last executing test programs: 2.016012372s ago: executing program 2 (id=2628): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x82000, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x3, 0xc06a2f6, 0x1, 0x7}, 0x6, 0x0, 0xa, 0x4, 0x6, 0x8, 0x18, 0x9, 0x3, 0x4, {0x0, 0x2, 0x9, 0x800, 0x8704, 0x27000000}}}}]}, 0x78}}, 0x0) 1.978187843s ago: executing program 2 (id=2630): getpeername$packet(0xffffffffffffffff, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000440)=0x14) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="00000a000000b38cf9e700000000000000008eea", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x18) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1, 0x0, 0x0, 0xff0f0000}, 0x20004000) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[], 0x50) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/anycast6\x00') pread64(r4, &(0x7f0000000580)=""/155, 0x9b, 0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x9, &(0x7f0000000a00)=ANY=[@ANYBLOB="13693c00fc3b58e32b2632e4d32a0000", @ANYRES64=r3, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000c093b9908500000082000000"], 0x0, 0x1, 0x0, 0x0, 0x41100, 0x1e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x18) 1.831130166s ago: executing program 2 (id=2631): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0) ftruncate(r0, 0xc17a) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000380)='kfree\x00', r1}, 0x18) r2 = io_uring_setup(0x3eab, &(0x7f0000000080)={0x0, 0x0, 0x800, 0x2, 0x2aa}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 1.579735299s ago: executing program 2 (id=2640): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xffeffffffffffffa]}, 0x8, 0x0) io_setup(0x206, &(0x7f0000000200)=0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000020850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) io_submit(r0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x7f, 0x7ffc0002}]}) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0xfffffffb, 0x0, 0x0, 0x40f00, 0x42, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_GET_TARGET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x44}}, 0x0) 1.441719521s ago: executing program 0 (id=2642): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000840)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setrlimit(0x9, &(0x7f0000000000)) io_setup(0x2004, &(0x7f0000000680)) 1.417061231s ago: executing program 1 (id=2644): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x8010000}, 0x18) r2 = socket$inet(0x10, 0x3, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r4}, 0x10) mount$9p_tcp(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080), 0x800000, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=tcp']) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r5, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x22, 0x1, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x94}}, 0x0) 1.384028662s ago: executing program 0 (id=2645): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) timerfd_gettime(0xffffffffffffffff, 0x0) 1.355947322s ago: executing program 1 (id=2646): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000020850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) r3 = openat$selinux_policy(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r4, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000440)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x3a}, 0x5}, 0x1c, 0x0}}], 0x1, 0x10) sendto$inet6(r4, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f0000000440)=ANY=[], 0x9) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000300), 0x8) sendmsg$NFT_MSG_GETSETELEM(r3, 0x0, 0x20008053) getsockopt$inet6_opts(r4, 0x29, 0x3b, &(0x7f0000000340)=""/189, &(0x7f0000000180)=0xbd) r5 = io_uring_setup(0x1694, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x6e3389f2f81908b8, &(0x7f0000003000/0x1000)=nil) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r5, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4096, 0x1a00}], 0x0, 0x11a}, 0x20) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f00000002c0)=[{0x6}]}, 0x10) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="8000102e7577d4", 0x7}], 0x1}}], 0x1, 0x4000084) r6 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r6, &(0x7f0000000440), 0x10) listen(r6, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000640)="98", 0x1}], 0x1) r7 = accept4$unix(r6, 0x0, 0x0, 0x0) recvmmsg(r7, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000003380)=[{&(0x7f0000000140)=""/120, 0x78}, {&(0x7f0000000040)=""/40, 0x28}, {&(0x7f0000003300)=""/107, 0x6b}], 0x3}}], 0x4000000000000a1, 0x2, 0x0) recvfrom$unix(r7, &(0x7f00000002c0)=""/236, 0xec, 0x10120, 0x0, 0x0) 1.114631975s ago: executing program 0 (id=2647): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000000), 0x0) 1.068664946s ago: executing program 2 (id=2650): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) 1.048069266s ago: executing program 0 (id=2651): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000300)='kfree\x00', r1, 0x0, 0x8000}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000140)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x25dfdbfd, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{}, {0x0, 0x0, 0x0, 0xffffffff}, {0x3, 0x4, 0x20, 0x1000000}, {0x0, 0x2}, {0x0, 0x0, 0x0, 0x2}, {}, {0x6}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x7, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0) 976.070647ms ago: executing program 0 (id=2652): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) setsockopt$sock_int(r2, 0x1, 0x29, &(0x7f0000000300)=0x20, 0x4) recvmmsg(r2, &(0x7f0000001840)=[{{0x0, 0x0, 0x0}, 0x1ff}], 0x1, 0x40002000, 0x0) write$binfmt_misc(r2, &(0x7f0000000300), 0x6) perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xa4, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = dup(r3) write$UHID_INPUT(r4, &(0x7f0000001040)={0xa, {"a2e3ad214fc752f91b2909004bf70e0dd038e7ff7fc6e5539b326c078b089b3b083844090890e0878f0e1ac6e7049b3d6d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b333b0d076c0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0afc9397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6258742317662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab96b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e0088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76ccc2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c826467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb204466cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2e57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849d11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f9d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f0712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073da5b0000d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1ccced94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89234b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d876a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x6, 0x0) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000440)=""/173) fstat(r1, &(0x7f0000000000)) ioctl$PIO_UNIMAPCLR(r4, 0x4b68, &(0x7f00000003c0)={0x205, 0x6, 0x3}) syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file0\x00', 0x2000414, &(0x7f0000000340)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2a1, &(0x7f0000000540)="$eJzs3MFqE18Ux/Hzb/pv0pQ2EURQUA+60c3QxgfQIC2IAaU2RV0IUzvRkDEpM0MlIjYbcetzFJfuBPUFuhE37t0VQXDThTjiTKZN2rSmbdLE9PuBck9y7o+5bdNyUuis3339pFRwjYLpyVBCZUikJhsi6T9V3X/1dSioR6RRTS6P/fhy9s69+zezudz0rOpMdu5KRlUnzr9/+vzNhY/e2PzbiXdxWUs/WP+e+bp2au30+q+5x0VXi66WK56aulCpeOaCbeli0S0Zqrdty3QtLZZdy2nqF+zK0lJVzfLieHLJsVxXzXJVS1ZVvYp6TlXNR2axrIZh6HhSjrfhNvbkV2dnzeyubT/W0ROh60ZbPek42VrrZn71CM4EAAD6zN7zfzjr7z7/5+bDtcPzvwjzf5fUmh79Zf7HQHCcrJms//w2Y/4HAAAAAAAAAAAAAAAAAAAAAOBfsOH7Kd/3U9EafcRFJCEi0eNenxPdccDv/9UeHRcd1vCPewkR+9VyfjkfrmE/W5Ci2GLJpKTkZ/B6qAvrmRu56UkNpOWDvVLPryznYxKP8pF0q/y5E1NhXpvz/0uy8foZScnJ1tfPtMyPyKWLDXlDUvLpoVTElsXgdb2VfzGlev1Wblt+NNgHAAAAAMAgMHTTjvfvQT/YkJCd/TC/j78PbHt/PSxn2rlFJQAAAAAAODS3+qxk2rblHKCIi8gh4oNaxKQvjrGtuCYifXCMoyoSIhI+oweJf9uMt5Xy29gzLCI9/7Lso+j1byYAAAAAnbY19O8j9PllF08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDx0+79wKL9O1pRY494w+ViR/4JAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH3kdwAAAP//R8IgDA==") r5 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(r5, 0x82307201, &(0x7f0000000880)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) recvmsg(0xffffffffffffffff, 0x0, 0x160) r6 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r7 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r7, 0x0) write$selinux_load(r6, &(0x7f0000000000)=ANY=[], 0x6000) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="20010000", @ANYRES16=r9, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32, @ANYBLOB="47000e00"], 0x120}, 0x1, 0x0, 0x0, 0x2004c090}, 0x0) pipe(&(0x7f00000000c0)) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4, 0xffffffff}, 0x1320, 0x1, 0x3, 0x5, 0x0, 0x800001, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) 975.671277ms ago: executing program 3 (id=2653): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x50) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x100000002}, 0x1320, 0x0, 0x3, 0x5, 0x0, 0x800001, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x106, 0x40001, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x2, @perf_config_ext={0x0, 0x10000}, 0x1320, 0xfffffffd, 0x3, 0x0, 0x4, 