered allmulticast mode [ 109.179871][ T8825] bridge0: entered allmulticast mode [ 109.185840][ T8825] ipvlan2: left allmulticast mode [ 109.191033][ T8825] bridge0: left allmulticast mode [ 109.529135][ T8827] loop4: detected capacity change from 0 to 128 [ 109.539049][ T8827] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 109.557879][ T8827] ext4 filesystem being mounted at /455/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 109.581156][ T3296] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 109.618944][ T8830] hsr0: entered promiscuous mode [ 109.685085][ T8837] hsr0: left promiscuous mode [ 109.716969][ T8844] FAULT_INJECTION: forcing a failure. [ 109.716969][ T8844] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.730274][ T8844] CPU: 0 UID: 0 PID: 8844 Comm: syz.0.1998 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 109.730318][ T8844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 109.730329][ T8844] Call Trace: [ 109.730335][ T8844] [ 109.730341][ T8844] dump_stack_lvl+0xf2/0x150 [ 109.730361][ T8844] dump_stack+0x15/0x1a [ 109.730375][ T8844] should_fail_ex+0x223/0x230 [ 109.730399][ T8844] should_fail+0xb/0x10 [ 109.730431][ T8844] should_fail_usercopy+0x1a/0x20 [ 109.730497][ T8844] _copy_from_user+0x1c/0xa0 [ 109.730523][ T8844] kstrtouint_from_user+0x76/0xe0 [ 109.730545][ T8844] ? 0xffffffff81000000 [ 109.730596][ T8844] ? selinux_file_permission+0x22a/0x360 [ 109.730625][ T8844] proc_fail_nth_write+0x4f/0x150 [ 109.730654][ T8844] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 109.730721][ T8844] vfs_write+0x281/0x920 [ 109.730813][ T8844] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 109.730843][ T8844] ? __fget_files+0x17c/0x1c0 [ 109.730864][ T8844] ksys_write+0xe8/0x1b0 [ 109.730924][ T8844] __x64_sys_write+0x42/0x50 [ 109.730966][ T8844] x64_sys_call+0x287e/0x2dc0 [ 109.730984][ T8844] do_syscall_64+0xc9/0x1c0 [ 109.731015][ T8844] ? clear_bhb_loop+0x55/0xb0 [ 109.731032][ T8844] ? clear_bhb_loop+0x55/0xb0 [ 109.731095][ T8844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.731170][ T8844] RIP: 0033:0x7f55bb62b7df [ 109.731181][ T8844] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 109.731197][ T8844] RSP: 002b:00007f55b9c91030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 109.731212][ T8844] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f55bb62b7df [ 109.731223][ T8844] RDX: 0000000000000001 RSI: 00007f55b9c910a0 RDI: 0000000000000005 [ 109.731235][ T8844] RBP: 00007f55b9c91090 R08: 0000000000000000 R09: 0000000000000000 [ 109.731277][ T8844] R10: 0000000000000060 R11: 0000000000000293 R12: 0000000000000001 [ 109.731298][ T8844] R13: 0000000000000000 R14: 00007f55bb845fa0 R15: 00007ffc7ba5fde8 [ 109.731315][ T8844] [ 110.020946][ T29] kauditd_printk_skb: 265 callbacks suppressed [ 110.020962][ T29] audit: type=1400 audit(1737671194.855:6887): avc: denied { create } for pid=8851 comm="syz.0.2001" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 110.031889][ T8855] team0: Device gtp0 is of different type [ 110.046875][ T29] audit: type=1400 audit(1737671194.855:6888): avc: denied { create } for pid=8851 comm="syz.0.2001" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 110.102816][ T8868] xt_hashlimit: max too large, truncated to 1048576 [ 110.161698][ T8878] FAULT_INJECTION: forcing a failure. [ 110.161698][ T8878] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 110.174953][ T8878] CPU: 0 UID: 0 PID: 8878 Comm: syz.3.2012 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 110.174979][ T8878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 110.174992][ T8878] Call Trace: [ 110.174999][ T8878] [ 110.175008][ T8878] dump_stack_lvl+0xf2/0x150 [ 110.175036][ T8878] dump_stack+0x15/0x1a [ 110.175056][ T8878] should_fail_ex+0x223/0x230 [ 110.175124][ T8878] should_fail+0xb/0x10 [ 110.175152][ T8878] should_fail_usercopy+0x1a/0x20 [ 110.175180][ T8878] _copy_to_user+0x20/0xa0 [ 110.175222][ T8878] simple_read_from_buffer+0xa0/0x110 [ 110.175297][ T8878] proc_fail_nth_read+0xf9/0x140 [ 110.175336][ T8878] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 110.175375][ T8878] vfs_read+0x1a2/0x700 [ 110.175489][ T8878] ? __rcu_read_unlock+0x4e/0x70 [ 110.175617][ T8878] ? __fget_files+0x17c/0x1c0 [ 110.175640][ T8878] ksys_read+0xe8/0x1b0 [ 110.175670][ T8878] __x64_sys_read+0x42/0x50 [ 110.175701][ T8878] x64_sys_call+0x2874/0x2dc0 [ 110.175735][ T8878] do_syscall_64+0xc9/0x1c0 [ 110.175769][ T8878] ? clear_bhb_loop+0x55/0xb0 [ 110.175788][ T8878] ? clear_bhb_loop+0x55/0xb0 [ 110.175812][ T8878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.175919][ T8878] RIP: 0033:0x7f1e4e2bb73c [ 110.175933][ T8878] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 110.175954][ T8878] RSP: 002b:00007f1e4c927030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 110.175976][ T8878] RAX: ffffffffffffffda RBX: 00007f1e4e4d5fa0 RCX: 00007f1e4e2bb73c [ 110.175990][ T8878] RDX: 000000000000000f RSI: 00007f1e4c9270a0 RDI: 0000000000000005 [ 110.176005][ T8878] RBP: 00007f1e4c927090 R08: 0000000000000000 R09: 0000000000000000 [ 110.176074][ T8878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 110.176086][ T8878] R13: 0000000000000000 R14: 00007f1e4e4d5fa0 R15: 00007ffc2c3ad968 [ 110.176103][ T8878] [ 110.371180][ T8877] netlink: 'syz.1.2011': attribute type 13 has an invalid length. [ 110.443301][ T8889] ipvlan2: entered promiscuous mode [ 110.455201][ T8889] bridge0: port 3(ipvlan2) entered blocking state [ 110.461782][ T8889] bridge0: port 3(ipvlan2) entered disabled state [ 110.470170][ T8889] ipvlan2: entered allmulticast mode [ 110.475660][ T8889] bridge0: entered allmulticast mode [ 110.482039][ T8889] ipvlan2: left allmulticast mode [ 110.487170][ T8889] bridge0: left allmulticast mode [ 110.497129][ T29] audit: type=1400 audit(1737671195.335:6889): avc: denied { read } for pid=8892 comm="syz.1.2018" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 110.520377][ T29] audit: type=1400 audit(1737671195.335:6890): avc: denied { open } for pid=8892 comm="syz.1.2018" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 110.550905][ T29] audit: type=1400 audit(1737671195.365:6891): avc: denied { ioctl } for pid=8892 comm="syz.1.2018" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x937c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 110.583603][ T8899] xt_hashlimit: max too large, truncated to 1048576 [ 110.659260][ T29] audit: type=1326 audit(1737671195.495:6892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2397e2cd29 code=0x7ffc0000 [ 110.682895][ T29] audit: type=1326 audit(1737671195.495:6893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f2397e2cd29 code=0x7ffc0000 [ 110.706593][ T29] audit: type=1326 audit(1737671195.495:6894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2397e2cd29 code=0x7ffc0000 [ 110.730100][ T29] audit: type=1326 audit(1737671195.495:6895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2397e2cd29 code=0x7ffc0000 [ 110.753583][ T29] audit: type=1326 audit(1737671195.495:6896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2397e2cd29 code=0x7ffc0000 [ 110.799705][ T50] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 110.812554][ T50] EXT4-fs (loop2): This should not happen!! Data will be lost [ 110.812554][ T50] [ 110.822317][ T50] EXT4-fs (loop2): Total free blocks count 0 [ 110.828340][ T50] EXT4-fs (loop2): Free/Dirty block details [ 110.834271][ T50] EXT4-fs (loop2): free_blocks=0 [ 110.839385][ T50] EXT4-fs (loop2): dirty_blocks=6144 [ 110.844693][ T50] EXT4-fs (loop2): Block reservation details [ 110.956449][ T8931] loop1: detected capacity change from 0 to 128 [ 110.966749][ T8934] xt_hashlimit: max too large, truncated to 1048576 [ 110.993044][ T8931] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 111.023541][ T8931] ext4 filesystem being mounted at /394/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 111.043605][ T8944] loop4: detected capacity change from 0 to 512 [ 111.083559][ T3297] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 111.092979][ T8944] EXT4-fs (loop4): 1 orphan inode deleted [ 111.101799][ T8944] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.114522][ T28] EXT4-fs error (device loop4): ext4_release_dquot:6947: comm kworker/u8:1: Failed to release dquot type 1 [ 111.116231][ T8952] FAULT_INJECTION: forcing a failure. [ 111.116231][ T8952] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.127276][ T8944] ext4 filesystem being mounted at /473/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 111.139094][ T8952] CPU: 1 UID: 0 PID: 8952 Comm: syz.0.2044 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 111.139170][ T8952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 111.139187][ T8952] Call Trace: [ 111.139195][ T8952] [ 111.139205][ T8952] dump_stack_lvl+0xf2/0x150 [ 111.139260][ T8952] dump_stack+0x15/0x1a [ 111.139281][ T8952] should_fail_ex+0x223/0x230 [ 111.139315][ T8952] should_fail+0xb/0x10 [ 111.139344][ T8952] should_fail_usercopy+0x1a/0x20 [ 111.139442][ T8952] _copy_to_user+0x20/0xa0 [ 111.139542][ T8952] simple_read_from_buffer+0xa0/0x110 [ 111.139653][ T8952] proc_fail_nth_read+0xf9/0x140 [ 111.139719][ T8952] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 111.139759][ T8952] vfs_read+0x1a2/0x700 [ 111.139821][ T8952] ? __rcu_read_unlock+0x4e/0x70 [ 111.139910][ T8952] ? __fget_files+0x17c/0x1c0 [ 111.139939][ T8952] ksys_read+0xe8/0x1b0 [ 111.140010][ T8952] __x64_sys_read+0x42/0x50 [ 111.140046][ T8952] x64_sys_call+0x2874/0x2dc0 [ 111.140151][ T8952] do_syscall_64+0xc9/0x1c0 [ 111.140192][ T8952] ? clear_bhb_loop+0x55/0xb0 [ 111.140222][ T8952] ? clear_bhb_loop+0x55/0xb0 [ 111.140246][ T8952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.140350][ T8952] RIP: 0033:0x7f55bb62b73c [ 111.140369][ T8952] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 111.140392][ T8952] RSP: 002b:00007f55b9c91030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 111.140473][ T8952] RAX: ffffffffffffffda RBX: 00007f55bb845fa0 RCX: 00007f55bb62b73c [ 111.140496][ T8952] RDX: 000000000000000f RSI: 00007f55b9c910a0 RDI: 0000000000000004 [ 111.140511][ T8952] RBP: 00007f55b9c91090 R08: 0000000000000000 R09: 0000000000000020 [ 111.140526][ T8952] R10: 0000000000004890 R11: 0000000000000246 R12: 0000000000000001 [ 111.140563][ T8952] R13: 0000000000000000 R14: 00007f55bb845fa0 R15: 00007ffc7ba5fde8 [ 111.140585][ T8952] [ 111.368862][ T8964] loop1: detected capacity change from 0 to 128 [ 111.377583][ T8944] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2039'. [ 111.406117][ T8964] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 111.424211][ T8964] ext4 filesystem being mounted at /397/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 111.441567][ T3296] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.473563][ T8975] team0: Device gtp0 is of different type [ 111.491207][ T8964] hub 6-0:1.0: USB hub found [ 111.496016][ T8964] hub 6-0:1.0: 8 ports detected [ 111.527234][ T3297] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 111.676527][ T9003] loop1: detected capacity change from 0 to 512 [ 111.688817][ T9003] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 111.716855][ T9003] EXT4-fs error (device loop1): ext4_acquire_dquot:6924: comm syz.1.2064: Failed to acquire dquot type 0 [ 111.728832][ T9003] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1145: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 111.744702][ T9003] EXT4-fs (loop1): 1 truncate cleaned up [ 111.751093][ T9003] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.837966][ T9033] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2074'. [ 111.886689][ T9039] xt_hashlimit: max too large, truncated to 1048576 [ 111.983899][ T9049] FAULT_INJECTION: forcing a failure. [ 111.983899][ T9049] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.988725][ T9053] loop2: detected capacity change from 0 to 128 [ 111.997059][ T9049] CPU: 1 UID: 0 PID: 9049 Comm: syz.4.2082 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 111.997126][ T9049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 111.997224][ T9049] Call Trace: [ 111.997232][ T9049] [ 111.997241][ T9049] dump_stack_lvl+0xf2/0x150 [ 111.997270][ T9049] dump_stack+0x15/0x1a [ 111.997291][ T9049] should_fail_ex+0x223/0x230 [ 111.997325][ T9049] should_fail+0xb/0x10 [ 111.997354][ T9049] should_fail_usercopy+0x1a/0x20 [ 111.997451][ T9049] _copy_to_user+0x20/0xa0 [ 111.997491][ T9049] simple_read_from_buffer+0xa0/0x110 [ 111.997576][ T9049] proc_fail_nth_read+0xf9/0x140 [ 111.997618][ T9049] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 111.997732][ T9049] vfs_read+0x1a2/0x700 [ 111.997767][ T9049] ? __rcu_read_unlock+0x4e/0x70 [ 111.997807][ T9049] ? __fget_files+0x17c/0x1c0 [ 111.997836][ T9049] ksys_read+0xe8/0x1b0 [ 111.997874][ T9049] __x64_sys_read+0x42/0x50 [ 111.997951][ T9049] x64_sys_call+0x2874/0x2dc0 [ 111.997978][ T9049] do_syscall_64+0xc9/0x1c0 [ 111.998018][ T9049] ? clear_bhb_loop+0x55/0xb0 [ 111.998112][ T9049] ? clear_bhb_loop+0x55/0xb0 [ 111.998205][ T9049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.998297][ T9049] RIP: 0033:0x7f5fb812b73c [ 111.998316][ T9049] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 111.998403][ T9049] RSP: 002b:00007f5fb6797030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 111.998426][ T9049] RAX: ffffffffffffffda RBX: 00007f5fb8345fa0 RCX: 00007f5fb812b73c [ 111.998441][ T9049] RDX: 000000000000000f RSI: 00007f5fb67970a0 RDI: 0000000000000005 [ 111.998456][ T9049] RBP: 00007f5fb6797090 R08: 0000000000000000 R09: 0000000000000000 [ 111.998470][ T9049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.998485][ T9049] R13: 0000000000000000 R14: 00007f5fb8345fa0 R15: 00007ffc5c7110f8 [ 111.998566][ T9049] [ 112.108924][ T9062] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2087'. [ 112.147478][ T9053] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 112.217770][ T9053] ext4 filesystem being mounted at /414/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 112.309707][ T9073] hub 6-0:1.0: USB hub found [ 112.314670][ T9073] hub 6-0:1.0: 8 ports detected [ 112.444965][ T9053] Set syz1 is full, maxelem 65536 reached [ 112.465984][ T3304] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 112.493158][ T3297] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.515139][ T9077] FAULT_INJECTION: forcing a failure. [ 112.515139][ T9077] name failslab, interval 1, probability 0, space 0, times 0 [ 112.528054][ T9077] CPU: 0 UID: 0 PID: 9077 Comm: syz.1.2092 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 112.528082][ T9077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 112.528097][ T9077] Call Trace: [ 112.528103][ T9077] [ 112.528189][ T9077] dump_stack_lvl+0xf2/0x150 [ 112.528215][ T9077] dump_stack+0x15/0x1a [ 112.528234][ T9077] should_fail_ex+0x223/0x230 [ 112.528287][ T9077] should_failslab+0x8f/0xb0 [ 112.528321][ T9077] kmem_cache_alloc_lru_noprof+0x57/0x320 [ 112.528418][ T9077] ? __d_alloc+0x3d/0x340 [ 112.528449][ T9077] __d_alloc+0x3d/0x340 [ 112.528531][ T9077] ? security_inode_alloc+0x37/0x100 [ 112.528561][ T9077] d_alloc_pseudo+0x1e/0x80 [ 112.528586][ T9077] alloc_file_pseudo+0x70/0x140 [ 112.528687][ T9077] ? inode_init_always_gfp+0x4b8/0x4f0 [ 112.528709][ T9077] sock_alloc_file+0x9b/0x1c0 [ 112.528754][ T9077] do_accept+0x1e3/0x390 [ 112.528795][ T9077] __sys_accept4+0xc3/0x150 [ 112.528835][ T9077] __x64_sys_accept4+0x53/0x60 [ 112.528893][ T9077] x64_sys_call+0x2824/0x2dc0 [ 112.528912][ T9077] do_syscall_64+0xc9/0x1c0 [ 112.528942][ T9077] ? clear_bhb_loop+0x55/0xb0 [ 112.528988][ T9077] ? clear_bhb_loop+0x55/0xb0 [ 112.529004][ T9077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.529100][ T9077] RIP: 0033:0x7f2397e2cd29 [ 112.529113][ T9077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.529136][ T9077] RSP: 002b:00007f2396491038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 112.529151][ T9077] RAX: ffffffffffffffda RBX: 00007f2398045fa0 RCX: 00007f2397e2cd29 [ 112.529207][ T9077] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 112.529220][ T9077] RBP: 