last executing test programs: 41.749171765s ago: executing program 1 (id=2531): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) unshare(0x20040600) socket$netlink(0x10, 0x3, 0x8000000004) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002b80)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0, 0x0, 0x5}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_udp(0x2, 0x2, 0x0) socket(0x2, 0x80805, 0x0) socket(0x200000100000011, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 41.712418335s ago: executing program 1 (id=2534): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000300), 0x8) 41.653379826s ago: executing program 1 (id=2537): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000000)=[@in6={0xa, 0x4e22, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}], 0x1c) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000"], 0xa4}}, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000001c0)={r2}, &(0x7f00000002c0)=0x8) 40.753945671s ago: executing program 1 (id=2571): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x12b) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='configfs\x00', 0x0, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) sendmmsg$sock(r0, 0x0, 0x0, 0x824) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) move_mount(r0, &(0x7f00000001c0)='./file0/file0\x00', r1, &(0x7f0000000040)='./file0\x00', 0x0) 40.750342961s ago: executing program 1 (id=2575): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)={0x30, 0x0, 0x1, 0xffffffff, 0x0, {{}, {}, {0x14, 0x19, {0xfffffffe, 0x9}}}}, 0x30}}, 0x0) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r2, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r2, &(0x7f0000006380)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) 40.669792082s ago: executing program 1 (id=2577): sendmsg$inet(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10, 0x0}, 0x8040) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000680)={0x0, 0xfc000000}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x79, &(0x7f0000000000)=ANY=[], 0x8) 40.663297852s ago: executing program 32 (id=2577): sendmsg$inet(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000000)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10, 0x0}, 0x8040) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000680)={0x0, 0xfc000000}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x79, &(0x7f0000000000)=ANY=[], 0x8) 1.523392926s ago: executing program 2 (id=3687): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x20) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$netlink(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000005a000d03"], 0x1c}], 0x1}, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r2, &(0x7f0000000140)='./file0\x00') futimesat(r2, &(0x7f00000002c0)='./file0\x00', 0x0) close_range(r2, r0, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="3400000002030103000000000000000000000009084004400000001408000340000000400c0001000100002800000100020000266d179ec2aac193de6f28f6c95488ec7e01900f8566599f56ca0927890200000000000000bb0688b3bfca58795e76755530fc4f67b25d07cd84148abe5986ab48ba33a9e8a89652a76eff506e28ea92b47146fbae33004b3fdb2c1881863b72b52210b42c198fbea5c9a851384564ab64029ab929417053994e53bd55de180a45174717b72c6773614943f3365dcd59a46008491c27b72f64d705971c1b9b322df7b2354c6da2ded5e261f2380251c953d0"], 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x8000) 1.467531457s ago: executing program 2 (id=3688): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c) r3 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sys_enter\x00', r6}, 0x10) lchown(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10) r8 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) flock(r8, 0x2) close(r8) io_uring_setup(0xa0c, &(0x7f0000000340)={0x0, 0xc5c8, 0x8000, 0x3, 0x3ce, 0x0, r8}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r4}, &(0x7f0000000180), &(0x7f00000001c0)=r3}, 0x20) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="d00000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002802c000180140003002001000000000000000000000000000114000400fe8000000000000000000000000000aa0c000280050001"], 0xd0}}, 0x0) 729.475288ms ago: executing program 5 (id=3707): r0 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200002100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00#\x00'/28], 0x50) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0x3, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xa, 0x8, &(0x7f0000000180)=ANY=[@ANYRES16=0x0, @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@norecovery}, {@barrier_val={'barrier', 0x3d, 0x10002}}, {@dioread_lock}, {@data_err_ignore}, {@mb_optimize_scan}, {@dioread_nolock}, {@nobarrier}, {@abort}, {@user_xattr}, {@norecovery}, {@errors_remount}]}, 0x1, 0x570, &(0x7f00000019c0)="$eJzs3c1rHOUfAPDvbF76+vs1hVJURAI9WNFumsSXCh7qUbRY0HtdkjGUbLoluylNLLQ92IsXKYKIBfHgTe8ei/+Af0VBi0VK0IOXyGxm022zm2zTbXbrfj4w4XlmZvM835l5nn1mn1k2gIE1nv0pRDwfEV8mEYciIsm3DUe+cXx9v9X7V2ayJYm1tY/+TOr7ZfnG/2q87kCeeS4ifvk84tXC5nKryyvzpXI5XczzE7WFixPV5ZUT5xdKc+lcemFqevrUG9NTb7/1ZtdifeXs3998ePu9U18cW/36p7uHbyZxOg7m25rjeALXmjPjMZ4fk5E4/ciOk10orJ8kva4AOzKUt/ORyPqAQzGUt3rgv+9qRKwBAyrR/mFANcYBjXv7Lt0HPzPuvbt+A7Q5/uH1z0Zib/3eaP9q8tCdUXa/O9aF8rMyfv791s1sie59DgGwrWvXI+Lk8PDm/i/J+7+dO9nBPo+Wof+D3XM7G/+81mr8U9gY/0SL8c+BFm13J7Zv/4W7XSimrWz8907L8e/GpNXYUJ77X33MN5J8er6cZn3b/yPieIzsyfJbzeecWr2z1m5b8/gvW7LyG2PBvB53h/c8/JrZUq30JDE3u3c94oWW499k4/wnLc5/djzOdljG0fTWS+22bR//07X2fcTLLc//gxmtZOv5yYn69TDRuCo2++vG0V/blb85/tHYzfiz879/6/jHkub52urjl/Hd3n/Sdtseij86v/5Hk4/r6dF83eVSrbY4GTGafLB5/dSD1zbyjf2z+I8f27r/a3X974uITzqM/8aRH1/sKP4eXP9Z/LOPdf4fP3Hn/c++bVd+Z/3f6/XU8XxNJ/1fpxV8kmMHAAAAAAAA/aYQEQcjKRQ30oVCsbj+fMeR2F8oj60//xGzUf+u7FiMFBoz3YeanoeYzJ+HbeSnHslPR8ThiPhqaF89X5yplGd7HTwAAAAAAAAAAAAAAAAAAAD0iQNtvv+f+W2o17UDnjo/+Q2Da9v2341fegL6kvd/GFzaPwwu7R8Gl/YPg6up/e/pZT2A3ef9HwaX9g+DS/sHAAAAAAAAAAAAAAAAAAAAAAAAAACArjp75ky2rK3evzKT5WcvLS/NVy6dmE2r88WFpZniTGXxYnGuUpkrp8WZysJ2/69cqVycnIqlyxO1tFqbqC6vnFuoLF2onTu/UJpLz6UjuxIVAAAAAAAAAAAAAAAAAAAAPFuqyyvzpXI5XZSQ2FFiuD+qsZ7ILummNVd7XZ+tEn/80BfVaJfodc8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/8GwAA//9ITzKe") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000640)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffd, @void, @value}, 0x94) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x1, 0x0, 0x5, @vifc_lcl_addr=@remote, @remote}, 0x10) setsockopt$MRT_FLUSH(r2, 0x0, 0xd4, &(0x7f0000000140)=0xf, 0x4) 729.308388ms ago: executing program 4 (id=3708): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x3a26, &(0x7f0000000d80)={0x0, 0x482, 0x800, 0x2, 0x37f}, &(0x7f0000000e00), &(0x7f0000000e40)) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000040)=[r2], 0x1) 678.87844ms ago: executing program 4 (id=3710): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000570000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket(0x1e, 0x5, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x1c) r3 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x80000000, 0x0, 0x2}, 0x1c) sendmsg$tipc(r3, &(0x7f0000000640)={&(0x7f0000000300), 0x10, 0x0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00'}, 0x10) 592.993561ms ago: executing program 4 (id=3713): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={0x0, r0}, 0x18) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2169802, 0x0, 0x0, 0x0, &(0x7f00000003c0)) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@version_u}]}}) 584.866951ms ago: executing program 3 (id=3714): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty, 0x2}, 0x1c) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @multicast2}, 0x4, 0x0, 0x3}}, 0x2e) ioctl$PPPIOCGCHAN(r3, 0x80047437, &(0x7f0000000080)) syz_emit_ethernet(0x4c, &(0x7f0000000140)={@random="99177fa54f29", @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x16, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0) 564.298462ms ago: executing program 2 (id=3715): sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x5c, 0x30, 0xb, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xfdb, 0x1, 0xffffffffdffffffa}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20004000}, 0x10000000) 563.830371ms ago: executing program 0 (id=3716): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8e7, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r0}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000002540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x66, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, r1}, 0x18) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r3}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000400)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 552.174202ms ago: executing program 3 (id=3717): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) creat(&(0x7f0000000040)='./bus\x00', 0x8) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,') 543.674042ms ago: executing program 0 (id=3718): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_genetlink_get_family_id$gtp(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x1c, r0, 0x2, 0x70bd25, 0x25dfdbfb, {}, [@GTPA_PEER_ADDRESS={0x8, 0x4, @rand_addr=0x64010101}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4019) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000300)={{0x2, 0x1, 0xfffffe00, 0x1, 0x80000004}}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x800000000003}, 0x1100, 0x5dd8, 0x0, 0x5, 0x5, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4040853) socket$kcm(0x2, 0xa, 0x2) syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x818000, &(0x7f0000000280)={[{@nouid32}]}, 0x1, 0x722, &(0x7f0000002640)="$eJzs3U9rXFUUAPDzXjNObKOJoOIfkIpixdJJE1tKV9aF6KYYKLhNQzIJMS99MTNTm9BFunIroii40e/gxpXi2g/gV1AQLXFRV5E3mUn/zSTTmmQg8/vBmzn3vZece2fCPZA7zA1gYJ0sHtKIFyNiKokYbZ1PIqLUjIYiLm3ft3n75mxxJLG1deWvpHlP0Y57fqZwIiI2IuKFiPilFHE6fThvbW19aSbLqqut9nh9eWW8trZ+ZnF5ZqG6UL128dy5yXMXzl+8uH9jfevDj56vnH9v5Mep+elTE7//kMSlGGldu3cc+2n7NSkVL+F93j+IZH2U9LsDPJahiDjWen4uRuNYMwIAjrKtcsQWADBgEvUfAAZM+/8A7bW9g1oH6+bPdyNiuFP+odaa2XBzHfL4ZnLfykQSEWOH2VGOpI1bEXF17OTDf3/JQ2u2j+rsfnSQA/VzMf9c6jT/pDvzT3SYf4bbn534n7rPf3fzH+sy/031mOODlxt51/y3Il4a6pQ/2cmfdMl/tcf8P92Z+7fbta3vI97oWH+S+3J1/3zI+PxiVj27/dg5x8nGzY93G//xLvk39hj/So/jH/ni1V83dsn/5mu7v/+d8hc18fMe839WeuerbteK/HNdxr/X+/9dj/kvvPLJeo+3AgAAAAAAAAAAAAAAAAAAAAAAAAAAwJGQRsRIJGllJ07TSmV7D+9n43ia5bX66fm8cW0umntlj0UpbX/V8uh2OynaE63v42+3J5vx5k777Yh4JiK+LD/ZbFdm82yu34MHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJYTD+z//095e/9/AOCIG+53BwCAQ6f+A8DgUf8BYPCo/wAweNR/ABg86j8ADJ7HqP/lg+gHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANj6vLl4tjavH1ztmjPXV9rLOXXz8xVa0uV5cZsZTZfXaks5PlCVq3M5st7/b4sz1cmJ6NxY7xerdXHa2vr08t541p9enF5ZqE6XS0dyqgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NGMNI8krURE2ozTtFKJeCoixqKUzC9m1bMR8XRE/FYulYv2RL87DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7rLa2vjSTZdVVgUAg2An6PTMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA4bu76Xe/ewIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ZT+kUREcZwafX3kwatPJHfKzeeI+PTbK1/fmKnXVyeK83/vnK9/0zo/2Y/+AwB7adfpdh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgE5qa+tLM1lWXT3AoN9jBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg//wXAAD//y8uz8E=") bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000380), 0x1, r1}, 0x38) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x80800) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/14], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x93c2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x18) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x10) lsm_set_self_attr(0x64, 0x0, 0x20, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000140)={0x0, 0x0, 0xa21b}) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) msgget$private(0x0, 0x10f) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r7}, 0x10) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) setfsgid(0xee01) mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) faccessat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_genetlink_get_family_id$fou(&(0x7f00000004c0), 0xffffffffffffffff) 530.975292ms ago: executing program 2 (id=3719): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES32=r2, @ANYBLOB="01400000000000000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff05000700263a3a0914000600626f6e64300000000001000001000000080003", @ANYRES8=0x0, @ANYRESDEC=r2, @ANYRESDEC=r0], 0x78}, 0x1, 0xffffffff00000003}, 0x4040) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000780)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0x4, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x2, 0xf}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/tty/ldiscs\x00', 0x0, 0x0) pread64(r8, &(0x7f0000000080)=""/79, 0x4f, 0x7f) unshare(0x22020600) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r9, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) setsockopt$bt_BT_SECURITY(r9, 0x112, 0x4, &(0x7f0000003000)={0x2}, 0x2) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x1, 0x7fff, 0x1, 0x4, 0x9, 0xa4, 0xffb, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x3, 0x5, 0x101, 0x1000, 0x9, 0x3, 0x3, 0x1, 0xfffffffa, 0x0, 0x6, 0x9, 0x4, 0x7, 0x0, 0x100000, 0x762, 0x3, 0xd, 0xe, 0x2b12, 0x100, 0x6, 0x1c00, 0xb, 0x7, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x8, 0x5, 0x79b, 0x2, 0x1, 0x7f, 0x4, 0xa, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x2, 0x180000, 0x4007, 0x8b, 0x5, 0x2af, 0xf7, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4009, 0x0, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10001, 0x2, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0x2, 0x84, 0x100, 0x5, 0x252, 0x81, 0xb, 0x5, 0x20006, 0x5, 0x2, 0xb, 0x2, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x3, 0x2, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40, 0x8, 0x4, 0x4, 0x401, 0x66cd, 0x8, 0x8, 0x1, 0x1fc, 0xc5c, 0xffffffff]}}) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) r10 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r7}, 0x8) write$cgroup_int(r10, &(0x7f00000001c0), 0xfffffdef) 487.773503ms ago: executing program 5 (id=3720): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x3a26, &(0x7f0000000d80)={0x0, 0x482, 0x800, 0x2, 0x37f}, &(0x7f0000000e00), &(0x7f0000000e40)) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000040)=[r2], 0x1) 467.451873ms ago: executing program 4 (id=3721): timer_create(0x7, 0x0, &(0x7f00000001c0)=0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18) timer_settime(r0, 0x0, &(0x7f00000002c0)={{0x77359400}, {0x77359400}}, &(0x7f0000000300)) 462.841643ms ago: executing program 3 (id=3722): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002220207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000006000000850000000400000085000000d000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='cq_alloc\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b00000000001b000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000006ffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000010000000800000008"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000718110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r1}, &(0x7f0000000080), &(0x7f0000000000)='%-010d \x00'}, 0x20) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000a00)=@raw={'raw\x00', 0x8, 0x3, 0x508, 0x360, 0x11, 0x148, 0x0, 0x0, 0x470, 0x2a8, 0x2a8, 0x470, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x360, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x20000, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x6, 0x3845, 0x2, 0x81, 'snmp\x00', 'syz1\x00', {0x8}}}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x81}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x4f, 0x7, "72f6daeff0a9c6294e211d2d88fe6dcff5d0e552201da3b7a1fdb30dcb59"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x568) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x18, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0xfffffffffffffe97, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000900)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r5, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='kfree\x00', r6}, 0x18) r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000c0000000c000000020000000000000000000004000000000000"], 0x0, 0x26, 0x0, 0x0, 0x6, 0x0, @void, @value}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0xf, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xf0ad, 0x0, 0x0, 0x0, 0x5a}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r7, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0xff}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @void, @value}, 0x94) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0) close(r8) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r9 = socket$unix(0x1, 0x1, 0x0) socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r11 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48050}, 0x40004) recvmmsg(r11, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000640)=""/216, 0xd8}, {&(0x7f00000052c0)=""/235, 0xeb}, {&(0x7f0000003080)=""/4096, 0x1000}], 0x3}, 0x3}], 0x1b00, 0x0, 0x0) 295.109166ms ago: executing program 0 (id=3723): syz_open_dev$sg(&(0x7f0000000000), 0x8, 0x34400) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1900000600000000000000934e"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r3 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f0000000140)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}, {{0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x10) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, 0x0, 0x0) r4 = socket(0x1e, 0x4, 0x0) r5 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) r6 = dup3(r5, r4, 0x0) recvmmsg(r6, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=@deltclass={0x34, 0x29, 0x100, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0x9}, {0x1fff8, 0xfff2}, {0x10, 0xa}}, [@tclass_kind_options=@c_sfb={0x8}, @TCA_RATE={0x6, 0x5, {0x3, 0x8}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x804) r7 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp6\x00') perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x100a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r8}, &(0x7f0000000180), 0x0}, 0x20) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r9}, 0x10) r10 = socket$netlink(0x10, 0x3, 0x0) fsetxattr$security_selinux(r10, &(0x7f00000005c0), &(0x7f0000000640)='system_u:object_r:chfn_exec_t:s0\x00', 0x21, 0x2) sendmsg$nl_generic(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYRES32=r2], 0x40}}, 0x24040800) preadv(r7, &(0x7f00000001c0)=[{&(0x7f0000001480)=""/4112, 0x1010}, {&(0x7f0000000440)=""/195, 0xc3}, {&(0x7f00000000c0)=""/150, 0x96}, {&(0x7f0000000240)=""/240, 0xf0}], 0x4, 0xb88, 0x0) 294.845656ms ago: executing program 5 (id=3724): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002b80)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0, 0x0, 0x5}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_udp(0x2, 0x2, 0x0) socket(0x2, 0x80805, 0x0) socket(0x200000100000011, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d30", @ANYRES32=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 294.683726ms ago: executing program 4 (id=3725): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f600000085000000430000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000380)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c00020008000100"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x10000, {0x0, 0x0, 0x0, r5, {0xc}, {}, {0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) 228.367667ms ago: executing program 5 (id=3726): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001440)={0x11, 0xb, &(0x7f0000000880)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10020, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300), 0x4001, 0x0) 170.680718ms ago: executing program 0 (id=3727): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty, 0x2}, 0x1c) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4, 0x0, 0x3}}, 0x2e) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000080)) syz_emit_ethernet(0x4c, &(0x7f0000000140)={@random="99177fa54f29", @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x16, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0) 166.818428ms ago: executing program 5 (id=3728): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8e7, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r0}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000002540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x66, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, r1}, 0x18) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r3}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000400)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 145.348778ms ago: executing program 0 (id=3729): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x20) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$netlink(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000005a000d03"], 0x1c}], 0x1}, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r2, &(0x7f0000000140)='./file0\x00') futimesat(r2, &(0x7f00000002c0)='./file0\x00', 0x0) close_range(r2, r0, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="3400000002030103000000000000000000000009084004400000001408000340000000400c0001000100002800000100020000266d179ec2aac193de6f28f6c95488ec7e01900f8566599f56ca0927890200000000000000bb0688b3bfca58795e76755530fc4f67b25d07cd84148abe5986ab48ba33a9e8a89652a76eff506e28ea92b47146fbae33004b3fdb2c1881863b72b52210b42c198fbea5c9a851384564ab64029ab929417053994e53bd55de180a45174717b72c6773614943f3365dcd59a46008491c27b72f64d705971c1b9b322df7b2354c6da2ded5e261f2380251c953d0"], 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x8000) 131.724148ms ago: executing program 3 (id=3730): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b000000000000"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) ioctl$TUNSETSNDBUF(r3, 0x400454d4, &(0x7f0000000180)) r4 = socket$netlink(0x10, 0x3, 0x14) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8009, @void, @value}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a2f000000000800410072786500140033007465616d5f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x8844) 122.852698ms ago: executing program 5 (id=3731): r0 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200002100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00#\x00'/28], 0x50) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0x3, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xa, 0x8, &(0x7f0000000180)=ANY=[@ANYRES16=0x0, @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@norecovery}, {@barrier_val={'barrier', 0x3d, 0x10002}}, {@dioread_lock}, {@data_err_ignore}, {@mb_optimize_scan}, {@dioread_nolock}, {@nobarrier}, {@abort}, {@user_xattr}, {@norecovery}, {@errors_remount}]}, 0x1, 0x570, &(0x7f00000019c0)="$eJzs3c1rHOUfAPDvbF76+vs1hVJURAI9WNFumsSXCh7qUbRY0HtdkjGUbLoluylNLLQ92IsXKYKIBfHgTe8ei/+Af0VBi0VK0IOXyGxm022zm2zTbXbrfj4w4XlmZvM835l5nn1mn1k2gIE1nv0pRDwfEV8mEYciIsm3DUe+cXx9v9X7V2ayJYm1tY/+TOr7ZfnG/2q87kCeeS4ifvk84tXC5nKryyvzpXI5XczzE7WFixPV5ZUT5xdKc+lcemFqevrUG9NTb7/1ZtdifeXs3998ePu9U18cW/36p7uHbyZxOg7m25rjeALXmjPjMZ4fk5E4/ciOk10orJ8kva4AOzKUt/ORyPqAQzGUt3rgv+9qRKwBAyrR/mFANcYBjXv7Lt0HPzPuvbt+A7Q5/uH1z0Zib/3eaP9q8tCdUXa/O9aF8rMyfv791s1sie59DgGwrWvXI+Lk8PDm/i/J+7+dO9nBPo+Wof+D3XM7G/+81mr8U9gY/0SL8c+BFm13J7Zv/4W7XSimrWz8907L8e/GpNXYUJ77X33MN5J8er6cZn3b/yPieIzsyfJbzeecWr2z1m5b8/gvW7LyG2PBvB53h/c8/JrZUq30JDE3u3c94oWW499k4/wnLc5/djzOdljG0fTWS+22bR//07X2fcTLLc//gxmtZOv5yYn69TDRuCo2++vG0V/blb85/tHYzfiz879/6/jHkub52urjl/Hd3n/Sdtseij86v/5Hk4/r6dF83eVSrbY4GTGafLB5/dSD1zbyjf2z+I8f27r/a3X974uITzqM/8aRH1/sKP4eXP9Z/LOPdf4fP3Hn/c++bVd+Z/3f6/XU8XxNJ/1fpxV8kmMHAAAAAAAA/aYQEQcjKRQ30oVCsbj+fMeR2F8oj60//xGzUf+u7FiMFBoz3YeanoeYzJ+HbeSnHslPR8ThiPhqaF89X5yplGd7HTwAAAAAAAAAAAAAAAAAAAD0iQNtvv+f+W2o17UDnjo/+Q2Da9v2341fegL6kvd/GFzaPwwu7R8Gl/YPg6up/e/pZT2A3ef9HwaX9g+DS/sHAAAAAAAAAAAAAAAAAAAAAAAAAACArjp75ky2rK3evzKT5WcvLS/NVy6dmE2r88WFpZniTGXxYnGuUpkrp8WZysJ2/69cqVycnIqlyxO1tFqbqC6vnFuoLF2onTu/UJpLz6UjuxIVAAAAAAAAAAAAAAAAAAAAPFuqyyvzpXI5XZSQ2FFiuD+qsZ7ILummNVd7XZ+tEn/80BfVaJfodc8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/8GwAA//9ITzKe") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000640)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffd, @void, @value}, 0x94) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x1, 0x0, 0x5, @vifc_lcl_addr=@remote, @remote}, 0x10) setsockopt$MRT_FLUSH(r2, 0x0, 0xd4, &(0x7f0000000140)=0xf, 0x4) 110.813059ms ago: executing program 2 (id=3732): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={0x0, r0}, 0x18) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2169802, 0x0, 0x0, 0x0, &(0x7f00000003c0)) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@version_u}]}}) 80.968949ms ago: executing program 3 (id=3733): timer_create(0x7, 0x0, &(0x7f00000001c0)=0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18) timer_settime(r0, 0x0, &(0x7f00000002c0)={{0x77359400}, {0x77359400}}, &(0x7f0000000300)) 67.582419ms ago: executing program 0 (id=3734): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x818018, &(0x7f0000000300)={[{@minixdf}, {@grpjquota}]}, 0x1, 0x72d, &(0x7f00000014c0)="$eJzs3U1rXNUbAPDn3mb+k38bTQQVX0AqihVLJ01sKV1ZF6KbYqDgNg3JJMRMemNmpjahi3TlVkRRcKPfwY0rxbUfwK+gIFrioq5G7rykbTrTjnWSgczvB3fmOffe4TlnJpwHcoY5AYysk/lDGvF8RMwlEZPt80lEFJrRWMSl1n27t28u5kcSjcaVP5LmPXk77nlN7kRE7ETEcxHxUyHidPpg3urW9tpCpVLebLena+sb09Wt7TOr6wsr5ZXytYvnzs2eu3D+4sXBjfWN9z94tnT+nYnv55bnT838+l0Sl2Kife3ecQxS6z0p5G/hfd49iGRDlAy7AzyWsYg41n5+JibjWDMCAI6yRjGiAQCMmET9B4AR0/k/QGdt76DWwXr5/e2IGO+Wf6y9ZjbeXIc8vpvctzKRRMTUYXaUI2nnVkRcnTr54N9f8sCa7b91dhAd5ED9mM8/l7rNP+ne/BNd5p/xzncn/qPe89/d/Md6zH9zfeZ478V61jP/rYgXxrrlT/byJz3yX+0z/w93lv7uda3xbcRrXetPcl+u3t8PmV5erZTPth675zhZv/nhw8Z/vEf+nUeMf6PP8U989vLPOw/J//orD//8u+XPa+Knfeb/pPDWF72u5fmXeoz/UZ//N33mv/DSR9t93goAAAAAAAAAAAAAAAAAAAAAAAAAAABHQhoRE5Gkpb04TUul1h7eT8fxtJJVa6eXs/q1pWjulT0VhbTzU8uTrXaSt2fav8ffac8249299psR8VREfF78f7NdWswqS8MePAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0ndi3//9fxdb+/wDAETc+7A4AAIdO/QeA0aP+A8DoUf8BYPSo/wAwetR/ABg9j1H/iwfRDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGxtzly/nR2L19czFvL13fqq9l188slatrpfX6Ymkx29worWTZSqVcWszW978+2deuZNnG7GzUb0zXytXadHVre349q1+rza+uL6yU58uFQxsZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPRvonkkaSki0macpqVSxBMRMRWFZHm1Uj4bEU9GxC/FQjFvzwy70wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwYNWt7bWFSqW8KRAIBHvBsGcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHx3N/0edk8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJjS35KIyI9Tk69O7L/6v+ROsfkcER9/feXLGwu12uZMfv7PvfO1r9rnZ4fRfwDgUTp1ulPHAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKCb6tb22kKlUt5sBXcaLXfPDCAY9hgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABicfwIAAP//wLPUPg==") 53.540059ms ago: executing program 4 (id=3735): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r4, 0x0, 0x6}, 0x18) r5 = inotify_init1(0x80000) inotify_add_watch(r5, &(0x7f00000002c0)='./file0\x00', 0x500082c) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="580000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="46060900000000802800128009000100766c616e00000000180002800c0002001f0000001f000000060001000100000008000500", @ANYRES32=r8, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r8, @ANYBLOB], 0x58}, 0x1, 0x0, 0x0, 0x600}, 0x0) 52.32011ms ago: executing program 3 (id=3736): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x8000000004) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002b80)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0, 0x0, 0x5}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_udp(0x2, 0x2, 0x0) socket(0x2, 0x80805, 0x0) socket(0x200000100000011, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d30", @ANYRES32=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 0s ago: executing program 2 (id=3737): sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x4c, 0x30, 0xb, 0x0, 0x0, {}, [{0x38, 0x1, [@m_ct={0x34, 0x1, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x10}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20004000}, 0x10000000) kernel console output (not intermixed with test programs): n, please check. [ 163.396966][T15785] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2820'. [ 163.463318][T15793] netlink: 'syz.5.2822': attribute type 12 has an invalid length. [ 163.478449][T15782] lo speed is unknown, defaulting to 1000 [ 163.580098][ T12] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.605260][T15782] chnl_net:caif_netlink_parms(): no params data found [ 163.619755][ T12] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.681144][ T12] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.692861][T15782] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.700132][T15782] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.708624][T15782] bridge_slave_0: entered allmulticast mode [ 163.715999][T15782] bridge_slave_0: entered promiscuous mode [ 163.723535][T15782] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.730665][T15782] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.738193][T15782] bridge_slave_1: entered allmulticast mode [ 163.745036][T15782] bridge_slave_1: entered promiscuous mode [ 163.753028][ T12] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.783530][T15782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.794630][T15782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.822770][T15782] team0: Port device team_slave_0 added [ 163.830097][T15782] team0: Port device team_slave_1 added [ 163.856478][T15782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 163.863521][T15782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.889532][T15782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 163.905716][T15782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 163.912730][T15782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.938873][T15782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 163.977756][T15782] hsr_slave_0: entered promiscuous mode [ 163.984240][T15782] hsr_slave_1: entered promiscuous mode [ 163.990072][T15782] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 163.997803][T15782] Cannot create hsr debugfs directory [ 164.004378][ T12] bridge_slave_1: left allmulticast mode [ 164.010093][ T12] bridge_slave_1: left promiscuous mode [ 164.015918][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.024040][ T12] bridge_slave_0: left allmulticast mode [ 164.029759][ T12] bridge_slave_0: left promiscuous mode [ 164.035477][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.129188][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.141667][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.151897][ T12] bond0 (unregistering): Released all slaves [ 164.163088][T16093] netlink: 'syz.3.2834': attribute type 12 has an invalid length. [ 164.227472][T16122] macvlan3: entered promiscuous mode [ 164.234915][T16122] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=16122 comm=syz.3.2836 [ 164.249365][ T12] hsr_slave_0: left promiscuous mode [ 164.250241][T16122] 9pnet_fd: Insufficient options for proto=fd [ 164.261047][ T12] hsr_slave_1: left promiscuous mode [ 164.274366][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 164.281994][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 164.293839][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 164.301557][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 164.314163][ T12] veth1_macvtap: left promiscuous mode [ 164.319924][ T12] veth0_macvtap: left promiscuous mode [ 164.325722][ T12] veth1_vlan: left promiscuous mode [ 164.331147][ T12] veth0_vlan: left promiscuous mode [ 164.368889][T16136] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2840'. [ 164.441855][ T12] team0 (unregistering): Port device 26±ÿ removed [ 164.455886][ T12] team0 (unregistering): Port device team_slave_0 removed [ 164.505157][ T10] lo speed is unknown, defaulting to 1000 [ 164.510954][ T10] infiniband syz0: ib_query_port failed (-19) [ 164.693907][T16206] vxcan0: tx drop: invalid sa for name 0x0000001000000000 [ 164.701305][T16206] vxcan0: tx drop: invalid sa for name 0x0000001000000000 [ 164.737282][T16211] loop5: detected capacity change from 0 to 2048 [ 164.766039][T16211] EXT4-fs (loop5): failed to initialize system zone (-117) [ 164.773435][T16211] EXT4-fs (loop5): mount failed [ 164.786602][T16211] program syz.5.2853 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 164.848912][T16226] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2854'. [ 164.854299][T15782] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 164.867745][T15782] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 164.881237][T15782] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 164.895248][T15782] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 164.945089][T15782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 164.958674][T15782] 8021q: adding VLAN 0 to HW filter on device team0 [ 164.971394][ T3452] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.978555][ T3452] bridge0: port 1(bridge_slave_0) entered forwarding state [ 164.991132][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.998323][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.071177][T15782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 165.145765][T15782] veth0_vlan: entered promiscuous mode [ 165.157633][T15782] veth1_vlan: entered promiscuous mode [ 165.168178][T16260] netlink: 'syz.3.2858': attribute type 10 has an invalid length. [ 165.176227][T16260] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2858'. [ 165.183567][T15782] veth0_macvtap: entered promiscuous mode [ 165.201233][T16260] team0: Port device geneve1 added [ 165.209937][T15782] veth1_macvtap: entered promiscuous mode [ 165.236915][T15782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 165.249160][T15782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 165.262259][T15782] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.271274][T15782] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.280219][T15782] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.289166][T15782] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.362973][T16273] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2863'. [ 165.365733][T16275] loop2: detected capacity change from 0 to 512 [ 165.371933][T16273] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2863'. [ 165.380687][T16275] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 165.401251][T16273] FAULT_INJECTION: forcing a failure. [ 165.401251][T16273] name failslab, interval 1, probability 0, space 0, times 0 [ 165.408523][T16275] EXT4-fs (loop2): 1 truncate cleaned up [ 165.414187][T16273] CPU: 0 UID: 0 PID: 16273 Comm: syz.4.2863 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(voluntary) [ 165.414230][T16273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 165.414248][T16273] Call Trace: [ 165.414254][T16273] [ 165.414266][T16273] __dump_stack+0x1d/0x30 [ 165.414304][T16273] dump_stack_lvl+0xe8/0x140 [ 165.414342][T16273] dump_stack+0x15/0x1b [ 165.414366][T16273] should_fail_ex+0x265/0x280 [ 165.414410][T16273] ? __hw_addr_add_ex+0x162/0x440 [ 165.414449][T16273] should_failslab+0x8c/0xb0 [ 165.414530][T16273] __kmalloc_cache_noprof+0x4c/0x320 [ 165.414573][T16273] __hw_addr_add_ex+0x162/0x440 [ 165.414616][T16273] dev_addr_init+0xb1/0x120 [ 165.414665][T16273] alloc_netdev_mqs+0x212/0xab0 [ 165.414747][T16273] ? __pfx_wg_setup+0x10/0x10 [ 165.414782][T16273] rtnl_create_link+0x239/0x710 [ 165.414889][T16273] rtnl_newlink_create+0x14c/0x620 [ 165.414929][T16273] ? __schedule+0x6a8/0xb30 [ 165.414966][T16273] rtnl_newlink+0xf29/0x12d0 [ 165.415029][T16273] ? __rcu_read_unlock+0x4f/0x70 [ 165.415061][T16273] ? rb_commit+0x3e9/0x420 [ 165.415091][T16273] ? __rcu_read_unlock+0x4f/0x70 [ 165.415120][T16273] ? avc_has_perm_noaudit+0x1b1/0x200 [ 165.415163][T16273] ? selinux_capable+0x1f9/0x270 [ 165.415293][T16273] ? security_capable+0x83/0x90 [ 165.415330][T16273] ? ns_capable+0x7d/0xb0 [ 165.415356][T16273] ? __pfx_rtnl_newlink+0x10/0x10 [ 165.415387][T16273] rtnetlink_rcv_msg+0x5fb/0x6d0 [ 165.415418][T16273] ? avc_has_perm_noaudit+0x1b1/0x200 [ 165.415557][T16273] netlink_rcv_skb+0x120/0x220 [ 165.415601][T16273] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 165.415641][T16273] rtnetlink_rcv+0x1c/0x30 [ 165.415669][T16273] netlink_unicast+0x5a1/0x670 [ 165.415762][T16273] netlink_sendmsg+0x58b/0x6b0 [ 165.415792][T16273] ? __pfx_netlink_sendmsg+0x10/0x10 [ 165.415819][T16273] __sock_sendmsg+0x142/0x180 [ 165.415853][T16273] ____sys_sendmsg+0x31e/0x4e0 [ 165.415942][T16273] ___sys_sendmsg+0x17b/0x1d0 [ 165.416008][T16273] __x64_sys_sendmsg+0xd4/0x160 [ 165.416120][T16273] x64_sys_call+0x2999/0x2fb0 [ 165.416153][T16273] do_syscall_64+0xd2/0x200 [ 165.416178][T16273] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 165.416212][T16273] ? clear_bhb_loop+0x40/0x90 [ 165.416301][T16273] ? clear_bhb_loop+0x40/0x90 [ 165.416331][T16273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.416359][T16273] RIP: 0033:0x7f755cb1e929 [ 165.416382][T16273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.416408][T16273] RSP: 002b:00007f755b187038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 165.416513][T16273] RAX: ffffffffffffffda RBX: 00007f755cd45fa0 RCX: 00007f755cb1e929 [ 165.416531][T16273] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 165.416548][T16273] RBP: 00007f755b187090 R08: 0000000000000000 R09: 0000000000000000 [ 165.416565][T16273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 165.416635][T16273] R13: 0000000000000000 R14: 00007f755cd45fa0 R15: 00007ffd97c043e8 [ 165.416662][T16273] [ 165.516016][T16284] netlink: 'syz.4.2866': attribute type 1 has an invalid length. [ 165.532675][T16284] 8021q: adding VLAN 0 to HW filter on device bond3 [ 165.544748][T16275] EXT4-fs mount: 8 callbacks suppressed [ 165.544799][T16275] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.580347][T16319] netlink: 'syz.3.2867': attribute type 1 has an invalid length. [ 165.768580][T16284] bond3 (unregistering): Released all slaves [ 165.805751][T16319] 8021q: adding VLAN 0 to HW filter on device bond3 [ 165.806395][T16392] netlink: 'syz.0.2869': attribute type 10 has an invalid length. [ 165.833150][T16392] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 165.868882][T15782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.880764][ T29] kauditd_printk_skb: 190 callbacks suppressed [ 165.880831][ T29] audit: type=1326 audit(1750489954.587:45607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16395 comm="syz.3.2871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19d3cce929 code=0x7ffc0000 [ 165.911171][ T29] audit: type=1326 audit(1750489954.597:45608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16395 comm="syz.3.2871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f19d3cce929 code=0x7ffc0000 [ 165.934876][ T29] audit: type=1326 audit(1750489954.597:45609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16395 comm="syz.3.2871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19d3cce929 code=0x7ffc0000 [ 165.958653][ T29] audit: type=1326 audit(1750489954.597:45610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16395 comm="syz.3.2871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19d3cce929 code=0x7ffc0000 [ 165.982373][ T29] audit: type=1326 audit(1750489954.597:45611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16395 comm="syz.3.2871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f19d3cce929 code=0x7ffc0000 [ 166.006280][ T29] audit: type=1326 audit(1750489954.597:45612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16395 comm="syz.3.2871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19d3cce929 code=0x7ffc0000 [ 166.029958][ T29] audit: type=1326 audit(1750489954.597:45613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16395 comm="syz.3.2871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19d3cce929 code=0x7ffc0000 [ 166.053614][ T29] audit: type=1326 audit(1750489954.597:45614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16395 comm="syz.3.2871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f19d3cce929 code=0x7ffc0000 [ 166.077284][ T29] audit: type=1326 audit(1750489954.597:45615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16395 comm="syz.3.2871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19d3cce929 code=0x7ffc0000 [ 166.101059][ T29] audit: type=1326 audit(1750489954.597:45616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16395 comm="syz.3.2871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f19d3cce929 code=0x7ffc0000 [ 166.244490][T16426] netlink: 'syz.3.2884': attribute type 1 has an invalid length. [ 166.246532][T16428] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 166.266180][T16421] loop2: detected capacity change from 0 to 512 [ 166.288486][T16426] 8021q: adding VLAN 0 to HW filter on device bond4 [ 166.297822][T16421] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 166.329864][T16426] bond4 (unregistering): Released all slaves [ 166.361964][T16421] EXT4-fs (loop2): 1 truncate cleaned up [ 166.368558][T16421] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.456770][T15782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.522096][T16516] loop4: detected capacity change from 0 to 2048 [ 166.532504][T16516] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.548404][T16516] EXT4-fs error (device loop4): ext4_find_dest_de:2052: inode #12: block 9: comm syz.4.2888: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=13, rec_len=21, size=56 fake=0 [ 166.566607][T16516] EXT4-fs (loop4): Remounting filesystem read-only [ 166.647253][T16536] loop3: detected capacity change from 0 to 512 [ 166.654840][T16536] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 166.668895][T16536] EXT4-fs (loop3): 1 truncate cleaned up [ 166.675261][T16536] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.689464][T16536] EXT4-fs error (device loop3): __ext4_iget:5379: inode #12: block 2: comm syz.3.2897: invalid block [ 166.692980][T16540] team0: Port device geneve1 added [ 166.760007][T16544] xt_hashlimit: max too large, truncated to 1048576 [ 166.797247][T16544] syzkaller0: entered promiscuous mode [ 166.802777][T16544] syzkaller0: entered allmulticast mode [ 167.150332][T16550] chnl_net:caif_netlink_parms(): no params data found [ 167.195697][ T31] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.244755][T16550] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.251887][T16550] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.260583][T16550] bridge_slave_0: entered allmulticast mode [ 167.268355][ T4079] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.268876][T16550] bridge_slave_0: entered promiscuous mode [ 167.286276][T16550] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.293429][T16550] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.300743][T16550] bridge_slave_1: entered allmulticast mode [ 167.309321][T16550] bridge_slave_1: entered promiscuous mode [ 167.319180][ T31] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.350947][T16550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.363186][ T31] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.386219][T16550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.397947][T16754] loop4: detected capacity change from 0 to 512 [ 167.405322][T16754] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 167.417496][T16754] EXT4-fs (loop4): 1 truncate cleaned up [ 167.429189][T16754] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.447425][T16550] team0: Port device team_slave_0 added [ 167.448746][ T4302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.454891][T16550] team0: Port device team_slave_1 added [ 167.477955][ T31] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.498027][T16754] EXT4-fs error (device loop4): __ext4_iget:5379: inode #12: block 2: comm syz.4.2906: invalid block [ 167.527740][T16550] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 167.534817][T16550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.561305][T16550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 167.572736][T16550] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 167.579790][T16550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.606043][T16550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 167.649943][T16550] hsr_slave_0: entered promiscuous mode [ 167.657563][T16550] hsr_slave_1: entered promiscuous mode [ 167.667274][T16550] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.679394][T16550] Cannot create hsr debugfs directory [ 167.726799][ T31] bridge_slave_1: left allmulticast mode [ 167.732540][ T31] bridge_slave_1: left promiscuous mode [ 167.738403][ T31] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.755792][T16878] __nla_validate_parse: 11 callbacks suppressed [ 167.755813][T16878] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2915'. [ 167.817592][ T31] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 167.827787][ T31] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 167.837803][ T31] bond0 (unregistering): Released all slaves [ 167.881827][T16891] FAULT_INJECTION: forcing a failure. [ 167.881827][T16891] name failslab, interval 1, probability 0, space 0, times 0 [ 167.894683][T16891] CPU: 1 UID: 0 PID: 16891 Comm: syz.5.2916 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(voluntary) [ 167.894720][T16891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.894737][T16891] Call Trace: [ 167.894744][T16891] [ 167.894753][T16891] __dump_stack+0x1d/0x30 [ 167.894786][T16891] dump_stack_lvl+0xe8/0x140 [ 167.894841][T16891] dump_stack+0x15/0x1b [ 167.894862][T16891] should_fail_ex+0x265/0x280 [ 167.894903][T16891] should_failslab+0x8c/0xb0 [ 167.894954][T16891] kmem_cache_alloc_noprof+0x50/0x310 [ 167.894987][T16891] ? alloc_empty_file+0x76/0x200 [ 167.895032][T16891] alloc_empty_file+0x76/0x200 [ 167.895065][T16891] path_openat+0x68/0x2170 [ 167.895098][T16891] ? _parse_integer_limit+0x170/0x190 [ 167.895186][T16891] ? _parse_integer+0x27/0x40 [ 167.895211][T16891] ? kstrtoull+0x111/0x140 [ 167.895238][T16891] ? kstrtouint+0x76/0xc0 [ 167.895307][T16891] do_filp_open+0x109/0x230 [ 167.895354][T16891] do_sys_openat2+0xa6/0x110 [ 167.895396][T16891] __x64_sys_creat+0x65/0x90 [ 167.895429][T16891] x64_sys_call+0x114d/0x2fb0 [ 167.895525][T16891] do_syscall_64+0xd2/0x200 [ 167.895547][T16891] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 167.895624][T16891] ? clear_bhb_loop+0x40/0x90 [ 167.895645][T16891] ? clear_bhb_loop+0x40/0x90 [ 167.895694][T16891] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.895719][T16891] RIP: 0033:0x7fd2b253e929 [ 167.895738][T16891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.895777][T16891] RSP: 002b:00007fd2b0ba7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 167.895815][T16891] RAX: ffffffffffffffda RBX: 00007fd2b2765fa0 RCX: 00007fd2b253e929 [ 167.895829][T16891] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000380 [ 167.895844][T16891] RBP: 00007fd2b0ba7090 R08: 0000000000000000 R09: 0000000000000000 [ 167.895901][T16891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.895947][T16891] R13: 0000000000000000 R14: 00007fd2b2765fa0 R15: 00007ffeef49c4d8 [ 167.896026][T16891] [ 167.904000][ T31] tipc: Left network mode [ 168.126583][ T31] hsr_slave_1: left promiscuous mode [ 168.132440][ T31] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 168.139949][ T31] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 168.150824][ T31] veth1_macvtap: left promiscuous mode [ 168.156399][ T31] veth0_macvtap: left promiscuous mode [ 168.161965][ T31] veth1_vlan: left promiscuous mode [ 168.167263][ T31] veth0_vlan: left promiscuous mode [ 168.187953][ T4079] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.275151][T16931] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=16931 comm=syz.5.2917 [ 168.277113][T16926] macvlan3: entered promiscuous mode [ 168.492943][T16962] loop5: detected capacity change from 0 to 512 [ 168.501672][T16962] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 168.513146][T16962] EXT4-fs (loop5): 1 truncate cleaned up [ 168.519334][T16962] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.551639][T16962] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2925'. [ 168.560677][T16962] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2925'. [ 168.601544][T14468] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.614944][T16977] validate_nla: 5 callbacks suppressed [ 168.614961][T16977] netlink: 'syz.3.2927': attribute type 1 has an invalid length. [ 168.635430][T16977] 8021q: adding VLAN 0 to HW filter on device bond4 [ 168.664350][T16977] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2927'. [ 168.685475][T17025] netlink: 'syz.5.2926': attribute type 10 has an invalid length. [ 168.693438][T17025] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2926'. [ 168.704007][T16977] bond4 (unregistering): Released all slaves [ 168.706741][T17027] netlink: 'syz.2.2929': attribute type 1 has an invalid length. [ 168.724403][T17027] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2929'. [ 168.724558][T16550] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 168.758362][T16550] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 168.769678][T16550] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 168.781983][T16550] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 168.801654][T17065] loop3: detected capacity change from 0 to 2048 [ 168.836719][T17065] EXT4-fs (loop3): failed to initialize system zone (-117) [ 168.846143][T17065] EXT4-fs (loop3): mount failed [ 168.849230][T16550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.859306][T17065] program syz.3.2931 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 168.873634][T16550] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.892299][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.899458][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.914131][ T3452] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.921300][ T3452] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.025993][T16550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.104195][T16550] veth0_vlan: entered promiscuous mode [ 169.112973][T16550] veth1_vlan: entered promiscuous mode [ 169.133486][T16550] veth0_macvtap: entered promiscuous mode [ 169.140810][T16550] veth1_macvtap: entered promiscuous mode [ 169.156470][T16550] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 169.169739][T16550] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 169.180152][T16550] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.189132][T16550] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.198027][T16550] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.206971][T16550] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.220567][T17105] bridge0: entered promiscuous mode [ 169.226960][T17105] macvlan2: entered promiscuous mode [ 169.235902][T17114] netlink: 'syz.4.2940': attribute type 10 has an invalid length. [ 169.240529][T17105] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=17105 comm=syz.2.2938 [ 169.243839][T17114] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2940'. [ 169.269394][T17114] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 169.322114][T17121] vxcan0: tx drop: invalid sa for name 0x0000001000000000 [ 169.331097][T17121] vxcan0: tx drop: invalid sa for name 0x0000001000000000 [ 169.356088][T17123] loop4: detected capacity change from 0 to 512 [ 169.371492][T17123] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 169.382134][T17127] netlink: 240 bytes leftover after parsing attributes in process `syz.2.2944'. [ 169.394458][T17127] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2944'. [ 169.398225][T17123] EXT4-fs (loop4): 1 truncate cleaned up [ 169.418919][T17130] loop0: detected capacity change from 0 to 2048 [ 169.424662][T17123] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.447060][T17130] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 169.471807][T17123] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2942'. [ 169.534844][ T4079] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.578994][T17151] netlink: 'syz.2.2950': attribute type 10 has an invalid length. [ 169.588406][T16550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.688827][T17164] loop2: detected capacity change from 0 to 2048 [ 169.705980][T17164] EXT4-fs (loop2): failed to initialize system zone (-117) [ 169.713578][T17164] EXT4-fs (loop2): mount failed [ 169.725870][T17164] program syz.2.2955 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 169.881274][T17183] loop2: detected capacity change from 0 to 512 [ 169.889990][T17183] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 