0x1088f105, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="280000001800090000000000000000001c140000fe"], 0x28}}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(r5, 0x0) ptrace$ARCH_SHSTK_LOCK(0x1e, r5, 0x2, 0x5003) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r6}, 0x10) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x1cc, 0x2c, 0xd2b, 0x70bd26, 0x35dfdbfb, {0x0, 0x0, 0x0, r4, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x1a0, 0x2, [@TCA_U32_SEL={0x14, 0x5, {0x1, 0x1, 0x3, 0x1, 0x4, 0x102, 0x6, 0x7ffffffa}}, @TCA_U32_INDEV={0x14, 0x8, 'veth0_to_bridge\x00'}, @TCA_U32_SEL={0x174, 0x5, {0x10, 0x1, 0x6, 0x10da, 0xa760, 0x0, 0x10, 0x100, [{0x4, 0x1000, 0x7, 0xd443d0e8}, {0xdeb2, 0x3, 0x6, 0x3}, {0x1, 0x2, 0x9, 0x7fffffff}, {0x6, 0x7fff, 0x9, 0x7}, {0x8, 0xfffffffd, 0x3, 0x51}, {0x5, 0x9, 0x2}, {0x10001, 0x7, 0xc841, 0x2}, {0x1000, 0x3, 0x2e4, 0x9}, {0x6, 0x5, 0x208, 0x7}, {0x3ff, 0xb, 0x3, 0xa6d}, {0xfffffffc, 0x5, 0x5127, 0x800}, {0xaa4, 0x406, 0x2, 0x127c}, {0x4, 0x5d14, 0x7f, 0x72}, {0x7, 0x2, 0x7, 0x7}, {0x5, 0x7fff, 0x2, 0x438}, {0x80, 0x3, 0x2, 0x1e0}, {0x0, 0x9, 0x40, 0x7}, {0x4, 0x2, 0x7fff, 0x6}, {0x7, 0x0, 0xfffffff0, 0xfffffffe}, {0xc, 0x2, 0xfffffffb}, {0x7, 0x4, 0x1, 0x7}, {0x3, 0x220, 0x434f}]}}]}}]}, 0x1cc}}, 0x24040084) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4) newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) chown(&(0x7f00000003c0)='./file0\x00', r7, 0xee01) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000240)={{{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@loopback, 0x4e22, 0x8001, 0x4e22, 0xc, 0xa, 0x0, 0x20, 0x2c, r4, r7}, {0x5, 0xf, 0x1, 0x6, 0x6, 0x3, 0xfffffffffffffff9, 0x80}, {0x6, 0xd, 0x9, 0x3}, 0x5, 0x6e6bb2, 0x1, 0x0, 0x2, 0x3}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4d6, 0x2b}, 0xa, @in6=@remote, 0x3501, 0x1, 0x1, 0x1, 0x9, 0x3, 0x4}}, 0xe8) 875.838318ms ago: executing program 3 (id=2654): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x2a08042, &(0x7f0000000340), 0x1, 0x597, &(0x7f0000000b80)="$eJzs3U1sG2UaAOB3xvH2L9t0pV1pd9VDtYtUpKpO0h8onNorolKlHpC4lMhxoyhOHMUONFEO6b1C9IAA9VJucOAI4sABcUHiwpULiDNSRSOQmh7AyH9pm9jBKXWdxs8jjT3ffON5v2/G73hmNCMHMLCO1V7SiP9ExKUkYuShuqFoVh5rzLe+tpK/v7aST6JavfxzEklE3FtbybfmT5rvhyJiNSL+HRFfZSNOpFvjlpeWZyaKxcJCszxamZ0fLS8tn5yenZgqTBXmTr/40tlzZ86Onxrv3Pjszvp644ebb9/49pXbNz/+5Ohq/t2JJM7HcLPu4X48SY11ko3zm6af6UWwPkr63QAeS6aZ57VU+leMRKaZ9e1UR55q04Aeq+6LqO5Esrqj2YHdLNlZ/gN7Rus4oHb+2xoeOUDI9Pb4486FxglILe56c2jUDDWuTcT++rnJwV+SR85MauebR3rbNAbA6vWIGBsa2vr9T5rfv8c39iQaSE99eaGxobZu/3Rj/xNt9j/DrWunf1Fr/7e+Zf/3IH6mw/7vUpcxfnv9xw86xr8e8d+28ZON+Emb+GlEvNFl/FuvfX6uU131w4jj0T5+S7L99eHRq9PFwljjtW2ML44ffXm7/h/sEL9xzXZ//Wem3fqf77L/n3396f9Wt4n//P+33/7t1v+BiHiny/j/uPfRq53q7lxP7taOAna6/WvTbncZ/4Xzx77vUHWgy0UAAAAAAAAAAABtpPV72ZI0tzGeprlc4xnef8bBtFgqV05cLS3OTTbueTsS2bR1p9VIo5zUyuPN+3Fb5VObyqdb9xFnDtTLuXypONnnvgMAAAAAAAAAAAAAAAAAAMBucWjT8/+/ZurP/2/+u2pgr+r8l9/AXif/YXA9mv9JxL6+NQV4yvz+w8Cqyn8YXPIfBpf8h8El/2FwyX8YXPIfBpf8BwAAAAAAAAAAAAAAAAAAAAAAAACAnrh08WJtqN5fW8nXypNDS4szpTdPThbKM7nZxXwuX1qYz02VSlPFQi5fmv2z5RVLpfmxmFu8NloplCuj5aXlK7OlxbnKlenZianClUL2qfQKAAAAAAAAAAAAAAAAAAAAni3D9SFJcxGR1sfTNJeL+HtEHIlscnW6WBiLiMMR8V0mu69WHu93owEAAAAAAAAAAAAAAAAAAGCPKS8tz0wUi4WFARkZ2jLlm84zR8Tqk21GbYk7/lS2ua12yzp81kYObz9PJvrewt040ucdEwAAAAAAAAAAAAAAAAAADKAHD/12+4nfe9sgAAAAAAAAAAAAAAAAAAAAGEjpT0lE1IbjI88Nb679W7Keqb9HxFu3Lr93baJSWRivTb+7Mb3yfnP6qX60H+hWK09beQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8UF5anpkoFgsLPRzpdx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHscfAQAA//+aXtbd") bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b70400000000000085000000570000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000000000000000181100", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0) 785.73371ms ago: executing program 4 (id=2656): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdcd, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={0x0, r1, 0x0, 0x2}, 0x18) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000040)={&(0x7f0000000280)={0x90, 0x1, 0x1, 0x201, 0x0, 0x0, {0x5, 0x0, 0x3}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x400}, @CTA_MARK_MASK={0x8}, @CTA_TUPLE_REPLY={0x64, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @private=0xa010101}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x4}]}, 0x90}, 0x1, 0x0, 0x0, 0x2000c040}, 0x40000) 668.040691ms ago: executing program 3 (id=2657): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) timerfd_gettime(0xffffffffffffffff, 0x0) 663.069261ms ago: executing program 4 (id=2658): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000540)={[{@i_version}, {@data_err_abort}, {@mblk_io_submit}, {@dioread_lock}, {@data_err_ignore}, {@delalloc}, {@data_err_ignore}, {@jqfmt_vfsv0}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a) fallocate(r2, 