00007f2396491090 R08: 0000000000000000 R09: 0000000000000000 [ 112.529262][ T9077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.529343][ T9077] R13: 0000000000000000 R14: 00007f2398045fa0 R15: 00007ffd14aeb868 [ 112.529359][ T9077] [ 112.665504][ T9082] netlink: 'syz.1.2093': attribute type 13 has an invalid length. [ 112.883440][ T9101] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 112.889891][ T9099] loop2: detected capacity change from 0 to 4096 [ 112.899934][ T9099] EXT4-fs: Ignoring removed orlov option [ 112.899922][ T9058] FAULT_INJECTION: forcing a failure. [ 112.899922][ T9058] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 112.905697][ T9099] EXT4-fs: Ignoring removed nomblk_io_submit option [ 112.919376][ T9058] CPU: 1 UID: 0 PID: 9058 Comm: syz.3.2085 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 112.919411][ T9058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 112.919428][ T9058] Call Trace: [ 112.919436][ T9058] [ 112.919446][ T9058] dump_stack_lvl+0xf2/0x150 [ 112.919474][ T9058] dump_stack+0x15/0x1a [ 112.919495][ T9058] should_fail_ex+0x223/0x230 [ 112.919552][ T9058] should_fail+0xb/0x10 [ 112.919611][ T9058] should_fail_usercopy+0x1a/0x20 [ 112.919680][ T9058] strncpy_from_user+0x25/0x210 [ 112.919706][ T9058] ? call_rcu+0x2fb/0x430 [ 112.919738][ T9058] strncpy_from_user_nofault+0x66/0xe0 [ 112.919819][ T9058] bpf_probe_read_compat_str+0xb3/0x130 [ 112.919853][ T9058] bpf_prog_e42f6260c1b72fb3+0x3e/0x40 [ 112.919872][ T9058] bpf_trace_run3+0x10c/0x1d0 [ 112.919912][ T9058] ? __dentry_kill+0x3d0/0x4c0 [ 112.919942][ T9058] ? __dentry_kill+0x3d0/0x4c0 [ 112.920033][ T9058] kmem_cache_free+0x237/0x2d0 [ 112.920104][ T9058] __dentry_kill+0x3d0/0x4c0 [ 112.920130][ T9058] ? fast_dput+0x2b1/0x2c0 [ 112.920170][ T9058] dput+0x5c/0xd0 [ 112.920193][ T9058] __fput+0x3fb/0x6d0 [ 112.920228][ T9058] ____fput+0x1c/0x30 [ 112.920257][ T9058] task_work_run+0x13a/0x1a0 [ 112.920292][ T9058] get_signal+0xe78/0x1000 [ 112.920336][ T9058] arch_do_signal_or_restart+0x95/0x4b0 [ 112.920385][ T9058] syscall_exit_to_user_mode+0x62/0x120 [ 112.920447][ T9058] do_syscall_64+0xd6/0x1c0 [ 112.920486][ T9058] ? clear_bhb_loop+0x55/0xb0 [ 112.920510][ T9058] ? clear_bhb_loop+0x55/0xb0 [ 112.920535][ T9058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.920675][ T9058] RIP: 0033:0x7f1e4e2bcd29 [ 112.920767][ T9058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.920789][ T9058] RSP: 002b:00007f1e4c927038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 112.920844][ T9058] RAX: fffffffffffffe00 RBX: 00007f1e4e4d5fa0 RCX: 00007f1e4e2bcd29 [ 112.920860][ T9058] RDX: 0000000000000001 RSI: 00000000200003c0 RDI: 0000000000000005 [ 112.920875][ T9058] RBP: 00007f1e4c927090 R08: 0000000000000000 R09: 0000000000000000 [ 112.920890][ T9058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.920942][ T9058] R13: 0000000000000000 R14: 00007f1e4e4d5fa0 R15: 00007ffc2c3ad968 [ 112.920964][ T9058] [ 113.073509][ T9108] netlink: 'syz.1.2105': attribute type 13 has an invalid length. [ 113.131163][ T9099] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 113.224972][ T9099] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 113.396717][ T9145] netlink: 'syz.0.2118': attribute type 13 has an invalid length. [ 113.459744][ T9157] bridge0: port 3(vlan2) entered blocking state [ 113.466169][ T9157] bridge0: port 3(vlan2) entered disabled state [ 113.472695][ T9157] vlan2: entered allmulticast mode [ 113.478489][ T9157] vlan2: left allmulticast mode [ 113.506229][ T9158] ipvlan3: entered promiscuous mode [ 113.511891][ T9158] bridge0: port 3(ipvlan3) entered blocking state [ 113.518427][ T9158] bridge0: port 3(ipvlan3) entered disabled state [ 113.520728][ T9159] xt_CT: You must specify a L4 protocol and not use inversions on it [ 113.525399][ T9158] ipvlan3: entered allmulticast mode [ 113.538823][ T9158] bridge0: entered allmulticast mode [ 113.544911][ T9158] ipvlan3: left allmulticast mode [ 113.550029][ T9158] bridge0: left allmulticast mode [ 113.564437][ T9157] netlink: 'syz.4.2124': attribute type 4 has an invalid length. [ 113.572264][ T9157] netlink: 'syz.4.2124': attribute type 2 has an invalid length. [ 113.622675][ T9161] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2125'. [ 113.795560][ T9177] xt_hashlimit: max too large, truncated to 1048576 [ 113.926892][ T9188] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2138'. [ 113.987592][ T9197] loop2: detected capacity change from 0 to 128 [ 114.003066][ T9197] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 114.015794][ T9197] ext4 filesystem being mounted at /434/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 114.122303][ T9207] hub 6-0:1.0: USB hub found [ 114.127159][ T9207] hub 6-0:1.0: 8 ports detected [ 114.260360][ T9197] Set syz1 is full, maxelem 65536 reached [ 114.269450][ T9211] netlink: 'syz.3.2148': attribute type 13 has an invalid length. [ 114.320042][ T9216] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 114.378227][ T9226] netlink: 'syz.2.2155': attribute type 13 has an invalid length. [ 114.394309][ T9228] 9pnet_fd: Insufficient options for proto=fd [ 114.409007][ T9231] hsr0: entered promiscuous mode [ 114.414838][ T9231] hsr0: left promiscuous mode [ 114.452940][ T9240] loop1: detected capacity change from 0 to 128 [ 114.472154][ T9240] ext4 filesystem being mounted at /417/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 114.523602][ T9240] hub 6-0:1.0: USB hub found [ 114.529891][ T9240] hub 6-0:1.0: 8 ports detected [ 114.618437][ T9266] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 114.655783][ T9275] hsr0: entered promiscuous mode [ 114.658062][ T9270] loop3: detected capacity change from 0 to 512 [ 114.675741][ T9275] hsr0: left promiscuous mode [ 114.710443][ T9270] syz2: rxe_newlink: already configured on veth0_to_bond [ 114.756873][ T9291] loop1: detected capacity change from 0 to 128 [ 114.777059][ T9291] ext4 filesystem being mounted at /422/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 114.845000][ T9291] hub 6-0:1.0: USB hub found [ 114.848708][ T9309] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2179'. [ 114.865264][ T9291] hub 6-0:1.0: 8 ports detected [ 114.930446][ T9324] loop1: detected capacity change from 0 to 128 [ 114.938082][ T9321] loop0: detected capacity change from 0 to 512 [ 114.956422][ T9327] loop3: detected capacity change from 0 to 128 [ 114.963500][ T9324] ext4 filesystem being mounted at /423/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 114.986186][ T9327] ext4 filesystem being mounted at /438/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 115.006143][ T9321] rdma_rxe: rxe_newlink: failed to add veth0_to_bond [ 115.030268][ T9327] hub 6-0:1.0: USB hub found [ 115.035126][ T9327] hub 6-0:1.0: 8 ports detected [ 115.082783][ T9341] loop0: detected capacity change from 0 to 128 [ 115.098080][ T9345] loop1: detected capacity change from 0 to 128 [ 115.119555][ T9341] ext4 filesystem being mounted at /382/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 115.130011][ T9345] ext4 filesystem being mounted at /426/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 115.184001][ T9345] hub 6-0:1.0: USB hub found [ 115.197713][ T9345] hub 6-0:1.0: 8 ports detected [ 115.237158][ T29] kauditd_printk_skb: 473 callbacks suppressed [ 115.237177][ T29] audit: type=1326 audit(1737671200.075:7367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9359 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 115.285802][ T9370] 9pnet_fd: Insufficient options for proto=fd [ 115.294389][ T9357] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2189'. [ 115.295441][ T29] audit: type=1326 audit(1737671200.075:7368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9359 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 115.326674][ T29] audit: type=1326 audit(1737671200.075:7369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9359 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 115.350114][ T29] audit: type=1326 audit(1737671200.075:7370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9359 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 115.373687][ T29] audit: type=1326 audit(1737671200.075:7371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9359 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 115.397230][ T29] audit: type=1326 audit(1737671200.075:7372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9359 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 115.420721][ T29] audit: type=1326 audit(1737671200.075:7373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9359 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 115.444133][ T29] audit: type=1326 audit(1737671200.075:7374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9359 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 115.467562][ T29] audit: type=1326 audit(1737671200.075:7375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9359 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 115.491111][ T29] audit: type=1326 audit(1737671200.075:7376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9359 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 115.501078][ T9377] loop0: detected capacity change from 0 to 128 [ 115.531980][ T9381] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2192'. [ 115.581748][ T9377] ext4 filesystem being mounted at /385/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 115.626223][ T9377] hub 6-0:1.0: USB hub found [ 115.637213][ T9377] hub 6-0:1.0: 8 ports detected [ 115.744115][ T9407] netlink: 'syz.0.2199': attribute type 13 has an invalid length. [ 115.995659][ T9448] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 116.090693][ T9469] xt_hashlimit: max too large, truncated to 1048576 [ 116.145115][ T9475] 9pnet_fd: Insufficient options for proto=fd [ 116.180742][ T9479] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2207'. [ 116.189853][ T9479] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2207'. [ 116.208091][ T9479] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2207'. [ 116.217575][ T9479] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2207'. [ 116.226739][ T9479] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2207'. [ 116.238424][ T9483] loop3: detected capacity change from 0 to 256 [ 116.274518][ T9488] loop1: detected capacity change from 0 to 128 [ 116.305484][ T9488] ext4 filesystem being mounted at /431/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 116.335702][ T9499] xt_hashlimit: max too large, truncated to 1048576 [ 116.371380][ T9503] netlink: 'syz.1.2217': attribute type 13 has an invalid length. [ 116.393312][ T9508] 9pnet_fd: Insufficient options for proto=fd [ 116.488073][ T9509] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2218'. [ 116.546671][ T9527] loop1: detected capacity change from 0 to 128 [ 116.576683][ T9527] ext4 filesystem being mounted at /436/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 116.623098][ T9536] 9pnet_fd: Insufficient options for proto=fd [ 116.671855][ T9541] ipvlan2: entered promiscuous mode [ 116.677615][ T9541] bridge0: port 3(ipvlan2) entered blocking state [ 116.684079][ T9541] bridge0: port 3(ipvlan2) entered disabled state [ 116.707153][ T9541] ipvlan2: entered allmulticast mode [ 116.712555][ T9541] bridge0: entered allmulticast mode [ 116.720587][ T9541] ipvlan2: left allmulticast mode [ 116.725749][ T9541] bridge0: left allmulticast mode [ 116.760302][ T9548] loop1: detected capacity change from 0 to 128 [ 116.768466][ T9548] ext4 filesystem being mounted at /438/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 116.915395][ T9544] hub 6-0:1.0: USB hub found [ 116.937116][ T9544] hub 6-0:1.0: 8 ports detected [ 116.976076][ T9554] loop0: detected capacity change from 0 to 512 [ 116.988386][ T9547] xt_HMARK: spi-set and port-set can't be combined [ 117.045619][ T9547] SELinux: syz.4.2237 (9547) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 117.093890][ T9561] xt_hashlimit: max too large, truncated to 1048576 [ 117.157200][ T9564] loop0: detected capacity change from 0 to 128 [ 117.188376][ T9564] ext4 filesystem being mounted at /402/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 117.358528][ T9578] xt_hashlimit: max too large, truncated to 1048576 [ 117.657609][ T9610] loop3: detected capacity change from 0 to 512 [ 117.679435][ T9610] EXT4-fs error (device loop3): ext4_ext_check_inode:524: inode #3: comm syz.3.2263: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 5, max 4(4), depth 0(0) [ 117.702334][ T9620] ipvlan2: entered promiscuous mode [ 117.707887][ T9620] bridge0: port 3(ipvlan2) entered blocking state [ 117.714346][ T9620] bridge0: port 3(ipvlan2) entered disabled state [ 117.721428][ T9620] ipvlan2: entered allmulticast mode [ 117.726771][ T9620] bridge0: entered allmulticast mode [ 117.739583][ T9610] EXT4-fs error (device loop3): ext4_quota_enable:7101: comm syz.3.2263: Bad quota inode: 3, type: 0 [ 117.751017][ T9620] ipvlan2: left allmulticast mode [ 117.756089][ T9620] bridge0: left allmulticast mode [ 117.761875][ T9610] EXT4-fs warning (device loop3): ext4_enable_quotas:7142: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 117.777056][ T9610] EXT4-fs (loop3): mount failed [ 117.925024][ T9624] FAULT_INJECTION: forcing a failure. [ 117.925024][ T9624] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 117.938179][ T9624] CPU: 1 UID: 0 PID: 9624 Comm: syz.3.2266 Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 117.938205][ T9624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 117.938266][ T9624] Call Trace: [ 117.938272][ T9624] [ 117.938279][ T9624] dump_stack_lvl+0xf2/0x150 [ 117.938301][ T9624] dump_stack+0x15/0x1a [ 117.938320][ T9624] should_fail_ex+0x223/0x230 [ 117.938350][ T9624] should_fail+0xb/0x10 [ 117.938380][ T9624] should_fail_usercopy+0x1a/0x20 [ 117.938463][ T9624] _copy_to_user+0x20/0xa0 [ 117.938527][ T9624] simple_read_from_buffer+0xa0/0x110 [ 117.938590][ T9624] proc_fail_nth_read+0xf9/0x140 [ 117.938623][ T9624] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 117.938679][ T9624] vfs_read+0x1a2/0x700 [ 117.938713][ T9624] ? __rcu_read_unlock+0x4e/0x70 [ 117.938749][ T9624] ? __fget_files+0x17c/0x1c0 [ 117.938772][ T9624] ksys_read+0xe8/0x1b0 [ 117.938881][ T9624] __x64_sys_read+0x42/0x50 [ 117.938915][ T9624] x64_sys_call+0x2874/0x2dc0 [ 117.938975][ T9624] do_syscall_64+0xc9/0x1c0 [ 117.939086][ T9624] ? clear_bhb_loop+0x55/0xb0 [ 117.939106][ T9624] ? clear_bhb_loop+0x55/0xb0 [ 117.939125][ T9624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.939162][ T9624] RIP: 0033:0x7f1e4e2bb73c [ 117.939180][ T9624] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 117.939227][ T9624] RSP: 002b:00007f1e4c927030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 117.939244][ T9624] RAX: ffffffffffffffda RBX: 00007f1e4e4d5fa0 RCX: 00007f1e4e2bb73c [ 117.939256][ T9624] RDX: 000000000000000f RSI: 00007f1e4c9270a0 RDI: 0000000000000005 [ 117.939270][ T9624] RBP: 00007f1e4c927090 R08: 0000000000000000 R09: 0000000000000000 [ 117.939285][ T9624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.939299][ T9624] R13: 0000000000000000 R14: 00007f1e4e4d5fa0 R15: 00007ffc2c3ad968 [ 117.939317][ T9624] [ 118.417451][ T9648] loop1: detected capacity change from 0 to 256 [ 118.560744][ T9666] hsr0: entered promiscuous mode [ 118.612967][ T9668] loop4: detected capacity change from 0 to 128 [ 118.620269][ T9666] hsr0: left promiscuous mode [ 118.816907][ T9668] ext4 filesystem being mounted at /511/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 118.880778][ T9687] loop0: detected capacity change from 0 to 128 [ 118.910437][ T9687] ext4 filesystem being mounted at /420/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 118.971973][ T9690] netlink: 'syz.2.2294': attribute type 13 has an invalid length. [ 118.988325][ T9687] hub 6-0:1.0: USB hub found [ 118.993466][ T9687] hub 6-0:1.0: 8 ports detected [ 119.166875][ T9706] loop4: detected capacity change from 0 to 256 [ 119.242587][ T9718] loop2: detected capacity change from 0 to 128 [ 119.243530][ T9721] xt_hashlimit: max too large, truncated to 1048576 [ 119.255089][ T9724] netlink: 'syz.0.2308': attribute type 13 has an invalid length. [ 119.267858][ T9723] loop3: detected capacity change from 0 to 128 [ 119.276938][ T9718] ext4 filesystem being mounted at /458/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 119.313734][ T9730] 9pnet_fd: Insufficient options for proto=fd [ 119.320823][ T9723] ext4 filesystem being mounted at /462/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 119.368319][ T9723] hub 6-0:1.0: USB hub found [ 119.410822][ T9723] hub 6-0:1.0: 8 ports detected [ 119.455905][ T9733] __nla_validate_parse: 4 callbacks suppressed [ 119.455925][ T9733] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2311'. [ 119.587749][ T9718] Set syz1 is full, maxelem 65536 reached [ 119.693921][ T9760] netlink: 'syz.1.2322': attribute type 13 has an invalid length. [ 119.704014][ T9762] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2323'. [ 119.726768][ T9764] 9pnet_fd: Insufficient options for proto=fd [ 119.756214][ T9762] hsr_slave_1 (unregistering): left promiscuous mode [ 119.767451][ T9766] loop4: detected capacity change from 0 to 256 [ 119.774098][ T9767] xt_hashlimit: max too large, truncated to 1048576 [ 119.830494][ T9773] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2328'. [ 119.850072][ T9775] loop3: detected capacity change from 0 to 128 [ 119.885700][ T9775] ext4 filesystem being mounted at /465/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 119.929049][ T9775] hub 6-0:1.0: USB hub found [ 119.935433][ T9775] hub 6-0:1.0: 8 ports detected [ 120.006434][ T9789] loop4: detected capacity change from 0 to 4096 [ 120.014190][ T9792] netlink: 'syz.3.2336': attribute type 13 has an invalid length. [ 120.034983][ T9790] loop1: detected capacity change from 0 to 1024 [ 120.045670][ T9790] EXT4-fs: Ignoring removed orlov option [ 120.051456][ T9790] EXT4-fs: Ignoring removed orlov option [ 120.057315][ T9790] EXT4-fs: Ignoring removed oldalloc option [ 120.066263][ T9790] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 120.077245][ T9790] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869) [ 120.089597][ T9790] EXT4-fs (loop1): invalid journal inode [ 120.095347][ T9790] EXT4-fs (loop1): can't get journal size [ 120.144117][ T9799] hsr0: entered promiscuous mode [ 120.198705][ T9803] bridge_slave_0: left allmulticast mode [ 120.204405][ T9803] bridge_slave_0: left promiscuous mode [ 120.210223][ T9803] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.225032][ T9803] bridge_slave_1: left allmulticast mode [ 120.230817][ T9803] bridge_slave_1: left promiscuous mode [ 120.236654][ T9803] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.252214][ T29] kauditd_printk_skb: 184 callbacks suppressed [ 120.252231][ T29] audit: type=1326 audit(1737671205.085:7561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9812 comm="syz.0.2345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 120.282619][ T29] audit: type=1326 audit(1737671205.095:7562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9812 comm="syz.0.2345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 120.306018][ T29] audit: type=1326 audit(1737671205.095:7563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9812 comm="syz.0.2345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 120.329451][ T29] audit: type=1326 audit(1737671205.095:7564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9812 comm="syz.0.2345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55bb62cd29 code=0x7ffc0000 [ 120.353094][ T29] audit: type=1326 audit(1737671205.115:7565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9806 comm="syz.2.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd875acd29 code=0x7ffc0000 [ 120.376645][ T29] audit: type=1326 audit(1737671205.115:7566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9806 comm="syz.2.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd875acd29 code=0x7ffc0000 [ 120.400134][ T29] audit: type=1326 audit(1737671205.115:7567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9806 comm="syz.2.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7fbd875acd29 code=0x7ffc0000 [ 120.423617][ T29] audit: type=1326 audit(1737671205.115:7568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9806 comm="syz.2.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd875acd29 code=0x7ffc0000 [ 120.447051][ T29] audit: type=1326 audit(1737671205.125:7569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9806 comm="syz.2.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbd875acd29 code=0x7ffc0000 [ 120.470567][ T29] audit: type=1326 audit(1737671205.125:7570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9806 comm="syz.2.2343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd875acd29 code=0x7ffc0000 [ 120.494862][ T9803] team0: Port device team_slave_0 removed [ 120.501544][ T9803] team0: Port device team_slave_1 removed [ 120.615080][ T9842] 9pnet_fd: Insufficient options for proto=fd [ 120.689423][ T9851] loop1: detected capacity change from 0 to 512 [ 120.693575][ T9849] netlink: 'syz.4.2356': attribute type 13 has an invalid length. [ 120.726593][ T9857] loop0: detected capacity change from 0 to 512 [ 120.754273][ T9851] rdma_rxe: rxe_newlink: failed to add veth0_to_bond [ 120.762877][ T9857] ext4 filesystem being mounted at /433/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 120.809063][ T9865] ipvlan2: entered promiscuous mode [ 120.814697][ T9865] bridge0: port 3(ipvlan2) entered blocking state [ 120.821210][ T9865] bridge0: port 3(ipvlan2) entered disabled state [ 120.828512][ T9865] ipvlan2: entered allmulticast mode [ 120.833830][ T9865] bridge0: entered allmulticast mode [ 120.843198][ T9865] ipvlan2: left allmulticast mode [ 120.848328][ T9865] bridge0: left allmulticast mode [ 120.848503][ T9869] loop1: detected capacity change from 0 to 128 [ 120.876678][ T9869] ext4 filesystem being mounted at /464/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 120.920377][ T9869] hub 6-0:1.0: USB hub found [ 120.925205][ T9869] hub 6-0:1.0: 8 ports detected [ 120.965710][ T9874] 9pnet_fd: Insufficient options for proto=fd [ 120.967817][ T9809] hsr0: left promiscuous mode [ 120.995468][ T9857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.005961][ T9857] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 121.019947][ T9877] netlink: 'syz.3.2367': attribute type 13 has an invalid length. [ 121.069442][ T9884] loop1: detected capacity change from 0 to 128 [ 121.092835][ T9884] ext4 filesystem being mounted at /469/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 121.124847][ T9887] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2371'. [ 121.129725][ T9889] loop1: detected capacity change from 0 to 512 [ 121.180403][ T9889] rdma_rxe: rxe_newlink: failed to add veth0_to_bond [ 121.229767][ T9904] loop1: detected capacity change from 0 to 256 [ 121.267428][ T9912] xt_hashlimit: max too large, truncated to 1048576 [ 121.303042][ T9918] hsr0: entered promiscuous mode [ 121.394397][ T9938] loop2: detected capacity change from 0 to 128 [ 121.405762][ T9938] ext4 filesystem being mounted at /467/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 121.555468][ T9967] hub 6-0:1.0: USB hub found [ 121.564965][ T9967] hub 6-0:1.0: 8 ports detected [ 121.694099][ T9938] Set syz1 is full, maxelem 65536 reached [ 121.739674][ T9994] loop4: detected capacity change from 0 to 128 [ 121.757416][ T9994] ext4 filesystem being mounted at /529/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 121.773592][ T9998] loop2: detected capacity change from 0 to 128 [ 121.781965][ T3290] ================================================================== [ 121.790092][ T3290] BUG: KCSAN: data-race in __dentry_kill / fast_dput [ 121.796799][ T3290] [ 121.799126][ T3290] write to 0xffff88810622f6d0 of 8 bytes by task 2999 on cpu 0: [ 121.806788][ T3290] __dentry_kill+0x13e/0x4c0 [ 121.811397][ T3290] dput+0x5c/0xd0 [ 121.815040][ T3290] step_into+0x218/0x820 [ 121.819288][ T3290] walk_component+0x169/0x230 [ 121.823973][ T3290] path_lookupat+0x10a/0x2b0 [ 121.828573][ T3290] filename_lookup+0x2e0/0x340 [ 121.833350][ T3290] do_readlinkat+0x89/0x210 [ 121.837868][ T3290] __x64_sys_readlink+0x47/0x60 [ 121.842729][ T3290] x64_sys_call+0x28ba/0x2dc0 [ 121.847412][ T3290] do_syscall_64+0xc9/0x1c0 [ 121.851933][ T3290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.857845][ T3290] [ 121.860172][ T3290] read to 0xffff88810622f6d0 of 8 bytes by task 3290 on cpu 1: [ 121.867719][ T3290] fast_dput+0x65/0x2c0 [ 121.871901][ T3290] dput+0x24/0xd0 [ 121.875553][ T3290] do_unlinkat+0x258/0x4d0 [ 121.880097][ T3290] __x64_sys_unlink+0x2e/0x40 [ 121.884804][ T3290] x64_sys_call+0x2329/0x2dc0 [ 121.889485][ T3290] do_syscall_64+0xc9/0x1c0 [ 121.894008][ T3290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.899918][ T3290] [ 121.902239][ T3290] value changed: 0xffff8882375c1368 -> 0x0000000000000000 [ 121.909350][ T3290] [ 121.911668][ T3290] Reported by Kernel Concurrency Sanitizer on: [ 121.917824][ T3290] CPU: 1 UID: 0 PID: 3290 Comm: udevd Not tainted 6.13.0-syzkaller-05001-gd0d106a2bd21 #0 [ 121.927722][ T3290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 121.937781][ T3290] ================================================================== [ 121.949355][ T9998] ext4 filesystem being mounted at /468/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 122.032220][ T9998] hub 6-0:1.0: USB hub found [ 122.037175][ T9998] hub 6-0:1.0: 8 ports detected [ 122.080333][T10016] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 122.089371][T10016] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.106492][T10016] loop4: detected capacity change from 0 to 2048 [ 122.113269][T10016] EXT4-fs: Ignoring removed mblk_io_submit option [ 122.133297][ T9931] hsr0: left promiscuous mode [ 122.226280][T10025] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2385: bg 0: block 234: padding at end of block bitmap is not set [ 122.240871][T10025] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 117 [ 122.253506][T10025] EXT4-fs (loop4): This should not happen!! Data will be lost [ 122.253506][T10025] [ 122.276043][ T50] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 1898 with error 28 [ 122.288808][ T50] EXT4-fs (loop4): This should not happen!! Data will be lost [ 122.288808][ T50] [ 122.298572][ T50] EXT4-fs (loop4): Total free blocks count 0 [ 122.304716][ T50] EXT4-fs (loop4): Free/Dirty block details [ 122.310698][ T50] EXT4-fs (loop4): free_blocks=0 [ 122.315659][ T50] EXT4-fs (loop4): dirty_blocks=1904 [ 122.320986][ T50] EXT4-fs (loop4): Block reservation details [ 122.326987][ T50] EXT4-fs (loop4): i_reserved_data_blocks=119