169.904303][T17183] EXT4-fs (loop2): 1 truncate cleaned up [ 169.910774][T17183] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.945165][T17193] FAULT_INJECTION: forcing a failure. [ 169.945165][T17193] name failslab, interval 1, probability 0, space 0, times 0 [ 169.957972][T17193] CPU: 1 UID: 0 PID: 17193 Comm: syz.3.2962 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(voluntary) [ 169.958001][T17193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 169.958092][T17193] Call Trace: [ 169.958101][T17193] [ 169.958110][T17193] __dump_stack+0x1d/0x30 [ 169.958148][T17193] dump_stack_lvl+0xe8/0x140 [ 169.958230][T17193] dump_stack+0x15/0x1b [ 169.958252][T17193] should_fail_ex+0x265/0x280 [ 169.958290][T17193] should_failslab+0x8c/0xb0 [ 169.958355][T17193] __kmalloc_noprof+0xa5/0x3e0 [ 169.958454][T17193] ? iovec_from_user+0x84/0x210 [ 169.958483][T17193] ? mntput_no_expire+0x6f/0x3c0 [ 169.958514][T17193] iovec_from_user+0x84/0x210 [ 169.958543][T17193] __import_iovec+0xf3/0x540 [ 169.958603][T17193] import_iovec+0x61/0x80 [ 169.958629][T17193] ___sys_recvmsg+0x358/0x370 [ 169.958726][T17193] do_recvmmsg+0x1ef/0x540 [ 169.958758][T17193] ? get_timespec64+0xc9/0x100 [ 169.958862][T17193] __x64_sys_recvmmsg+0xfb/0x170 [ 169.958889][T17193] x64_sys_call+0x1c6a/0x2fb0 [ 169.958917][T17193] do_syscall_64+0xd2/0x200 [ 169.958939][T17193] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 169.959040][T17193] ? clear_bhb_loop+0x40/0x90 [ 169.959065][T17193] ? clear_bhb_loop+0x40/0x90 [ 169.959086][T17193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.959105][T17193] RIP: 0033:0x7f19d3cce929 [ 169.959120][T17193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.959164][T17193] RSP: 002b:00007f19d2337038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 169.959187][T17193] RAX: ffffffffffffffda RBX: 00007f19d3ef5fa0 RCX: 00007f19d3cce929 [ 169.959202][T17193] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 169.959218][T17193] RBP: 00007f19d2337090 R08: 0000200000003700 R09: 0000000000000000 [ 169.959233][T17193] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001 [ 169.959270][T17193] R13: 0000000000000000 R14: 00007f19d3ef5fa0 R15: 00007ffdc1d38098 [ 169.959294][T17193] [ 170.182019][T17197] netlink: 'syz.5.2963': attribute type 10 has an invalid length. [ 170.207512][T15782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.261397][T17211] program syz.3.2968 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 170.389105][T17224] @: renamed from vlan0 (while UP) [ 170.419550][T17232] netlink: 'syz.4.2976': attribute type 10 has an invalid length. [ 170.427944][T17232] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 170.497830][T17242] program syz.5.2979 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 170.596969][T17258] netlink: 'syz.4.2987': attribute type 12 has an invalid length. [ 170.624521][T17263] FAULT_INJECTION: forcing a failure. [ 170.624521][T17263] name failslab, interval 1, probability 0, space 0, times 0 [ 170.631687][T17265] netlink: 'syz.4.2989': attribute type 10 has an invalid length. [ 170.637277][T17263] CPU: 0 UID: 0 PID: 17263 Comm: syz.5.2988 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(voluntary) [ 170.637313][T17263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.637379][T17263] Call Trace: [ 170.637386][T17263] [ 170.637396][T17263] __dump_stack+0x1d/0x30 [ 170.637422][T17263] dump_stack_lvl+0xe8/0x140 [ 170.637440][T17263] dump_stack+0x15/0x1b [ 170.637456][T17263] should_fail_ex+0x265/0x280 [ 170.637496][T17263] ? rtnl_newlink+0x5c/0x12d0 [ 170.637591][T17263] should_failslab+0x8c/0xb0 [ 170.637653][T17263] __kmalloc_cache_noprof+0x4c/0x320 [ 170.637815][T17263] rtnl_newlink+0x5c/0x12d0 [ 170.637855][T17263] ? enqueue_hrtimer+0x8a/0x160 [ 170.637888][T17263] ? _raw_spin_unlock_irqrestore+0x2b/0x60 [ 170.637996][T17263] ? hrtimer_start_range_ns+0x6e3/0x740 [ 170.638032][T17263] ? start_dl_timer+0xd0/0x110 [ 170.638064][T17263] ? enqueue_dl_entity+0x35c/0x610 [ 170.638101][T17263] ? __rb_reserve_next+0x33d/0x6f0 [ 170.638201][T17263] ? __kfree_skb+0x109/0x150 [ 170.638229][T17263] ? __rcu_read_unlock+0x4f/0x70 [ 170.638254][T17263] ? avc_has_perm_noaudit+0x1b1/0x200 [ 170.638295][T17263] ? selinux_capable+0x1f9/0x270 [ 170.638344][T17263] ? security_capable+0x83/0x90 [ 170.638381][T17263] ? ns_capable+0x7d/0xb0 [ 170.638471][T17263] ? __pfx_rtnl_newlink+0x10/0x10 [ 170.638502][T17263] rtnetlink_rcv_msg+0x5fb/0x6d0 [ 170.638586][T17263] netlink_rcv_skb+0x120/0x220 [ 170.638630][T17263] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 170.638748][T17263] rtnetlink_rcv+0x1c/0x30 [ 170.638818][T17263] netlink_unicast+0x5a1/0x670 [ 170.638863][T17263] netlink_sendmsg+0x58b/0x6b0 [ 170.638892][T17263] ? __pfx_netlink_sendmsg+0x10/0x10 [ 170.638922][T17263] __sock_sendmsg+0x142/0x180 [ 170.638958][T17263] ____sys_sendmsg+0x345/0x4e0 [ 170.639082][T17263] ___sys_sendmsg+0x17b/0x1d0 [ 170.639156][T17263] __sys_sendmmsg+0x178/0x300 [ 170.639200][T17263] __x64_sys_sendmmsg+0x57/0x70 [ 170.639227][T17263] x64_sys_call+0x2f2f/0x2fb0 [ 170.639292][T17263] do_syscall_64+0xd2/0x200 [ 170.639317][T17263] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 170.639353][T17263] ? clear_bhb_loop+0x40/0x90 [ 170.639382][T17263] ? clear_bhb_loop+0x40/0x90 [ 170.639411][T17263] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.639476][T17263] RIP: 0033:0x7fd2b253e929 [ 170.639496][T17263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.639522][T17263] RSP: 002b:00007fd2b0ba7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 170.639546][T17263] RAX: ffffffffffffffda RBX: 00007fd2b2765fa0 RCX: 00007fd2b253e929 [ 170.639564][T17263] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 000000000000000f [ 170.639581][T17263] RBP: 00007fd2b0ba7090 R08: 0000000000000000 R09: 0000000000000000 [ 170.639598][T17263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.639612][T17263] R13: 0000000000000000 R14: 00007fd2b2765fa0 R15: 00007ffeef49c4d8 [ 170.639722][T17263] [ 170.943688][T17265] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 170.988065][ T29] kauditd_printk_skb: 232 callbacks suppressed [ 170.988083][ T29] audit: type=1326 audit(1750489959.697:45849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17271 comm="syz.5.2991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2b253e929 code=0x7ffc0000 [ 171.018733][ T29] audit: type=1326 audit(1750489959.697:45850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17271 comm="syz.5.2991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd2b253e929 code=0x7ffc0000 [ 171.042510][ T29] audit: type=1326 audit(1750489959.697:45851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17271 comm="syz.5.2991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2b253e929 code=0x7ffc0000 [ 171.066215][ T29] audit: type=1326 audit(1750489959.697:45852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17271 comm="syz.5.2991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd2b253e929 code=0x7ffc0000 [ 171.089884][ T29] audit: type=1326 audit(1750489959.697:45853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17271 comm="syz.5.2991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2b253e929 code=0x7ffc0000 [ 171.113753][ T29] audit: type=1326 audit(1750489959.697:45854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17271 comm="syz.5.2991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd2b253e929 code=0x7ffc0000 [ 171.137363][ T29] audit: type=1326 audit(1750489959.697:45855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17271 comm="syz.5.2991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2b253e929 code=0x7ffc0000 [ 171.161149][ T29] audit: type=1326 audit(1750489959.697:45856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17271 comm="syz.5.2991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd2b253e929 code=0x7ffc0000 [ 171.185107][ T29] audit: type=1326 audit(1750489959.697:45857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17271 comm="syz.5.2991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2b253e929 code=0x7ffc0000 [ 171.202872][T17279] netlink: 'syz.4.2995': attribute type 1 has an invalid length. [ 171.208898][ T29] audit: type=1326 audit(1750489959.697:45858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17271 comm="syz.5.2991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd2b253e929 code=0x7ffc0000 [ 171.251778][T17279] 8021q: adding VLAN 0 to HW filter on device bond3 [ 171.278619][T17279] bond3 (unregistering): Released all slaves [ 171.292852][T17316] program syz.5.2996 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 171.369228][T17352] 8021q: adding VLAN 0 to HW filter on device bond3 [ 171.376936][T17387] loop5: detected capacity change from 0 to 512 [ 171.385131][T17387] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 171.396738][T17352] bond3 (unregistering): Released all slaves [ 171.411983][T17387] EXT4-fs (loop5): 1 truncate cleaned up [ 171.418396][T17387] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.481240][T14468] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.639685][T17451] infiniband syz!: set active [ 171.644515][T17451] infiniband syz!: added team_slave_0 [ 171.661338][T17451] RDS/IB: syz!: added [ 171.665473][T17451] smc: adding ib device syz! with port count 1 [ 171.671850][T17451] smc: ib device syz! port 1 has pnetid [ 171.720484][T17469] xt_hashlimit: max too large, truncated to 1048576 [ 171.763620][T17469] syzkaller0: entered promiscuous mode [ 171.769172][T17469] syzkaller0: entered allmulticast mode [ 171.862258][T17481] loop2: detected capacity change from 0 to 512 [ 171.870081][T17481] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 171.895128][T17481] EXT4-fs (loop2): 1 truncate cleaned up [ 171.901842][T17481] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.960645][T17493] 8021q: adding VLAN 0 to HW filter on device bond1 [ 171.964048][T15782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.004387][T17493] 8021q: adding VLAN 0 to HW filter on device bond1 [ 172.007242][T17532] loop2: detected capacity change from 0 to 2048 [ 172.011821][T17493] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 172.029459][T17532] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 172.032227][T17493] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 172.068317][T17536] gretap1: entered promiscuous mode [ 172.075929][T17536] bond1: (slave gretap1): making interface the new active one [ 172.085282][T17536] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 172.109318][T17536] bond1: (slave vlan0): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 172.356115][T17584] Falling back ldisc for ptm0. [ 172.365258][T17589] xt_hashlimit: max too large, truncated to 1048576 [ 172.411352][T17589] syzkaller0: entered promiscuous mode [ 172.416971][T17589] syzkaller0: entered allmulticast mode [ 172.424694][T17598] xt_hashlimit: max too large, truncated to 1048576 [ 172.489267][T17598] syzkaller0: entered promiscuous mode [ 172.494911][T17598] syzkaller0: entered allmulticast mode [ 172.639357][T17619] loop2: detected capacity change from 0 to 512 [ 172.646817][T17619] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 172.659444][T17619] EXT4-fs (loop2): 1 truncate cleaned up [ 172.668413][T17619] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 172.680781][T17626] loop4: detected capacity change from 0 to 512 [ 172.683618][T17619] EXT4-fs error (device loop2): __ext4_iget:5379: inode #12: block 2: comm syz.2.3050: invalid block [ 172.688456][T17626] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 172.709825][T17626] EXT4-fs (loop4): 1 truncate cleaned up [ 172.716059][T17626] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 172.765122][ T4079] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.831960][T17640] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 172.859230][T17642] __nla_validate_parse: 12 callbacks suppressed [ 172.859247][T17642] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3057'. [ 172.894741][T17644] xt_hashlimit: max too large, truncated to 1048576 [ 172.933156][T17644] syzkaller0: entered promiscuous mode [ 172.938732][T17644] syzkaller0: entered allmulticast mode [ 173.039877][T17650] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3059'. [ 173.048999][T17650] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 173.099052][T17654] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 173.213926][T17672] loop5: detected capacity change from 0 to 2048 [ 173.225623][T17672] EXT4-fs (loop5): failed to initialize system zone (-117) [ 173.232903][T17672] EXT4-fs (loop5): mount failed [ 173.243552][T17672] program syz.5.3068 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 173.280338][T17680] loop4: detected capacity change from 0 to 512 [ 173.287921][T17680] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 173.300165][T17680] EXT4-fs (loop4): 1 truncate cleaned up [ 173.306334][T17680] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.308328][T17684] loop5: detected capacity change from 0 to 512 [ 173.322740][T17680] EXT4-fs error (device loop4): __ext4_iget:5379: inode #12: block 2: comm syz.4.3069: invalid block [ 173.329631][T17684] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 173.348949][T17684] EXT4-fs (loop5): 1 truncate cleaned up [ 173.355475][T17684] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.426481][T14468] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.441615][T15782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.469294][T17694] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3074'. [ 173.822329][T17729] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3085'. [ 173.920477][T17737] loop2: detected capacity change from 0 to 512 [ 173.927577][T17737] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 173.939378][T17737] EXT4-fs (loop2): 1 truncate cleaned up [ 173.945569][T17737] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.987364][T15782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.060676][T17751] validate_nla: 4 callbacks suppressed [ 174.060696][T17751] netlink: 'syz.2.3092': attribute type 11 has an invalid length. [ 174.075019][ T4079] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.138223][T17761] xt_hashlimit: max too large, truncated to 1048576 [ 174.192079][T17761] syzkaller0: entered promiscuous mode [ 174.197720][T17761] syzkaller0: entered allmulticast mode [ 174.394864][T17789] netlink: 'syz.0.3104': attribute type 11 has an invalid length. [ 174.490551][T17803] loop5: detected capacity change from 0 to 2048 [ 174.515686][T17810] xt_hashlimit: max too large, truncated to 1048576 [ 174.516581][T17803] EXT4-fs (loop5): failed to initialize system zone (-117) [ 174.552811][T17803] EXT4-fs (loop5): mount failed [ 174.563741][T17810] syzkaller0: entered promiscuous mode [ 174.569311][T17810] syzkaller0: entered allmulticast mode [ 174.576224][T17803] program syz.5.3107 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 174.695616][ T61] bridge_slave_1: left allmulticast mode [ 174.701351][ T61] bridge_slave_1: left promiscuous mode [ 174.707310][ T61] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.713537][T17861] netlink: 'syz.2.3116': attribute type 1 has an invalid length. [ 174.722618][ T61] bridge_slave_0: left allmulticast mode [ 174.728321][ T61] bridge_slave_0: left promiscuous mode [ 174.734171][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.765578][T17862] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3116'. [ 174.795206][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 174.804760][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 174.814570][ T61] bond0 (unregistering): Released all slaves [ 174.823481][ T61] bond1 (unregistering): Released all slaves [ 174.831963][ T61] bond2 (unregistering): Released all slaves [ 174.849277][T17861] 8021q: adding VLAN 0 to HW filter on device bond1 [ 174.867924][T17862] bond1 (unregistering): Released all slaves [ 174.933045][ T61] hsr_slave_1: left promiscuous mode [ 174.939851][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 174.945347][T17945] netlink: 'syz.2.3119': attribute type 11 has an invalid length. [ 174.955543][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 174.965479][ T61] pimreg (unregistering): left allmulticast mode [ 175.037791][T17952] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 175.082282][T17781] chnl_net:caif_netlink_parms(): no params data found [ 175.090165][T18021] loop2: detected capacity change from 0 to 512 [ 175.105050][T18021] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 175.115133][T18023] loop0: detected capacity change from 0 to 2048 [ 175.125325][T18021] EXT4-fs (loop2): 1 truncate cleaned up [ 175.132568][T18021] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.147175][T18021] EXT4-fs error (device loop2): __ext4_iget:5379: inode #12: block 2: comm syz.2.3122: invalid block [ 175.147625][T18023] EXT4-fs (loop0): failed to initialize system zone (-117) [ 175.168836][T18023] EXT4-fs (loop0): mount failed [ 175.180631][T17781] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.188000][T17781] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.205089][T18023] program syz.0.3123 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 175.215597][T17781] bridge_slave_0: entered allmulticast mode [ 175.222313][T17781] bridge_slave_0: entered promiscuous mode [ 175.229282][T17781] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.236876][T17781] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.244405][T17781] bridge_slave_1: entered allmulticast mode [ 175.251269][T17781] bridge_slave_1: entered promiscuous mode [ 175.288542][T17781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.299972][T17781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.323269][T18131] netlink: 'syz.3.3126': attribute type 10 has an invalid length. [ 175.331293][T18131] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3126'. [ 175.344776][T17781] team0: Port device team_slave_0 added [ 175.359138][T17781] team0: Port device team_slave_1 added [ 175.392311][T17781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 175.399490][T17781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.425523][T17781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.442389][T17781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 175.449451][T17781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 175.475485][T17781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 175.492955][T18168] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3128'. [ 175.515110][T17781] hsr_slave_0: entered promiscuous mode [ 175.521445][T17781] hsr_slave_1: entered promiscuous mode [ 175.527659][T17781] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 175.536614][T17781] Cannot create hsr debugfs directory [ 175.819979][T17781] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 175.829292][T17781] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 175.838374][T17781] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 175.847104][T17781] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 175.872437][T15782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.893113][T17781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.907873][T17781] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.918367][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.925501][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.937019][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.944231][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.014073][T17781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.024017][ T29] kauditd_printk_skb: 320 callbacks suppressed [ 176.024032][ T29] audit: type=1326 audit(1750489964.727:46179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18309 comm="syz.2.