0x10, 0x3, 0x7c27) read(0xffffffffffffffff, &(0x7f0000001400)=""/4096, 0x1000) 441.231674ms ago: executing program 1 (id=2659): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x22, 0x1, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x94}}, 0x0) 341.094416ms ago: executing program 1 (id=2660): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r1 = openat(r0, &(0x7f0000000100)='./file1\x00', 0x18bac2, 0x1ff) write$binfmt_elf64(r1, &(0x7f0000000980)=ANY=[@ANYBLOB="7f454c4600000006010000000000000003003e000000000003000000000000004000000000000000980100000000000002000000000038000200000002000000000000600300000008000000000000000d00000000000000ed08000000000000f0ffffffffffffff0000000000000000080000000000000003"], 0x5b0) close(r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) 264.580916ms ago: executing program 1 (id=2661): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000000), 0x0) 181.574218ms ago: executing program 4 (id=2662): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000300)='kfree\x00', r1, 0x0, 0x8000}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000140)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x25dfdbfd, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{}, {0x0, 0x0, 0x0, 0xffffffff}, {0x3, 0x4, 0x20, 0x1000000}, {0x0, 0x2}, {0x0, 0x0, 0x0, 0x2}, {}, {0x6}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x7, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0) 181.317088ms ago: executing program 1 (id=2663): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xffeffffffffffffa]}, 0x8, 0x0) io_setup(0x206, &(0x7f0000000200)=0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000020850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) io_submit(r0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x7f, 0x7ffc0002}]}) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x44}}, 0x0) 181.077648ms ago: executing program 3 (id=2664): bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0x68f}, 0x18) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) 154.299538ms ago: executing program 3 (id=2665): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000840)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18) creat(&(0x7f0000000300)='./file0\x00', 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x40) 125.487778ms ago: executing program 3 (id=2666): bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f00000001c0)}, 0x10) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x7ff}}, './file0\x00'}) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000100)) write$ppp(r1, &(0x7f00000003c0)="138f", 0x2) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x161281, 0x0) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"}) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18) r3 = open(&(0x7f0000000180)='./file2\x00', 0x310100, 0x4) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000002c0)=0xe) r4 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) tgkill(r4, r4, 0x21) bpf$MAP_CREATE(0x0, 0x0, 0x48) r5 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000040)={0x10000802, 0x80, 0x0, 0x40000}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="280000005200010004000000000000001c00000014"], 0x28}, 0x1, 0x0, 0x0, 0x11b472639e6e475f}, 0x0) wait4(r4, 0x0, 0x80000000, 0x0) r6 = syz_open_pts(r2, 0x396ecc034f393ae6) poll(&(0x7f00000004c0)=[{0xffffffffffffffff, 0x2001}, {r6, 0x20}], 0x2, 0x3) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x100414, &(0x7f0000000400)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xa}}, {@grpjquota_path={'grpjquota', 0x3d, './file2'}}, {@dioread_lock}, {@inlinecrypt}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/4\x00') read$watch_queue(r7, &(0x7f0000000000)=""/196, 0xc4) openat(0xffffffffffffff9c, 0x0, 0x141042, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000"], 0x48) 124.945618ms ago: executing program 4 (id=2667): getpeername$packet(0xffffffffffffffff, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000440)=0x14) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="00000a000000b38cf9e700000000000000008eea", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x18) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1, 0x0, 0x0, 0xff0f0000}, 0x20004000) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000140), 0x1, r3}, 0x38) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[], 0x50) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/anycast6\x00') pread64(r5, &(0x7f0000000580)=""/155, 0x9b, 0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x9, &(0x7f0000000a00)=ANY=[@ANYBLOB="13693c00fc3b58e32b2632e4d32a0000", @ANYRES64=r4, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000c093b9908500000082000000"], 0x0, 0x1, 0x0, 0x0, 0x41100, 0x1e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) socket$inet6_tcp(0xa, 0x1, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x18) 71.768089ms ago: executing program 2 (id=2668): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x2a08042, &(0x7f0000000340), 0x1, 0x597, &(0x7f0000000b80)="$eJzs3U1sG2UaAOB3xvH2L9t0pV1pd9VDtYtUpKpO0h8onNorolKlHpC4lMhxoyhOHMUONFEO6b1C9IAA9VJucOAI4sABcUHiwpULiDNSRSOQmh7AyH9pm9jBKXWdxs8jjT3ffON5v2/G73hmNCMHMLCO1V7SiP9ExKUkYuShuqFoVh5rzLe+tpK/v7aST6JavfxzEklE3FtbybfmT5rvhyJiNSL+HRFfZSNOpFvjlpeWZyaKxcJCszxamZ0fLS8tn5yenZgqTBXmTr/40tlzZ86Onxrv3Pjszvp644ebb9/49pXbNz/+5Ohq/t2JJM7HcLPu4X48SY11ko3zm6af6UWwPkr63QAeS6aZ57VU+leMRKaZ9e1UR55q04Aeq+6LqO5Esrqj2YHdLNlZ/gN7Rus4oHb+2xoeOUDI9Pb4486FxglILe56c2jUDDWuTcT++rnJwV+SR85MauebR3rbNAbA6vWIGBsa2vr9T5rfv8c39iQaSE99eaGxobZu/3Rj/xNt9j/DrWunf1Fr/7e+Zf/3IH6mw/7vUpcxfnv9xw86xr8e8d+28ZON+Emb+GlEvNFl/FuvfX6uU131w4jj0T5+S7L99eHRq9PFwljjtW2ML44ffXm7/h/sEL9xzXZ//Wem3fqf77L/n3396f9Wt4n//P+33/7t1v+BiHiny/j/uPfRq53q7lxP7taOAna6/WvTbncZ/4Xzx77vUHWgy0UAAAAAAAAAAABtpPV72ZI0tzGeprlc4xnef8bBtFgqV05cLS3OTTbueTsS2bR1p9VIo5zUyuPN+3Fb5VObyqdb9xFnDtTLuXypONnnvgMAAAAAAAAAAAAAAAAAAMBucWjT8/+/ZurP/2/+u2pgr+r8l9/AXif/YXA9mv9JxL6+NQV4yvz+w8Cqyn8YXPIfBpf8h8El/2FwyX8YXPIfBpf8BwAAAAAAAAAAAAAAAAAAAAAAAACAnrh08WJtqN5fW8nXypNDS4szpTdPThbKM7nZxXwuX1qYz02VSlPFQi5fmv2z5RVLpfmxmFu8NloplCuj5aXlK7OlxbnKlenZianClUL2qfQKAAAAAAAAAAAAAAAAAAAAni3D9SFJcxGR1sfTNJeL+HtEHIlscnW6WBiLiMMR8V0mu69WHu93owEAAAAAAAAAAAAAAAAAAGCPKS8tz0wUi4WFARkZ2jLlm84zR8Tqk21GbYk7/lS2ua12yzp81kYObz9PJvrewt040ucdEwAAAAAAAAAAAAAAAAAADKAHD/12+4nfe9sgAAAAAAAAAAAAAAAAAAAAGEjpT0lE1IbjI88Nb679W7Keqb9HxFu3Lr93baJSWRivTb+7Mb3yfnP6qX60H+hWK09beQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8UF5anpkoFgsLPRzpdx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHscfAQAA//+aXtbd") bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b70400000000000085000000570000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0) 46.56475ms ago: executing program 4 (id=2669): socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000000000000000b70200000000000000009500000000f800000000000000000000000000000000c4816b903daea019ee14496966dd9d32ad8c4a591c74bd4620225ab6b0c9647d5f23822b80e63692d3f2ee407565a2fe0d5ea0ce7237f95334629643ca38afad95ba37944d6bebc3e57edc828e882f67aec4084b"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r2}, 0x10) r3 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}}) 3.8084ms ago: executing program 0 (id=2670): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdcd, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x2}, 0x18) sendmsg$IPCTNL_MSG_CT_GET(r0, 0x0, 0x40000) 0s ago: executing program 4 (id=2671): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x4e24, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x48}, 0x0) kernel console output (not intermixed with test programs): _64_after_hwframe+0x77/0x7f [ 173.973152][ T8912] RIP: 0033:0x7f77f51be969 [ 173.973170][ T8912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.973189][ T8912] RSP: 002b:00007f77f3826fc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 173.973207][ T8912] RAX: ffffffffffffffda RBX: 00007f77f53e5fa0 RCX: 00007f77f51be969 [ 173.973222][ T8912] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000005e75 [ 173.973266][ T8912] RBP: 0000200000000400 R08: 0000000000000000 R09: 0000000000000000 [ 173.973278][ T8912] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 173.973292][ T8912] R13: 0000000000000000 R14: 0000000000005e75 R15: 0000000000000000 [ 173.973316][ T8912] [ 174.228815][ T8910] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 174.239841][ T8910] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 174.273975][ T8914] 9pnet_fd: Insufficient options for proto=fd [ 174.283425][ T8910] JBD2: no valid journal superblock found [ 174.289482][ T8910] EXT4-fs (loop1): Could not load journal inode [ 174.307286][ T8918] netlink: 'syz.2.1912': attribute type 39 has an invalid length. [ 174.322558][ T30] kauditd_printk_skb: 752 callbacks suppressed [ 174.322576][ T30] audit: type=1326 audit(1748928438.085:13791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8917 comm="syz.2.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 174.328698][ T8920] syz.3.1913 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 174.330328][ T30] audit: type=1326 audit(1748928438.095:13792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8917 comm="syz.2.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 174.410873][ T30] audit: type=1326 audit(1748928438.155:13793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8917 comm="syz.2.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 174.434887][ T30] audit: type=1326 audit(1748928438.155:13794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8917 comm="syz.2.