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 176.054029][ T29] audit: type=1326 audit(1750489964.727:46180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18309 comm="syz.2.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 176.077705][ T29] audit: type=1326 audit(1750489964.727:46181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18309 comm="syz.2.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 176.101478][ T29] audit: type=1326 audit(1750489964.727:46182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18309 comm="syz.2.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 176.125212][ T29] audit: type=1326 audit(1750489964.727:46183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18309 comm="syz.2.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 176.149107][ T29] audit: type=1326 audit(1750489964.727:46184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18309 comm="syz.2.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 176.172903][ T29] audit: type=1326 audit(1750489964.727:46185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18309 comm="syz.2.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 176.196599][ T29] audit: type=1326 audit(1750489964.727:46186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18309 comm="syz.2.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 176.220420][ T29] audit: type=1326 audit(1750489964.727:46187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18309 comm="syz.2.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 176.244183][ T29] audit: type=1326 audit(1750489964.727:46188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18309 comm="syz.2.3136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 176.270258][T18327] netlink: 'syz.3.3137': attribute type 10 has an invalid length. [ 176.278155][T18327] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3137'. [ 176.297172][T17781] veth0_vlan: entered promiscuous mode [ 176.306753][T17781] veth1_vlan: entered promiscuous mode [ 176.329172][T17781] veth0_macvtap: entered promiscuous mode [ 176.338532][T17781] veth1_macvtap: entered promiscuous mode [ 176.351928][T17781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 176.352432][T18331] xt_hashlimit: max too large, truncated to 1048576 [ 176.366533][T17781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 176.380913][T17781] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.389853][T17781] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.398881][T17781] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.407799][T17781] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.439244][T18331] syzkaller0: entered promiscuous mode [ 176.445073][T18331] syzkaller0: entered allmulticast mode [ 176.496251][T18342] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 176.565260][T18352] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3144'. [ 176.574891][T18349] netlink: 'syz.3.3142': attribute type 1 has an invalid length. [ 176.590152][T18354] netlink: 'syz.0.3145': attribute type 11 has an invalid length. [ 176.611261][T18349] 8021q: adding VLAN 0 to HW filter on device bond4 [ 176.626142][T18349] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3142'. [ 176.646767][T18349] bond4 (unregistering): Released all slaves [ 176.657438][T18393] netlink: 'syz.0.3147': attribute type 10 has an invalid length. [ 176.696693][T18393] team0: Port device geneve1 added [ 176.699719][T18427] loop4: detected capacity change from 0 to 512 [ 176.710336][T18427] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 176.734846][T18427] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 176.753942][T18427] EXT4-fs (loop4): 1 truncate cleaned up [ 176.760284][T18427] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.801469][T17781] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.831474][T18443] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 176.859301][T18444] xt_hashlimit: max too large, truncated to 1048576 [ 176.877703][T18448] loop3: detected capacity change from 0 to 512 [ 176.900018][T18452] loop0: detected capacity change from 0 to 512 [ 176.901557][T18448] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 176.915200][T18452] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 176.927594][T18448] EXT4-fs (loop3): 1 truncate cleaned up [ 176.933995][T18448] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.943796][T18444] syzkaller0: entered promiscuous mode [ 176.951969][T18444] syzkaller0: entered allmulticast mode [ 176.955825][T18452] EXT4-fs (loop0): 1 truncate cleaned up [ 176.964323][T18452] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.012789][ T4302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.023061][T16550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.068757][T18474] netlink: 'syz.0.3161': attribute type 10 has an invalid length. [ 177.259241][T18505] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 177.566288][T18541] syz!: rxe_newlink: already configured on team_slave_0 [ 177.592160][T18545] FAULT_INJECTION: forcing a failure. [ 177.592160][T18545] name failslab, interval 1, probability 0, space 0, times 0 [ 177.604940][T18545] CPU: 1 UID: 0 PID: 18545 Comm: syz.5.3186 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(voluntary) [ 177.604978][T18545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 177.604995][T18545] Call Trace: [ 177.605003][T18545] [ 177.605086][T18545] __dump_stack+0x1d/0x30 [ 177.605185][T18545] dump_stack_lvl+0xe8/0x140 [ 177.605210][T18545] dump_stack+0x15/0x1b [ 177.605298][T18545] should_fail_ex+0x265/0x280 [ 177.605400][T18545] should_failslab+0x8c/0xb0 [ 177.605432][T18545] __kmalloc_noprof+0xa5/0x3e0 [ 177.605465][T18545] ? iovec_from_user+0x84/0x210 [ 177.605537][T18545] ? mntput_no_expire+0x6f/0x3c0 [ 177.605566][T18545] iovec_from_user+0x84/0x210 [ 177.605588][T18545] __import_iovec+0xf3/0x540 [ 177.605615][T18545] import_iovec+0x61/0x80 [ 177.605702][T18545] ___sys_recvmsg+0x358/0x370 [ 177.605740][T18545] do_recvmmsg+0x1ef/0x540 [ 177.605772][T18545] ? get_timespec64+0xc9/0x100 [ 177.605856][T18545] __x64_sys_recvmmsg+0xfb/0x170 [ 177.605882][T18545] x64_sys_call+0x1c6a/0x2fb0 [ 177.605953][T18545] do_syscall_64+0xd2/0x200 [ 177.605975][T18545] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 177.606003][T18545] ? clear_bhb_loop+0x40/0x90 [ 177.606031][T18545] ? clear_bhb_loop+0x40/0x90 [ 177.606080][T18545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.606107][T18545] RIP: 0033:0x7fd2b253e929 [ 177.606125][T18545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.606149][T18545] RSP: 002b:00007fd2b0ba7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 177.606211][T18545] RAX: ffffffffffffffda RBX: 00007fd2b2765fa0 RCX: 00007fd2b253e929 [ 177.606225][T18545] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 177.606241][T18545] RBP: 00007fd2b0ba7090 R08: 0000200000003700 R09: 0000000000000000 [ 177.606257][T18545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 177.606272][T18545] R13: 0000000000000000 R14: 00007fd2b2765fa0 R15: 00007ffeef49c4d8 [ 177.606297][T18545] [ 177.878830][T18556] ALSA: seq fatal error: cannot create timer (-22) [ 177.890695][T18556] loop4: detected capacity change from 0 to 512 [ 177.891209][T18561] __nla_validate_parse: 3 callbacks suppressed [ 177.891233][T18561] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3192'. [ 177.914325][T18556] EXT4-fs: Ignoring removed mblk_io_submit option [ 177.918391][T18551] syzkaller0: entered promiscuous mode [ 177.921226][T18556] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 177.926632][T18551] syzkaller0: entered allmulticast mode [ 177.942839][T18556] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e016c018, mo2=0002] [ 177.951385][T18556] System zones: 1-12 [ 177.976073][T18556] EXT4-fs (loop4): 1 truncate cleaned up [ 177.982359][T18556] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.069984][T18581] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3197'. [ 178.199081][T18592] loop3: detected capacity change from 0 to 512 [ 178.207453][T18592] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 178.220339][T18592] EXT4-fs (loop3): 1 truncate cleaned up [ 178.228311][T18592] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.286383][ T4302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.336138][T17781] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.753603][T18618] xt_hashlimit: max too large, truncated to 1048576 [ 178.790488][T18618] syzkaller0: entered promiscuous mode [ 178.796037][T18618] syzkaller0: entered allmulticast mode [ 178.895110][T18634] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3211'. [ 178.922138][T18635] loop3: detected capacity change from 0 to 512 [ 178.944940][T18635] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 178.957863][T18635] EXT4-fs (loop3): 1 truncate cleaned up [ 178.964253][T18635] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.982789][T18635] EXT4-fs error (device loop3): __ext4_iget:5379: inode #12: block 2: comm syz.3.3208: invalid block [ 179.016564][T18647] syzkaller0: entered promiscuous mode [ 179.022140][T18647] syzkaller0: entered allmulticast mode [ 179.250256][T18666] loop0: detected capacity change from 0 to 512 [ 179.258884][T18666] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 179.272577][T18666] EXT4-fs (loop0): 1 truncate cleaned up [ 179.279019][T18666] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 179.295089][T18666] EXT4-fs error (device loop0): __ext4_iget:5379: inode #12: block 2: comm syz.0.3222: invalid block [ 179.377675][T16550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.551443][T18694] loop5: detected capacity change from 0 to 1024 [ 179.565331][T18694] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 179.585725][T18694] EXT4-fs error (device loop5): ext4_xattr_inode_iget:437: comm syz.5.3232: inode #4222111367: comm syz.5.3232: iget: illegal inode # [ 179.603623][T18694] EXT4-fs (loop5): Remounting filesystem read-only [ 179.610472][T18694] EXT4-fs warning (device loop5): ext4_xattr_block_set:2190: inode #20: comm syz.5.3232: dec ref error=-30 [ 179.648328][T18694] dvmrp1: entered allmulticast mode [ 179.659511][T18694] dvmrp1: left allmulticast mode [ 179.719109][T18713] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3232'. [ 179.731595][ T4302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.807486][T18720] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3238'. [ 179.959349][T18739] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 180.250980][T18772] loop4: detected capacity change from 0 to 2048 [ 180.264717][T18769] syzkaller0: entered promiscuous mode [ 180.270293][T18769] syzkaller0: entered allmulticast mode [ 180.277319][T18772] EXT4-fs (loop4): failed to initialize system zone (-117) [ 180.288402][T18772] EXT4-fs (loop4): mount failed [ 180.316176][T18772] program syz.4.3258 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 180.360137][T18784] validate_nla: 5 callbacks suppressed [ 180.360152][T18784] netlink: 'syz.0.3261': attribute type 11 has an invalid length. [ 180.404934][T14468] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.441442][T18789] FAULT_INJECTION: forcing a failure. [ 180.441442][T18789] name failslab, interval 1, probability 0, space 0, times 0 [ 180.454149][T18789] CPU: 0 UID: 0 PID: 18789 Comm: syz.4.3264 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(voluntary) [ 180.454273][T18789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 180.454286][T18789] Call Trace: [ 180.454293][T18789] [ 180.454302][T18789] __dump_stack+0x1d/0x30 [ 180.454325][T18789] dump_stack_lvl+0xe8/0x140 [ 180.454346][T18789] dump_stack+0x15/0x1b [ 180.454363][T18789] should_fail_ex+0x265/0x280 [ 180.454452][T18789] should_failslab+0x8c/0xb0 [ 180.454476][T18789] kmem_cache_alloc_noprof+0x50/0x310 [ 180.454569][T18789] ? audit_log_start+0x365/0x6c0 [ 180.454602][T18789] audit_log_start+0x365/0x6c0 [ 180.454639][T18789] audit_seccomp+0x48/0x100 [ 180.454713][T18789] ? __seccomp_filter+0x68c/0x10d0 [ 180.454740][T18789] __seccomp_filter+0x69d/0x10d0 [ 180.454777][T18789] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 180.454844][T18789] ? vfs_write+0x75e/0x8e0 [ 180.454877][T18789] ? __rcu_read_unlock+0x4f/0x70 [ 180.454900][T18789] ? __fget_files+0x184/0x1c0 [ 180.455000][T18789] __secure_computing+0x82/0x150 [ 180.455025][T18789] syscall_trace_enter+0xcf/0x1e0 [ 180.455075][T18789] do_syscall_64+0xac/0x200 [ 180.455095][T18789] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 180.455196][T18789] ? clear_bhb_loop+0x40/0x90 [ 180.455224][T18789] ? clear_bhb_loop+0x40/0x90 [ 180.455253][T18789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.455346][T18789] RIP: 0033:0x7fa3f06ed33c [ 180.455364][T18789] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 180.455388][T18789] RSP: 002b:00007fa3eed57030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 180.455479][T18789] RAX: ffffffffffffffda RBX: 00007fa3f0915fa0 RCX: 00007fa3f06ed33c [ 180.455496][T18789] RDX: 000000000000000f RSI: 00007fa3eed570a0 RDI: 0000000000000006 [ 180.455512][T18789] RBP: 00007fa3eed57090 R08: 0000000000000000 R09: 0000000000000000 [ 180.455529][T18789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 180.455545][T18789] R13: 0000000000000000 R14: 00007fa3f0915fa0 R15: 00007fffcee18be8 [ 180.455651][T18789] [ 180.737075][T18811] xt_hashlimit: max too large, truncated to 1048576 [ 180.775266][T18819] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3283'. [ 180.792115][T18811] syzkaller0: entered promiscuous mode [ 180.797915][T18811] syzkaller0: entered allmulticast mode [ 180.813131][T18821] netlink: 'syz.3.3273': attribute type 1 has an invalid length. [ 180.830413][T18823] loop0: detected capacity change from 0 to 1024 [ 180.847407][T18821] 8021q: adding VLAN 0 to HW filter on device bond4 [ 180.873398][T18823] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.883077][T18862] loop5: detected capacity change from 0 to 2048 [ 180.902235][T18821] 8021q: adding VLAN 0 to HW filter on device bond4 [ 180.911284][T18862] EXT4-fs (loop5): failed to initialize system zone (-117) [ 180.917192][T18872] loop4: detected capacity change from 0 to 1024 [ 180.925885][T18823] EXT4-fs error (device loop0): ext4_xattr_inode_iget:437: comm syz.0.3274: inode #4222111367: comm syz.0.3274: iget: illegal inode # [ 180.928573][T18862] EXT4-fs (loop5): mount failed [ 180.941395][T18823] EXT4-fs (loop0): Remounting filesystem read-only [ 180.945212][T18821] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address [ 180.951649][T18823] EXT4-fs warning (device loop0): ext4_xattr_block_set:2190: inode #20: comm syz.0.3274: dec ref error=-30 [ 180.965075][T18872] EXT4-fs: Ignoring removed bh option [ 180.978846][T18821] bond4: (slave vxcan3): Error -95 calling set_mac_address [ 180.983765][T18872] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 181.002416][T18872] EXT4-fs error (device loop4): ext4_quota_enable:7124: comm syz.4.3276: inode #2304: comm syz.4.3276: iget: illegal inode # [ 181.016661][T18862] program syz.5.3275 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 181.026097][T18872] EXT4-fs (loop4): Remounting filesystem read-only [ 181.031500][T18823] dvmrp1: entered allmulticast mode [ 181.032636][T18872] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix. [ 181.055741][T18872] EXT4-fs (loop4): mount failed [ 181.056437][T18874] gretap2: entered promiscuous mode [ 181.068733][T18874] bond4: (slave gretap2): making interface the new active one [ 181.076788][T18874] bond4: (slave gretap2): Enslaving as an active interface with an up link [ 181.085731][T18884] dvmrp1: left allmulticast mode [ 181.115689][T18886] bond4: (slave vlan2): the slave hw address is in use by the bond; giving it the hw address of gretap2 [ 181.152368][T16550] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.199256][T18910] netlink: 'syz.0.3279': attribute type 10 has an invalid length. [ 181.200773][T18911] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3280'. [ 181.207151][T18910] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3279'. [ 181.284929][ T29] kauditd_printk_skb: 290 callbacks suppressed [ 181.284948][ T29] audit: type=1326 audit(1750489969.997:46477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18919 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 181.315697][ T29] audit: type=1326 audit(1750489969.997:46478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18919 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 181.339470][ T29] audit: type=1326 audit(1750489969.997:46479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18919 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 181.372281][ T29] audit: type=1326 audit(1750489969.997:46480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18919 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 181.396136][ T29] audit: type=1326 audit(1750489969.997:46481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18919 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 181.419844][ T29] audit: type=1326 audit(1750489969.997:46482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18919 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 181.443619][ T29] audit: type=1326 audit(1750489969.997:46483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18919 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 181.452705][T18926] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3287'. [ 181.467300][ T29] audit: type=1326 audit(1750489969.997:46484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18919 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 181.499951][ T29] audit: type=1326 audit(1750489969.997:46485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18919 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 181.500004][T18926] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3287'. [ 181.523592][ T29] audit: type=1326 audit(1750489969.997:46486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18919 comm="syz.2.3285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 181.562687][T18932] loop2: detected capacity change from 0 to 128 [ 181.599776][T18926] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 181.609680][T18942] syzkaller0: entered promiscuous mode [ 181.615964][T18942] syzkaller0: entered allmulticast mode [ 181.674667][T18959] netlink: 'syz.2.3295': attribute type 10 has an invalid length. [ 181.707568][T18961] dvmrp1: entered allmulticast mode [ 181.716998][T18961] dvmrp1: left allmulticast mode [ 181.824051][T18975] netlink: 'syz.3.3301': attribute type 12 has an invalid length. [ 181.914614][T18989] netlink: 'syz.2.3307': attribute type 10 has an invalid length. [ 182.068801][T19012] dvmrp1: entered allmulticast mode [ 182.075260][T19012] dvmrp1: left allmulticast mode [ 182.170780][T19023] netlink: 'syz.2.3320': attribute type 10 has an invalid length. [ 182.239245][T19033] xt_hashlimit: max too large, truncated to 1048576 [ 182.286655][T19033] syzkaller0: entered promiscuous mode [ 182.292228][T19033] syzkaller0: entered allmulticast mode [ 182.386276][T19046] loop4: detected capacity change from 0 to 512 [ 182.393707][T19046] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 182.405968][T19046] EXT4-fs (loop4): 1 truncate cleaned up [ 182.412048][T19046] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.426054][T19046] EXT4-fs error (device loop4): __ext4_iget:5379: inode #12: block 2: comm syz.4.3328: invalid block [ 182.529374][T19055] dvmrp1: entered allmulticast mode [ 182.536833][T19055] dvmrp1: left allmulticast mode [ 182.554908][T19061] netlink: 'syz.2.3331': attribute type 10 has an invalid length. [ 182.794744][T19092] random: crng reseeded on system resumption [ 182.906773][T19103] __nla_validate_parse: 11 callbacks suppressed [ 182.906794][T19103] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3347'. [ 182.966090][T19111] netlink: 'syz.0.3351': attribute type 11 has an invalid length. [ 183.089376][T19131] loop5: detected capacity change from 0 to 2048 [ 183.105241][T19131] EXT4-fs (loop5): failed to initialize system zone (-117) [ 183.112789][T19131] EXT4-fs (loop5): mount failed [ 183.124095][T19131] program syz.5.3359 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 183.174610][T17781] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.262391][T19150] netlink: 'syz.4.3363': attribute type 12 has an invalid length. [ 183.356632][T19157] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 183.385619][T19159] Falling back ldisc for ptm0. [ 183.506862][T19180] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3374'. [ 183.527496][T19182] loop5: detected capacity change from 0 to 512 [ 183.540776][T19182] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 183.554477][T19182] EXT4-fs (loop5): 1 truncate cleaned up [ 183.565449][T19182] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.579556][T19182] EXT4-fs error (device loop5): __ext4_iget:5379: inode #12: block 2: comm syz.5.3370: invalid block [ 183.634648][T19198] futex_wake_op: syz.4.3381 tries to shift op by -1; fix this program [ 183.787268][T19207] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3384'. [ 183.829084][T19211] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3386'. [ 183.909653][T19221] FAULT_INJECTION: forcing a failure. [ 183.909653][T19221] name failslab, interval 1, probability 0, space 0, times 0 [ 183.922525][T19221] CPU: 1 UID: 0 PID: 19221 Comm: syz.3.3391 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(voluntary) [ 183.922560][T19221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 183.922610][T19221] Call Trace: [ 183.922616][T19221] [ 183.922623][T19221] __dump_stack+0x1d/0x30 [ 183.922643][T19221] dump_stack_lvl+0xe8/0x140 [ 183.922666][T19221] dump_stack+0x15/0x1b [ 183.922688][T19221] should_fail_ex+0x265/0x280 [ 183.922801][T19221] ? alloc_async+0x2d/0x90 [ 183.922820][T19221] should_failslab+0x8c/0xb0 [ 183.922848][T19221] __kmalloc_cache_noprof+0x4c/0x320 [ 183.922886][T19221] alloc_async+0x2d/0x90 [ 183.922938][T19221] proc_do_submiturb+0x76d/0x1d00 [ 183.922965][T19221] proc_submiturb+0x7b/0xa0 [ 183.923002][T19221] usbdev_ioctl+0xcc2/0x1710 [ 183.923037][T19221] ? __pfx_usbdev_ioctl+0x10/0x10 [ 183.923070][T19221] __se_sys_ioctl+0xce/0x140 [ 183.923108][T19221] __x64_sys_ioctl+0x43/0x50 [ 183.923188][T19221] x64_sys_call+0x19a8/0x2fb0 [ 183.923220][T19221] do_syscall_64+0xd2/0x200 [ 183.923242][T19221] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 183.923334][T19221] ? clear_bhb_loop+0x40/0x90 [ 183.923360][T19221] ? clear_bhb_loop+0x40/0x90 [ 183.923388][T19221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.923415][T19221] RIP: 0033:0x7f19d3cce929 [ 183.923492][T19221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.923509][T19221] RSP: 002b:00007f19d2337038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 183.923533][T19221] RAX: ffffffffffffffda RBX: 00007f19d3ef5fa0 RCX: 00007f19d3cce929 [ 183.923549][T19221] RDX: 0000200000000140 RSI: 000000008038550a RDI: 0000000000000005 [ 183.923565][T19221] RBP: 00007f19d2337090 R08: 0000000000000000 R09: 0000000000000000 [ 183.923581][T19221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.923610][T19221] R13: 0000000000000000 R14: 00007f19d3ef5fa0 R15: 00007ffdc1d38098 [ 183.923629][T19221] [ 184.308816][T14468] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.337111][T19258] 8021q: adding VLAN 0 to HW filter on device bond5 [ 184.351665][T19258] 8021q: adding VLAN 0 to HW filter on device bond5 [ 184.359116][T19258] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address [ 184.371519][T19258] bond5: (slave vxcan3): Error -95 calling set_mac_address [ 184.545944][T19322] loop5: detected capacity change from 0 to 1024 [ 184.578161][T19322] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 184.598469][T19322] EXT4-fs error (device loop5): ext4_xattr_inode_iget:437: comm syz.5.3415: inode #4222111367: comm syz.5.3415: iget: illegal inode # [ 184.616089][T19322] EXT4-fs (loop5): Remounting filesystem read-only [ 184.623093][T19322] EXT4-fs warning (device loop5): ext4_xattr_block_set:2190: inode #20: comm syz.5.3415: dec ref error=-30 [ 184.637690][T19336] loop3: detected capacity change from 0 to 1024 [ 184.648499][T14468] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.655185][T19336] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 184.673695][T19340] loop2: detected capacity change from 0 to 512 [ 184.680683][T19340] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 184.695819][T19340] EXT4-fs (loop2): 1 truncate cleaned up [ 184.706501][T19336] EXT4-fs error (device loop3): ext4_xattr_inode_iget:437: comm syz.3.3420: inode #4222111367: comm syz.3.3420: iget: illegal inode # [ 184.709028][T19340] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 184.734489][T19336] EXT4-fs (loop3): Remounting filesystem read-only [ 184.736440][T19346] xt_hashlimit: max too large, truncated to 1048576 [ 184.745846][T19336] EXT4-fs warning (device loop3): ext4_xattr_block_set:2190: inode #20: comm syz.3.3420: dec ref error=-30 [ 184.761621][T19340] EXT4-fs error (device loop2): __ext4_iget:5379: inode #12: block 2: comm syz.2.3418: invalid block [ 184.765984][T19336] pimreg: left allmulticast mode [ 184.798561][T19346] syzkaller0: entered promiscuous mode [ 184.804132][T19346] syzkaller0: entered allmulticast mode [ 184.850161][ T4302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.964276][T19361] loop8: detected capacity change from 78 to 79 [ 185.092350][T19358] chnl_net:caif_netlink_parms(): no params data found [ 185.138934][T19516] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3428'. [ 185.158475][T19358] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.165848][T19358] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.173127][T19358] bridge_slave_0: entered allmulticast mode [ 185.175683][T19531] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 185.180193][T19358] bridge_slave_0: entered promiscuous mode [ 185.192913][T19358] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.200264][T19358] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.207681][T19358] bridge_slave_1: entered allmulticast mode [ 185.214350][T19358] bridge_slave_1: entered promiscuous mode [ 185.242228][ T3452] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.257038][T19358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.258226][T19566] xt_hashlimit: max too large, truncated to 1048576 [ 185.276818][T19358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.306736][ T3452] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.319026][T19358] team0: Port device team_slave_0 added [ 185.326174][T19358] team0: Port device team_slave_1 added [ 185.360177][T19566] syzkaller0: entered promiscuous mode [ 185.365787][T19566] syzkaller0: entered allmulticast mode [ 185.381639][T19358] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.389600][T19358] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.415646][T19358] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 185.429607][ T3452] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.441960][T15782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.458020][T19358] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 185.465144][T19358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.491204][T19358] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 185.532957][ T3452] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.565129][T19358] hsr_slave_0: entered promiscuous mode [ 185.578189][T19358] hsr_slave_1: entered promiscuous mode [ 185.584984][T19358] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 185.592910][T19358] Cannot create hsr debugfs directory [ 185.648372][T19698] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 185.670516][ T3452] veth3: left allmulticast mode [ 185.675944][ T3452] bridge0: port 2(veth3) entered disabled state [ 185.684245][T19705] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3441'. [ 185.694843][T19714] validate_nla: 4 callbacks suppressed [ 185.694863][T19714] netlink: 'syz.0.3442': attribute type 1 has an invalid length. [ 185.695284][ T3452] ip6gretap1: left allmulticast mode [ 185.713837][ T3452] ip6gretap1: left promiscuous mode [ 185.719454][ T3452] bridge0: port 1(ip6gretap1) entered disabled state [ 185.736628][T19715] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3441'. [ 185.771721][ T3452] bond4 (unregistering): (slave gretap2): Releasing active interface [ 185.786144][ T3452] team0: Port device geneve1 removed [ 185.827960][ T3452] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 185.838251][ T3452] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 185.848636][ T3452] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 185.857820][ T3452] bond0 (unregistering): Released all slaves [ 185.868105][ T3452] bond1 (unregistering): Released all slaves [ 185.876621][ T3452] bond2 (unregistering): Released all slaves [ 185.885273][ T3452] bond3 (unregistering): Released all slaves [ 185.893965][ T3452] bond4 (unregistering): Released all slaves [ 185.902571][ T3452] bond5 (unregistering): Released all slaves [ 185.940333][T19714] 8021q: adding VLAN 0 to HW filter on device bond1 [ 185.951333][T19755] syz!: rxe_newlink: already configured on team_slave_0 [ 185.972323][T19716] 8021q: adding VLAN 0 to HW filter on device bond1 [ 185.982436][T19716] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 185.995565][T19716] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 186.033067][T19717] gretap1: entered promiscuous mode [ 186.069289][T19717] bond1: (slave gretap1): making interface the new active one [ 186.092996][T19717] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 186.116142][T19718] bond1: (slave vlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 186.172097][T19779] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3450'. [ 186.200515][ T3452] hsr_slave_0: left promiscuous mode [ 186.213808][ T3452] hsr_slave_1: left promiscuous mode [ 186.215604][T19804] loop5: detected capacity change from 0 to 1024 [ 186.220346][ T3452] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 186.232967][ T3452] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 186.245529][ T3452] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 186.253316][ T3452] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 186.264091][T19804] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 186.277562][ T3452] veth1_macvtap: left promiscuous mode [ 186.283181][ T3452] veth0_macvtap: left promiscuous mode [ 186.284418][T19804] EXT4-fs error (device loop5): ext4_xattr_inode_iget:437: comm syz.5.3451: inode #4222111367: comm syz.5.3451: iget: illegal inode # [ 186.289310][ T3452] veth1_vlan: left promiscuous mode [ 186.304035][T19804] EXT4-fs (loop5): Remounting filesystem read-only [ 186.309418][ T3452] veth0_vlan: left promiscuous mode [ 186.314709][T19804] EXT4-fs warning (device loop5): ext4_xattr_block_set:2190: inode #20: comm syz.5.3451: dec ref error=-30 [ 186.339636][T19813] random: crng reseeded on system resumption [ 186.360252][T14468] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.469239][ T3452] team0 (unregistering): Port device team_slave_1 removed [ 186.476115][T19821] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3453'. [ 186.485840][ T3452] team0 (unregistering): Port device team_slave_0 removed [ 186.575856][T19837] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3456'. [ 186.626246][ T29] kauditd_printk_skb: 268 callbacks suppressed [ 186.626265][ T29] audit: type=1326 audit(1750489975.337:46753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19834 comm="syz.2.3455" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f648535e929 code=0x0 [ 186.816505][T19867] random: crng reseeded on system resumption [ 186.862617][T19869] syzkaller0: entered promiscuous mode [ 186.868293][T19869] syzkaller0: entered allmulticast mode [ 186.930234][T19358] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 186.939326][T19358] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 186.948437][T19358] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 186.958744][T19358] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 186.985204][ T29] audit: type=1326 audit(1750489975.697:46754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19886 comm="syz.0.3465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdc7dde929 code=0x7ffc0000 [ 187.009134][ T29] audit: type=1326 audit(1750489975.697:46755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19886 comm="syz.0.3465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7fbdc7dde929 code=0x7ffc0000 [ 187.056376][T19358] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.067742][ T29] audit: type=1326 audit(1750489975.697:46756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19886 comm="syz.0.3465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdc7dde929 