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 174.458579][ T30] audit: type=1326 audit(1748928438.155:13795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8917 comm="syz.2.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 174.482144][ T30] audit: type=1326 audit(1748928438.155:13796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8917 comm="syz.2.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 174.505809][ T30] audit: type=1326 audit(1748928438.155:13797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8917 comm="syz.2.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 174.529466][ T30] audit: type=1326 audit(1748928438.155:13798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8917 comm="syz.2.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 174.553104][ T30] audit: type=1326 audit(1748928438.155:13799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8917 comm="syz.2.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 174.576739][ T30] audit: type=1326 audit(1748928438.155:13800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8917 comm="syz.2.1912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 174.869175][ T8951] loop2: detected capacity change from 0 to 2048 [ 174.888416][ T8957] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1925'. [ 174.904724][ T8961] netlink: 'syz.0.1924': attribute type 39 has an invalid length. [ 174.984742][ T8970] loop2: detected capacity change from 0 to 1024 [ 174.998022][ T8970] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 175.009132][ T8970] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 175.030199][ T8970] JBD2: no valid journal superblock found [ 175.036025][ T8970] EXT4-fs (loop2): Could not load journal inode [ 175.151101][ T8985] loop2: detected capacity change from 0 to 512 [ 175.163460][ T8987] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1935'. [ 175.173273][ T8987] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1935'. [ 175.185304][ T8987] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1935'. [ 175.195820][ T8988] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1935'. [ 175.199904][ T8985] EXT4-fs mount: 8 callbacks suppressed [ 175.199927][ T8985] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.204952][ T8988] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1935'. [ 175.211195][ T8985] ext4 filesystem being mounted at /438/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 175.225996][ T8988] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1935'. [ 175.263106][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.336991][ T8997] loop2: detected capacity change from 0 to 8192 [ 175.711980][ T9000] netlink: 'syz.2.1939': attribute type 39 has an invalid length. [ 176.002064][ T9023] loop0: detected capacity change from 0 to 512 [ 176.113103][ T9028] loop4: detected capacity change from 0 to 1024 [ 176.120209][ T9028] EXT4-fs: Ignoring removed orlov option [ 176.132272][ T9028] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.177233][ T9028] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1951'. [ 176.211922][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.822467][ T9074] loop3: detected capacity change from 0 to 1024 [ 176.883972][ T9074] EXT4-fs: Ignoring removed orlov option [ 176.897234][ T9074] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.963431][ T9074] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1964'. [ 177.058860][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.130889][ T9091] loop0: detected capacity change from 0 to 8192 [ 177.163733][ T9092] lo speed is unknown, defaulting to 1000 [ 177.821376][ T9095] loop3: detected capacity change from 0 to 8192 [ 178.553068][ T9125] loop3: detected capacity change from 0 to 1024 [ 178.622676][ T9125] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 178.671039][ T9125] ext4 filesystem being mounted at /411/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.751165][ T9132] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 393: padding at end of block bitmap is not set [ 178.785665][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.908151][ T9147] lo speed is unknown, defaulting to 1000 [ 178.961665][ T9155] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 179.431678][ T9176] loop3: detected capacity change from 0 to 1024 [ 179.461645][ T9176] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 179.487755][ T9176] ext4 filesystem being mounted at /415/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 179.543273][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.632028][ T9184] netlink: 79 bytes leftover after parsing attributes in process `syz.3.1997'. [ 179.660800][ T30] kauditd_printk_skb: 433 callbacks suppressed [ 179.660849][ T30] audit: type=1326 audit(1748928443.425:14234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9187 comm="syz.3.