code=0x7ffc0000 [ 187.091567][ T29] audit: type=1326 audit(1750489975.697:46757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19886 comm="syz.0.3465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbdc7dde929 code=0x7ffc0000 [ 187.115142][ T29] audit: type=1326 audit(1750489975.697:46758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19886 comm="syz.0.3465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdc7dde929 code=0x7ffc0000 [ 187.117098][T19896] loop0: detected capacity change from 0 to 2048 [ 187.139143][ T29] audit: type=1326 audit(1750489975.697:46759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19886 comm="syz.0.3465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdc7dde929 code=0x7ffc0000 [ 187.170918][T19358] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.180365][ T29] audit: type=1326 audit(1750489975.857:46760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19897 comm="syz.4.3467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3f06ee929 code=0x7ffc0000 [ 187.180928][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.204002][ T29] audit: type=1326 audit(1750489975.857:46761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19897 comm="syz.4.3467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=279 compat=0 ip=0x7fa3f06ee929 code=0x7ffc0000 [ 187.211024][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.218245][T19896] EXT4-fs (loop0): failed to initialize system zone (-117) [ 187.234734][ T29] audit: type=1326 audit(1750489975.857:46762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19897 comm="syz.4.3467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3f06ee929 code=0x7ffc0000 [ 187.246261][T19896] EXT4-fs (loop0): mount failed [ 187.281075][T19358] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 187.291703][T19902] loop4: detected capacity change from 0 to 1024 [ 187.291652][T19358] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 187.312995][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.320288][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.336598][T19902] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: comm syz.4.3468: inode #4222111367: comm syz.4.3468: iget: illegal inode # [ 187.355428][T19902] EXT4-fs (loop4): Remounting filesystem read-only [ 187.362745][T19902] EXT4-fs warning (device loop4): ext4_xattr_block_set:2190: inode #20: comm syz.4.3468: dec ref error=-30 [ 187.390159][T19896] program syz.0.3466 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 187.414494][T19902] dvmrp1: entered allmulticast mode [ 187.422308][T19358] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.429694][T19902] dvmrp1: left allmulticast mode [ 187.489428][T19931] random: crng reseeded on system resumption [ 187.555141][T19938] netlink: 'syz.2.3474': attribute type 1 has an invalid length. [ 187.582192][T19945] syzkaller0: entered promiscuous mode [ 187.587965][T19945] syzkaller0: entered allmulticast mode [ 187.622459][T19938] 8021q: adding VLAN 0 to HW filter on device bond1 [ 187.636396][T19358] veth0_vlan: entered promiscuous mode [ 187.653588][T19952] 8021q: adding VLAN 0 to HW filter on device bond1 [ 187.666202][T19993] netlink: 'syz.0.3477': attribute type 10 has an invalid length. [ 187.666503][T19952] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 187.686151][T19952] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 187.711037][T19358] veth1_vlan: entered promiscuous mode [ 187.722653][T19938] gretap1: entered promiscuous mode [ 187.730214][T19938] bond1: (slave gretap1): making interface the new active one [ 187.738212][T19938] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 187.770369][T19358] veth0_macvtap: entered promiscuous mode [ 187.785053][T19358] veth1_macvtap: entered promiscuous mode [ 187.815390][T20009] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 187.825467][T19358] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 187.837134][T19358] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 187.846761][T19358] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.855895][T19358] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.864771][T19358] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.873752][T19358] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.000952][T20031] netlink: 'syz.3.3487': attribute type 1 has an invalid length. [ 188.095877][T20047] gretap1: entered promiscuous mode [ 188.396369][T20092] netlink: 'syz.0.3504': attribute type 1 has an invalid length. [ 188.414924][T20092] 8021q: adding VLAN 0 to HW filter on device bond2 [ 188.443049][T20092] 8021q: adding VLAN 0 to HW filter on device bond2 [ 188.456023][T20092] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 188.477357][T20092] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 188.523025][T20135] __nla_validate_parse: 3 callbacks suppressed [ 188.523048][T20135] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3506'. [ 188.609531][T20143] FAULT_INJECTION: forcing a failure. [ 188.609531][T20143] name failslab, interval 1, probability 0, space 0, times 0 [ 188.622394][T20143] CPU: 1 UID: 0 PID: 20143 Comm: syz.0.3508 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(voluntary) [ 188.622466][T20143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 188.622481][T20143] Call Trace: [ 188.622488][T20143] [ 188.622498][T20143] __dump_stack+0x1d/0x30 [ 188.622527][T20143] dump_stack_lvl+0xe8/0x140 [ 188.622553][T20143] dump_stack+0x15/0x1b [ 188.622576][T20143] should_fail_ex+0x265/0x280 [ 188.622630][T20143] should_failslab+0x8c/0xb0 [ 188.622740][T20143] kmem_cache_alloc_noprof+0x50/0x310 [ 188.622835][T20143] ? skb_clone+0x151/0x1f0 [ 188.622857][T20143] skb_clone+0x151/0x1f0 [ 188.622882][T20143] __netlink_deliver_tap+0x2c9/0x500 [ 188.623002][T20143] netlink_unicast+0x64c/0x670 [ 188.623047][T20143] netlink_sendmsg+0x58b/0x6b0 [ 188.623075][T20143] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.623179][T20143] __sock_sendmsg+0x142/0x180 [ 188.623211][T20143] ____sys_sendmsg+0x31e/0x4e0 [ 188.623311][T20143] ___sys_sendmsg+0x17b/0x1d0 [ 188.623405][T20143] __x64_sys_sendmsg+0xd4/0x160 [ 188.623511][T20143] x64_sys_call+0x2999/0x2fb0 [ 188.623536][T20143] do_syscall_64+0xd2/0x200 [ 188.623568][T20143] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 188.623599][T20143] ? clear_bhb_loop+0x40/0x90 [ 188.623665][T20143] ? clear_bhb_loop+0x40/0x90 [ 188.623690][T20143] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.623719][T20143] RIP: 0033:0x7fbdc7dde929 [ 188.623809][T20143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.623853][T20143] RSP: 002b:00007fbdc6447038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 188.623874][T20143] RAX: ffffffffffffffda RBX: 00007fbdc8005fa0 RCX: 00007fbdc7dde929 [ 188.623888][T20143] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004 [ 188.623902][T20143] RBP: 00007fbdc6447090 R08: 0000000000000000 R09: 0000000000000000 [ 188.623915][T20143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.623929][T20143] R13: 0000000000000000 R14: 00007fbdc8005fa0 R15: 00007ffe10c8f8d8 [ 188.623950][T20143] [ 188.850198][T20143] macsec1: entered allmulticast mode [ 188.885412][T20078] program syz.2.3500 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 189.180862][T20169] syzkaller0: entered promiscuous mode [ 189.186584][T20169] syzkaller0: entered allmulticast mode [ 189.366753][T20184] random: crng reseeded on system resumption [ 189.460818][T20190] loop5: detected capacity change from 0 to 8192 [ 189.493924][T20190] loop5: p2 p3 p4 [ 189.497827][T20190] loop5: p2 size 327551 extends beyond EOD, truncated [ 189.506468][T20190] loop5: p3 size 16776960 extends beyond EOD, truncated [ 189.515567][T20190] loop5: p4 size 3599499392 extends beyond EOD, truncated [ 189.585246][T20211] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 189.596022][T20211] bridge1: entered promiscuous mode [ 189.601319][T20211] bridge1: entered allmulticast mode [ 189.641213][T20215] loop5: detected capacity change from 0 to 1024 [ 189.648384][T20215] EXT4-fs (loop5): couldn't mount as ext3 due to feature incompatibilities [ 189.662475][T20218] xt_hashlimit: max too large, truncated to 1048576 [ 189.712264][T20218] syzkaller0: entered promiscuous mode [ 189.717858][T20218] syzkaller0: entered allmulticast mode [ 189.781995][T20236] loop3: detected capacity change from 0 to 1024 [ 189.851527][T20236] EXT4-fs error (device loop3): ext4_xattr_inode_iget:437: comm syz.3.3533: inode #4222111367: comm syz.3.3533: iget: illegal inode # [ 189.868207][T20236] EXT4-fs (loop3): Remounting filesystem read-only [ 189.876865][T20236] EXT4-fs warning (device loop3): ext4_xattr_block_set:2190: inode #20: comm syz.3.3533: dec ref error=-30 [ 189.890020][T20251] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3539'. [ 189.899412][T20251] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3539'. [ 189.921372][T20236] dvmrp1: entered allmulticast mode [ 189.927632][T20236] dvmrp1: left allmulticast mode [ 190.034488][T20273] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 190.087714][T20288] netlink: 'syz.2.3549': attribute type 1 has an invalid length. [ 190.099432][T20290] xt_hashlimit: max too large, truncated to 1048576 [ 190.158718][T20288] 8021q: adding VLAN 0 to HW filter on device bond2 [ 190.171704][T20333] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3553'. [ 190.196395][T20288] 8021q: adding VLAN 0 to HW filter on device bond2 [ 190.203980][T20288] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 190.216557][T20288] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 190.243116][T20343] loop4: detected capacity change from 0 to 1024 [ 190.256552][T20290] syzkaller0: entered promiscuous mode [ 190.262560][T20290] syzkaller0: entered allmulticast mode [ 190.277531][T20333] bond0: (slave bond_slave_0): Releasing backup interface [ 190.316557][T20343] dvmrp1: entered allmulticast mode [ 190.327303][T20343] dvmrp1: left allmulticast mode [ 190.419139][T20390] loop2: detected capacity change from 0 to 512 [ 190.428395][T20390] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.3556: casefold flag without casefold feature [ 190.462027][T20390] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.3556: couldn't read orphan inode 15 (err -117) [ 190.492276][T20394] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 190.517519][T20402] FAULT_INJECTION: forcing a failure. [ 190.517519][T20402] name failslab, interval 1, probability 0, space 0, times 0 [ 190.530258][T20402] CPU: 1 UID: 0 PID: 20402 Comm: syz.4.3557 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(voluntary) [ 190.530288][T20402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 190.530355][T20402] Call Trace: [ 190.530362][T20402] [ 190.530428][T20402] __dump_stack+0x1d/0x30 [ 190.530449][T20402] dump_stack_lvl+0xe8/0x140 [ 190.530467][T20402] dump_stack+0x15/0x1b [ 190.530483][T20402] should_fail_ex+0x265/0x280 [ 190.530517][T20402] ? rtnl_newlink+0x5c/0x12d0 [ 190.530679][T20402] should_failslab+0x8c/0xb0 [ 190.530708][T20402] __kmalloc_cache_noprof+0x4c/0x320 [ 190.530820][T20402] rtnl_newlink+0x5c/0x12d0 [ 190.530845][T20402] ? trie_lookup_elem+0x3c8/0x430 [ 190.530878][T20402] ? xfd_validate_state+0x45/0xf0 [ 190.530983][T20402] ? __rcu_read_unlock+0x34/0x70 [ 190.531008][T20402] ? bpf_trace_run3+0x12c/0x1d0 [ 190.531041][T20402] ? __kfree_skb+0x109/0x150 [ 190.531135][T20402] ? __kfree_skb+0x109/0x150 [ 190.531246][T20402] ? __traceiter_kmem_cache_free+0x38/0x60 [ 190.531272][T20402] ? __kfree_skb+0x109/0x150 [ 190.531306][T20402] ? __rcu_read_unlock+0x4f/0x70 [ 190.531348][T20402] ? avc_has_perm_noaudit+0x1b1/0x200 [ 190.531382][T20402] ? selinux_capable+0x1f9/0x270 [ 190.531464][T20402] ? security_capable+0x83/0x90 [ 190.531498][T20402] ? ns_capable+0x7d/0xb0 [ 190.531629][T20402] ? __pfx_rtnl_newlink+0x10/0x10 [ 190.531657][T20402] rtnetlink_rcv_msg+0x5fb/0x6d0 [ 190.531690][T20402] netlink_rcv_skb+0x120/0x220 [ 190.531788][T20402] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 190.531819][T20402] rtnetlink_rcv+0x1c/0x30 [ 190.531840][T20402] netlink_unicast+0x5a1/0x670 [ 190.531910][T20402] netlink_sendmsg+0x58b/0x6b0 [ 190.531936][T20402] ? __pfx_netlink_sendmsg+0x10/0x10 [ 190.531957][T20402] __sock_sendmsg+0x142/0x180 [ 190.532051][T20402] ____sys_sendmsg+0x345/0x4e0 [ 190.532088][T20402] ___sys_sendmsg+0x17b/0x1d0 [ 190.532238][T20402] __sys_sendmmsg+0x178/0x300 [ 190.532266][T20402] __x64_sys_sendmmsg+0x57/0x70 [ 190.532289][T20402] x64_sys_call+0x2f2f/0x2fb0 [ 190.532316][T20402] do_syscall_64+0xd2/0x200 [ 190.532395][T20402] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 190.532419][T20402] ? clear_bhb_loop+0x40/0x90 [ 190.532444][T20402] ? clear_bhb_loop+0x40/0x90 [ 190.532472][T20402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.532577][T20402] RIP: 0033:0x7fa3f06ee929 [ 190.532594][T20402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.532617][T20402] RSP: 002b:00007fa3eed57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 190.532640][T20402] RAX: ffffffffffffffda RBX: 00007fa3f0915fa0 RCX: 00007fa3f06ee929 [ 190.532690][T20402] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 000000000000000e [ 190.532702][T20402] RBP: 00007fa3eed57090 R08: 0000000000000000 R09: 0000000000000000 [ 190.532725][T20402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.532737][T20402] R13: 0000000000000000 R14: 00007fa3f0915fa0 R15: 00007fffcee18be8 [ 190.532761][T20402] [ 190.984178][T20437] netlink: 'syz.0.3570': attribute type 1 has an invalid length. [ 190.993008][T20440] netlink: 'syz.2.3571': attribute type 21 has an invalid length. [ 191.001080][T20440] IPv6: NLM_F_CREATE should be specified when creating new route [ 191.008864][T20437] 8021q: adding VLAN 0 to HW filter on device bond3 [ 191.024373][T20437] 8021q: adding VLAN 0 to HW filter on device bond3 [ 191.032049][T20437] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 191.060248][T20437] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 191.148806][T20495] netlink: 'syz.2.3573': attribute type 8 has an invalid length. [ 191.573184][T20529] loop4: detected capacity change from 0 to 512 [ 191.582069][T20529] ext4 filesystem being mounted at /73/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 191.588816][T20532] FAULT_INJECTION: forcing a failure. [ 191.588816][T20532] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 191.596317][T20529] FAULT_INJECTION: forcing a failure. [ 191.596317][T20529] name failslab, interval 1, probability 0, space 0, times 0 [ 191.605391][T20532] CPU: 1 UID: 0 PID: 20532 Comm: syz.0.3582 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(voluntary) [ 191.605431][T20532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 191.605457][T20532] Call Trace: [ 191.605467][T20532] [ 191.605478][T20532] __dump_stack+0x1d/0x30 [ 191.605509][T20532] dump_stack_lvl+0xe8/0x140 [ 191.605604][T20532] dump_stack+0x15/0x1b [ 191.605627][T20532] should_fail_ex+0x265/0x280 [ 191.605671][T20532] should_fail+0xb/0x20 [ 191.605708][T20532] should_fail_usercopy+0x1a/0x20 [ 191.605754][T20532] _copy_from_user+0x1c/0xb0 [ 191.605823][T20532] ___sys_recvmsg+0xaa/0x370 [ 191.605867][T20532] do_recvmmsg+0x1ef/0x540 [ 191.605917][T20532] ? fput+0x8f/0xc0 [ 191.605952][T20532] __x64_sys_recvmmsg+0xe5/0x170 [ 191.605995][T20532] x64_sys_call+0x1c6a/0x2fb0 [ 191.606021][T20532] do_syscall_64+0xd2/0x200 [ 191.606039][T20532] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 191.606063][T20532] ? clear_bhb_loop+0x40/0x90 [ 191.606172][T20532] ? clear_bhb_loop+0x40/0x90 [ 191.606202][T20532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.606231][T20532] RIP: 0033:0x7fbdc7dde929 [ 191.606274][T20532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.606299][T20532] RSP: 002b:00007fbdc6426038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 191.606325][T20532] RAX: ffffffffffffffda RBX: 00007fbdc8006080 RCX: 00007fbdc7dde929 [ 191.606343][T20532] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003 [ 191.606361][T20532] RBP: 00007fbdc6426090 R08: 0000000000000000 R09: 0000000000000000 [ 191.606376][T20532] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 191.606393][T20532] R13: 0000000000000001 R14: 00007fbdc8006080 R15: 00007ffe10c8f8d8 [ 191.606489][T20532] [ 191.661924][ T29] kauditd_printk_skb: 226 callbacks suppressed [ 191.661944][ T29] audit: type=1326 audit(1750489980.367:46987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20526 comm="syz.3.3583" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4d2ffee929 code=0x0 [ 191.664833][T20529] CPU: 0 UID: 0 PID: 20529 Comm: syz.4.3584 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(voluntary) [ 191.664865][T20529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 191.664880][T20529] Call Trace: [ 191.664889][T20529] [ 191.664898][T20529] __dump_stack+0x1d/0x30 [ 191.664963][T20529] dump_stack_lvl+0xe8/0x140 [ 191.664993][T20529] dump_stack+0x15/0x1b [ 191.665017][T20529] should_fail_ex+0x265/0x280 [ 191.665062][T20529] should_failslab+0x8c/0xb0 [ 191.665096][T20529] __kmalloc_noprof+0xa5/0x3e0 [ 191.665170][T20529] ? qtree_write_dquot+0x70/0x300 [ 191.665208][T20529] qtree_write_dquot+0x70/0x300 [ 191.665309][T20529] ? __pfx_ext4_quota_write+0x10/0x10 [ 191.665348][T20529] ? spurious_kernel_fault+0xf4/0x4a0 [ 191.665398][T20529] v2_write_dquot+0xda/0x140 [ 191.665481][T20529] dquot_commit+0x21c/0x260 [ 191.665553][T20529] ext4_write_dquot+0x126/0x1d0 [ 191.665670][T20529] ext4_mark_dquot_dirty+0x95/0xd0 [ 191.665710][T20529] __dquot_alloc_space+0x7cd/0x8a0 [ 191.665750][T20529] ext4_mb_new_blocks+0x91b/0x2050 [ 191.665783][T20529] ? ext4_ext_search_right+0x30b/0x4f0 [ 191.665859][T20529] ? ext4_inode_to_goal_block+0x1be/0x1e0 [ 191.665897][T20529] ext4_ext_map_blocks+0xff5/0x38a0 [ 191.665969][T20529] ext4_map_blocks+0x61c/0xd70 [ 191.666010][T20529] _ext4_get_block+0x10a/0x350 [ 191.666041][T20529] ext4_get_block_unwritten+0x2a/0xb0 [ 191.666071][T20529] ext4_block_write_begin+0x3d3/0xa60 [ 191.666108][T20529] ? __pfx_ext4_get_block_unwritten+0x10/0x10 [ 191.666192][T20529] ? folio_mapping+0xb9/0x120 [ 191.666230][T20529] ext4_write_begin+0x56b/0xd30 [ 191.666283][T20529] ext4_da_write_begin+0x1e0/0x670 [ 191.666394][T20529] ? balance_dirty_pages_ratelimited_flags+0x40b/0x5e0 [ 191.666482][T20529] generic_perform_write+0x184/0x490 [ 191.666528][T20529] ext4_buffered_write_iter+0x1ee/0x3c0 [ 191.666562][T20529] ? ext4_file_write_iter+0xfe/0xf00 [ 191.666666][T20529] ext4_file_write_iter+0x383/0xf00 [ 191.666697][T20529] ? kstrtouint_from_user+0x9f/0xf0 [ 191.666741][T20529] ? avc_policy_seqno+0x15/0x30 [ 191.666775][T20529] ? selinux_file_permission+0x1e4/0x320 [ 191.666855][T20529] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 191.666885][T20529] vfs_write+0x4a0/0x8e0 [ 191.666945][T20529] ksys_write+0xda/0x1a0 [ 191.666970][T20529] __x64_sys_write+0x40/0x50 [ 191.667062][T20529] x64_sys_call+0x2cdd/0x2fb0 [ 191.667093][T20529] do_syscall_64+0xd2/0x200 [ 191.667117][T20529] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 191.667154][T20529] ? clear_bhb_loop+0x40/0x90 [ 191.667183][T20529] ? clear_bhb_loop+0x40/0x90 [ 191.667248][T20529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.667278][T20529] RIP: 0033:0x7fa3f06ee929 [ 191.667299][T20529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.667341][T20529] RSP: 002b:00007fa3eed57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 191.667368][T20529] RAX: ffffffffffffffda RBX: 00007fa3f0915fa0 RCX: 00007fa3f06ee929 [ 191.667386][T20529] RDX: 000000000208e24b RSI: 00002000000004c0 RDI: 0000000000000004 [ 191.667433][T20529] RBP: 00007fa3eed57090 R08: 0000000000000000 R09: 0000000000000000 [ 191.667450][T20529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 191.667467][T20529] R13: 0000000000000000 R14: 00007fa3f0915fa0 R15: 00007fffcee18be8 [ 191.667510][T20529] [ 191.667530][T20529] EXT4-fs error (device loop4): ext4_write_dquot:6913: comm syz.4.3584: Failed to commit dquot type 1 [ 191.740742][ T29] audit: type=1400 audit(1750489980.447:46988): avc: denied { create } for pid=20526 comm="syz.3.3583" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 191.756371][T20529] EXT4-fs (loop4): Remounting filesystem read-only [ 191.780767][T20536] netlink: 'syz.5.3585': attribute type 1 has an invalid length. [ 192.003351][ T29] audit: type=1326 audit(1750489980.697:46989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz.2.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 192.077524][T20549] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 192.080984][ T29] audit: type=1326 audit(1750489980.697:46990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz.2.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 192.266375][ T29] audit: type=1326 audit(1750489980.697:46991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz.2.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 192.290190][ T29] audit: type=1326 audit(1750489980.697:46992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz.2.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 192.313835][ T29] audit: type=1326 audit(1750489980.697:46993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz.2.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 192.337560][ T29] audit: type=1326 audit(1750489980.697:46994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz.2.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 192.361278][ T29] audit: type=1326 audit(1750489980.697:46995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz.2.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 192.385171][ T29] audit: type=1326 audit(1750489980.697:46996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20545 comm="syz.2.3587" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f648535e929 code=0x7ffc0000 [ 192.427870][T20536] 8021q: adding VLAN 0 to HW filter on device bond2 [ 192.518851][T20608] syz!: rxe_newlink: already configured on team_slave_0 [ 192.529837][T20610] xt_hashlimit: max too large, truncated to 1048576 [ 192.595226][T20616] random: crng reseeded on system resumption [ 192.653941][T20620] loop2: detected capacity change from 0 to 1024 [ 192.681179][T20626] FAULT_INJECTION: forcing a failure. [ 192.681179][T20626] name failslab, interval 1, probability 0, space 0, times 0 [ 192.681206][T20610] syzkaller0: entered promiscuous mode [ 192.681227][T20610] syzkaller0: entered allmulticast mode [ 192.693898][T20626] CPU: 0 UID: 0 PID: 20626 Comm: syz.3.3601 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(voluntary) [ 192.693936][T20626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 192.694018][T20626] Call Trace: [ 192.694027][T20626] [ 192.694040][T20626] __dump_stack+0x1d/0x30 [ 192.694071][T20626] dump_stack_lvl+0xe8/0x140 [ 192.694100][T20626] dump_stack+0x15/0x1b [ 192.694123][T20626] should_fail_ex+0x265/0x280 [ 192.694166][T20626] ? __se_sys_mount+0xef/0x2e0 [ 192.694236][T20626] should_failslab+0x8c/0xb0 [ 192.694269][T20626] __kmalloc_cache_noprof+0x4c/0x320 [ 192.694350][T20626] ? memdup_user+0x99/0xd0 [ 192.694385][T20626] __se_sys_mount+0xef/0x2e0 [ 192.694409][T20626] ? fput+0x8f/0xc0 [ 192.694457][T20626] ? ksys_write+0x192/0x1a0 [ 192.694483][T20626] __x64_sys_mount+0x67/0x80 [ 192.694547][T20626] x64_sys_call+0xd36/0x2fb0 [ 192.694577][T20626] do_syscall_64+0xd2/0x200 [ 192.694603][T20626] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 192.694706][T20626] ? clear_bhb_loop+0x40/0x90 [ 192.694735][T20626] ? clear_bhb_loop+0x40/0x90 [ 192.694766][T20626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.694830][T20626] RIP: 0033:0x7f4d2ffee929 [ 192.694853][T20626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.694895][T20626] RSP: 002b:00007f4d2e657038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 192.694921][T20626] RAX: ffffffffffffffda RBX: 00007f4d30215fa0 RCX: 00007f4d2ffee929 [ 192.694939][T20626] RDX: 00002000000002c0 RSI: 0000200000000280 RDI: 0000200000000100 [ 192.694957][T20626] RBP: 00007f4d2e657090 R08: 0000200000000300 R09: 0000000000000000 [ 192.694975][T20626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 192.694991][T20626] R13: 0000000000000000 R14: 00007f4d30215fa0 R15: 00007ffe410f2738 [ 192.695018][T20626] [ 192.902311][T20620] dvmrp1: entered allmulticast mode [ 192.907929][T20636] dvmrp1: left allmulticast mode [ 192.969503][T20640] syzkaller0: entered promiscuous mode [ 192.975178][T20640] syzkaller0: entered allmulticast mode [ 193.015116][T20654] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 193.031840][T20656] netlink: 'syz.2.3607': attribute type 1 has an invalid length. [ 193.053845][T20656] 8021q: adding VLAN 0 to HW filter on device bond3 [ 193.061074][T20659] loop0: detected capacity change from 0 to 1024 [ 193.086315][T20656] 8021q: adding VLAN 0 to HW filter on device bond3 [ 193.097991][T20656] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 193.117231][T20656] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 193.138917][T20700] loop3: detected capacity change from 0 to 2048 [ 193.153586][T20659] dvmrp1: entered allmulticast mode [ 193.156110][T20700] EXT4-fs (loop3): failed to initialize system zone (-117) [ 193.166486][T20700] EXT4-fs (loop3): mount failed [ 193.175908][T20705] dvmrp1: left allmulticast mode [ 193.185219][T20700] program syz.3.3609 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 193.273969][T20727] random: crng reseeded on system resumption [ 193.310154][T20726] hub 8-0:1.0: USB hub found [ 193.315208][T20726] hub 8-0:1.0: 8 ports detected [ 193.324975][T20726] SELinux: syz.3.3613 (20726) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 193.342148][T20736] xt_hashlimit: max too large, truncated to 1048576 [ 193.389534][T20736] syzkaller0: entered promiscuous mode [ 193.395113][T20736] syzkaller0: entered allmulticast mode [ 193.458682][T20753] netlink: 'syz.2.3621': attribute type 1 has an invalid length. [ 193.468675][T20747] syzkaller0: entered promiscuous mode [ 193.474434][T20747] syzkaller0: entered allmulticast mode [ 193.492336][T20756] loop3: detected capacity change from 0 to 512 [ 193.501469][T20756] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 193.515501][T20756] EXT4-fs (loop3): 1 truncate cleaned up [ 193.529015][T20756] EXT4-fs error (device loop3): __ext4_iget:5379: inode #12: block 2: comm syz.3.3617: invalid block [ 193.530868][T20753] 8021q: adding VLAN 0 to HW filter on device bond4 [ 193.567911][T20768] loop4: detected capacity change from 0 to 2048 [ 193.585064][T20761] 8021q: adding VLAN 0 to HW filter on device bond4 [ 193.592761][T20761] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address [ 193.607596][T20768] EXT4-fs (loop4): failed to initialize system zone (-117) [ 193.615478][T20768] EXT4-fs (loop4): mount failed [ 193.618369][T20761] bond4: (slave vxcan3): Error -95 calling set_mac_address [ 193.649843][T20813] random: crng reseeded on system resumption [ 193.659921][T20768] program syz.4.3622 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 193.689943][T20815] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 193.792942][T20834] xt_hashlimit: max too large, truncated to 1048576 [ 193.849037][T20841] syzkaller0: entered promiscuous mode [ 193.854626][T20841] syzkaller0: entered allmulticast mode [ 193.902168][T20834] syzkaller0: entered promiscuous mode [ 193.907839][T20834] syzkaller0: entered allmulticast mode [ 193.967424][T20859] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 193.993769][T20861] loop5: detected capacity change from 0 to 2048 [ 194.017292][T20861] EXT4-fs (loop5): failed to initialize system zone (-117) [ 194.043075][T20861] EXT4-fs (loop5): mount failed [ 194.061029][T20874] netlink: 'syz.2.3645': attribute type 1 has an invalid length. [ 194.080790][T20861] program syz.5.3640 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 194.081925][T20874] 8021q: adding VLAN 0 to HW filter on device bond5 [ 194.112333][T20874] 8021q: adding VLAN 0 to HW filter on device bond5 [ 194.120009][T20874] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address [ 194.132357][T20874] bond5: (slave vxcan3): Error -95 calling set_mac_address [ 194.155039][T20918] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3646'. [ 194.282884][T20943] loop2: detected capacity change from 0 to 2048 [ 194.298485][T20948] syz!: rxe_newlink: already configured on team_slave_0 [ 194.307259][T20943] EXT4-fs (loop2): failed to initialize system zone (-117) [ 194.314721][T20943] EXT4-fs (loop2): mount failed [ 194.329702][T20947] syzkaller0: entered promiscuous mode [ 194.335504][T20947] syzkaller0: entered allmulticast mode [ 194.369854][T20958] xt_hashlimit: max too large, truncated to 1048576 [ 194.380725][T20956] loop2: detected capacity change from 0 to 1024 [ 194.414834][T20958] syzkaller0: entered promiscuous mode [ 194.420366][T20958] syzkaller0: entered allmulticast mode [ 194.433409][T20956] dvmrp1: entered allmulticast mode [ 194.441429][T20956] dvmrp1: left allmulticast mode [ 194.582259][T20992] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 194.641350][T20999] xt_hashlimit: max too large, truncated to 1048576 [ 194.711565][T21008] netlink: 'syz.3.3672': attribute type 8 has an invalid length. [ 194.714839][T20999] syzkaller0: entered promiscuous mode [ 194.725099][T20999] syzkaller0: entered allmulticast mode [ 194.888593][T21032] syzkaller0: entered promiscuous mode [ 194.894180][T21032] syzkaller0: entered allmulticast mode [ 194.999530][T21044] netlink: 'syz.0.3684': attribute type 1 has an invalid length. [ 195.018233][T21051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3687'. [ 195.029880][T21051] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3687'. [ 195.055478][T21044] 8021q: adding VLAN 0 to HW filter on device bond4 [ 195.077990][T21079] 8021q: adding VLAN 0 to HW filter on device bond4 [ 195.088051][T21079] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address [ 195.115297][T21079] bond4: (slave vxcan3): Error -95 calling set_mac_address [ 195.219935][T21106] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3688'. [ 195.312086][T21116] Falling back ldisc for ptm0. [ 195.421583][T21135] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 195.534017][T21166] loop4: detected capacity change from 0 to 2048 [ 195.592117][T21166] EXT4-fs (loop4): failed to initialize system zone (-117) [ 195.599972][T21166] EXT4-fs (loop4): mount failed [ 195.657438][T21180] netlink: 'syz.0.3705': attribute type 1 has an invalid length. [ 195.664465][T21166] program syz.4.3702 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 195.681698][T21180] 8021q: adding VLAN 0 to HW filter on device bond5 [ 195.705694][T21180] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3705'. [ 195.725516][T21180] bond5 (unregistering): Released all slaves [ 195.820266][T21248] loop5: detected capacity change from 0 to 1024 [ 195.838543][T21255] random: crng reseeded on system resumption [ 195.862313][T21248] EXT4-fs mount: 18 callbacks suppressed [ 195.862354][T21248] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 195.895499][T21248] dvmrp1: entered allmulticast mode [ 195.901652][T21248] dvmrp1: left allmulticast mode [ 196.020107][T21283] loop0: detected capacity change from 0 to 2048 [ 196.045113][T14468] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.084018][T21283] EXT4-fs (loop0): failed to initialize system zone (-117) [ 196.110852][T21298] xt_hashlimit: max too large, truncated to 1048576 [ 196.119115][T21283] EXT4-fs (loop0): mount failed [ 196.140391][T21283] program syz.0.3718 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 196.188353][T21301] syzkaller0: entered promiscuous mode [ 196.194074][T21301] syzkaller0: entered allmulticast mode [ 196.256222][T21308] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3724'. [ 196.293800][T21309] netlink: 'syz.4.3725': attribute type 1 has an invalid length. [ 196.317195][T21311] random: crng reseeded on system resumption [ 196.336629][T21309] 8021q: adding VLAN 0 to HW filter on device bond1 [ 196.348975][T21309] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3725'. [ 196.368983][T21309] bond1 (unregistering): Released all slaves [ 196.407831][T21354] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3729'. [ 196.417844][T21354] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3729'. [ 196.432224][T21388] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 196.456985][T21391] loop5: detected capacity change from 0 to 1024 [ 196.490316][T21398] loop0: detected capacity change from 0 to 2048 [ 196.492330][T21403] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3736'. [ 196.500552][T21402] netlink: 'syz.4.3735': attribute type 1 has an invalid length. [ 196.532387][T21391] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.532566][T21402] 8021q: adding VLAN 0 to HW filter on device bond1 [ 196.552461][ T51] ================================================================== [ 196.560559][ T51] BUG: KCSAN: data-race in alloc_pid / copy_process [ 196.567170][ T51] [ 196.569505][ T51] read-write to 0xffffffff86860860 of 4 bytes by task 31 on cpu 1: [ 196.578459][ T51] alloc_pid+0x539/0x720 [ 196.582729][ T51] copy_process+0xe0e/0x1fe0 [ 196.587349][ T51] kernel_clone+0x16c/0x5b0 [ 196.591901][ T51] user_mode_thread+0x7d/0xb0 [ 196.596618][ T51] call_usermodehelper_exec_work+0x41/0x160 [ 196.602542][ T51] process_scheduled_works+0x4ce/0x9d0 [ 196.608026][ T51] worker_thread+0x582/0x770 [ 196.612653][ T51] kthread+0x486/0x510 [ 196.616747][ T51] ret_from_fork+0xdd/0x150 [ 196.621266][ T51] ret_from_fork_asm+0x1a/0x30 [ 196.626051][ T51] [ 196.628395][ T51] read to 0xffffffff86860860 of 4 bytes by task 51 on cpu 0: [ 196.635770][ T51] copy_process+0x148f/0x1fe0 [ 196.640498][ T51] kernel_clone+0x16c/0x5b0 [ 196.645020][ T51] user_mode_thread+0x7d/0xb0 [ 196.649763][ T51] call_usermodehelper_exec_work+0x41/0x160 [ 196.655681][ T51] process_scheduled_works+0x4ce/0x9d0 [ 196.661169][ T51] worker_thread+0x582/0x770 [ 196.665781][ T51] kthread+0x486/0x510 [ 196.669860][ T51] ret_from_fork+0xdd/0x150 [ 196.674393][ T51] ret_from_fork_asm+0x1a/0x30 [ 196.679213][ T51] [ 196.681542][ T51] value changed: 0x800000f7 -> 0x800000f8 [ 196.687265][ T51] [ 196.689596][ T51] Reported by Kernel Concurrency Sanitizer on: [ 196.695763][ T51] CPU: 0 UID: 0 PID: 51 Comm: kworker/u8:3 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(voluntary) [ 196.708192][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 196.718260][ T51] Workqueue: events_unbound call_usermodehelper_exec_work [ 196.725423][ T51] ================================================================== [ 196.748510][T21442] 8021q: adding VLAN 0 to HW filter on device bond1 [ 196.754306][T21398] EXT4-fs (loop0): failed to initialize system zone (-117) [ 196.756622][T21442] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 196.762580][T21398] EXT4-fs (loop0): mount failed [ 196.776188][T21442] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 196.797817][T21391] dvmrp1: entered allmulticast mode [ 196.811578][T21458] dvmrp1: left allmulticast mode [ 196.874894][T14468] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.