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 179.690721][ T30] audit: type=1326 audit(1748928443.425:14235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9187 comm="syz.3.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 179.714283][ T30] audit: type=1326 audit(1748928443.425:14236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9187 comm="syz.3.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 179.776946][ T9191] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2001'. [ 179.802796][ T9191] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2001'. [ 179.820907][ T9191] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2001'. [ 179.854329][ T9191] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2001'. [ 179.877772][ T9191] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2001'. [ 179.897152][ T30] audit: type=1326 audit(1748928443.425:14237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9187 comm="syz.3.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 179.920943][ T30] audit: type=1326 audit(1748928443.425:14238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9187 comm="syz.3.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 179.944505][ T30] audit: type=1326 audit(1748928443.425:14239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9187 comm="syz.3.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 179.968042][ T30] audit: type=1326 audit(1748928443.425:14240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9187 comm="syz.3.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 179.991669][ T30] audit: type=1326 audit(1748928443.425:14241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9187 comm="syz.3.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 180.015321][ T30] audit: type=1326 audit(1748928443.425:14242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9187 comm="syz.3.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 180.039116][ T30] audit: type=1326 audit(1748928443.425:14243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9187 comm="syz.3.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 180.041550][ T9205] loop2: detected capacity change from 0 to 1024 [ 180.071007][ T9191] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2001'. [ 180.088052][ T9191] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2001'. [ 180.099002][ T9205] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.119462][ T9205] ext4 filesystem being mounted at /453/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 180.159619][ T9203] loop1: detected capacity change from 0 to 512 [ 180.216683][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.280323][ T9216] netlink: 'syz.2.2007': attribute type 39 has an invalid length. [ 180.347372][ T9221] loop3: detected capacity change from 0 to 1024 [ 180.390209][ T9221] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.406662][ T9221] ext4 filesystem being mounted at /421/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 180.533325][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.615477][ T9255] FAULT_INJECTION: forcing a failure. [ 180.615477][ T9255] name failslab, interval 1, probability 0, space 0, times 0 [ 180.628329][ T9255] CPU: 1 UID: 0 PID: 9255 Comm: syz.3.2023 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 180.628485][ T9255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 180.628502][ T9255] Call Trace: [ 180.628511][ T9255] [ 180.628521][ T9255] __dump_stack+0x1d/0x30 [ 180.628623][ T9255] dump_stack_lvl+0xe8/0x140 [ 180.628650][ T9255] dump_stack+0x15/0x1b [ 180.628671][ T9255] should_fail_ex+0x265/0x280 [ 180.628698][ T9255] ? alloc_pipe_info+0xae/0x350 [ 180.628723][ T9255] should_failslab+0x8c/0xb0 [ 180.628813][ T9255] __kmalloc_cache_noprof+0x4c/0x320 [ 180.628858][ T9255] alloc_pipe_info+0xae/0x350 [ 180.628909][ T9255] splice_direct_to_actor+0x592/0x680 [ 180.628936][ T9255] ? kstrtouint_from_user+0x9f/0xf0 [ 180.628962][ T9255] ? __pfx_direct_splice_actor+0x10/0x10 [ 180.628986][ T9255] ? __rcu_read_unlock+0x4f/0x70 [ 180.629017][ T9255] ? get_pid_task+0x96/0xd0 [ 180.629064][ T9255] ? avc_policy_seqno+0x15/0x30 [ 180.629117][ T9255] ? selinux_file_permission+0x1e4/0x320 [ 180.629220][ T9255] do_splice_direct+0xda/0x150 [ 180.629245][ T9255] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 180.629316][ T9255] do_sendfile+0x380/0x650 [ 180.629360][ T9255] __x64_sys_sendfile64+0x105/0x150 [ 180.629400][ T9255] x64_sys_call+0xb39/0x2fb0 [ 180.629490][ T9255] do_syscall_64+0xd2/0x200 [ 180.629523][ T9255] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 180.629553][ T9255] ? clear_bhb_loop+0x40/0x90 [ 180.629580][ T9255] ? clear_bhb_loop+0x40/0x90 [ 180.629627][ T9255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.629655][ T9255] RIP: 0033:0x7fad5cfde969 [ 180.629676][ T9255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.629701][ T9255] RSP: 002b:00007fad5b647038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 180.629734][ T9255] RAX: ffffffffffffffda RBX: 00007fad5d205fa0 RCX: 00007fad5cfde969 [ 180.629751][ T9255] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006 [ 180.629764][ T9255] RBP: 00007fad5b647090 R08: 0000000000000000 R09: 0000000000000000 [ 180.629856][ T9255] R10: 000000000000000a R11: 0000000000000246 R12: 0000000000000001 [ 180.629871][ T9255] R13: 0000000000000000 R14: 00007fad5d205fa0 R15: 00007fff3691cc58 [ 180.629895][ T9255] [ 180.907373][ T9252] loop2: detected capacity change from 0 to 512 [ 180.915799][ T9252] EXT4-fs: Ignoring removed nomblk_io_submit option [ 180.983271][ T9252] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 181.002683][ T9252] ext4 filesystem being mounted at /462/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 181.404094][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.435274][ T9298] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 16 [ 181.626610][ T9316] loop1: detected capacity change from 0 to 512 [ 181.637077][ T9316] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 181.679662][ T9316] EXT4-fs (loop1): 1 truncate cleaned up [ 181.690507][ T9316] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 181.707907][ T9316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.755854][ T9316] geneve2: entered promiscuous mode [ 181.761304][ T9316] geneve2: entered allmulticast mode [ 181.836537][ T9329] loop2: detected capacity change from 0 to 2048 [ 181.855347][ T9329] EXT4-fs: Ignoring removed bh option [ 181.861775][ T9329] ext4: Unknown parameter 'subj_type' [ 182.098019][ T9338] loop1: detected capacity change from 0 to 1024 [ 182.105362][ T9338] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 182.116451][ T9338] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 182.126744][ T9338] JBD2: no valid journal superblock found [ 182.132647][ T9338] EXT4-fs (loop1): Could not load journal inode [ 182.199988][ T9339] lo speed is unknown, defaulting to 1000 [ 182.896524][ T9354] FAULT_INJECTION: forcing a failure. [ 182.896524][ T9354] name failslab, interval 1, probability 0, space 0, times 0 [ 182.909433][ T9354] CPU: 1 UID: 0 PID: 9354 Comm: syz.4.2059 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 182.909468][ T9354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 182.909481][ T9354] Call Trace: [ 182.909489][ T9354] [ 182.909500][ T9354] __dump_stack+0x1d/0x30 [ 182.909537][ T9354] dump_stack_lvl+0xe8/0x140 [ 182.909611][ T9354] dump_stack+0x15/0x1b [ 182.909630][ T9354] should_fail_ex+0x265/0x280 [ 182.909657][ T9354] ? dev_ethtool+0x96/0x1650 [ 182.909682][ T9354] should_failslab+0x8c/0xb0 [ 182.909715][ T9354] __kmalloc_cache_noprof+0x4c/0x320 [ 182.909888][ T9354] dev_ethtool+0x96/0x1650 [ 182.909906][ T9354] ? full_name_hash+0x92/0xe0 [ 182.909972][ T9354] ? strcmp+0x22/0x50 [ 182.910100][ T9354] dev_ioctl+0x2e0/0x960 [ 182.910190][ T9354] sock_do_ioctl+0x197/0x220 [ 182.910219][ T9354] sock_ioctl+0x41b/0x610 [ 182.910239][ T9354] ? __pfx_sock_ioctl+0x10/0x10 [ 182.910257][ T9354] __se_sys_ioctl+0xcb/0x140 [ 182.910279][ T9354] __x64_sys_ioctl+0x43/0x50 [ 182.910338][ T9354] x64_sys_call+0x19a8/0x2fb0 [ 182.910366][ T9354] do_syscall_64+0xd2/0x200 [ 182.910466][ T9354] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 182.910494][ T9354] ? clear_bhb_loop+0x40/0x90 [ 182.910561][ T9354] ? clear_bhb_loop+0x40/0x90 [ 182.910586][ T9354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.910670][ T9354] RIP: 0033:0x7f77f51be969 [ 182.910696][ T9354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.910728][ T9354] RSP: 002b:00007f77f3827038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 182.910756][ T9354] RAX: ffffffffffffffda RBX: 00007f77f53e5fa0 RCX: 00007f77f51be969 [ 182.910772][ T9354] RDX: 0000200000000100 RSI: 0000000000008946 RDI: 0000000000000005 [ 182.910788][ T9354] RBP: 00007f77f3827090 R08: 0000000000000000 R09: 0000000000000000 [ 182.910804][ T9354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 182.910817][ T9354] R13: 0000000000000000 R14: 00007f77f53e5fa0 R15: 00007ffc0ada2e38 [ 182.910837][ T9354] [ 183.314754][ T9368] blktrace: Concurrent blktraces are not allowed on loop8 [ 183.361206][ T9368] wireguard0: entered promiscuous mode [ 183.366953][ T9368] wireguard0: entered allmulticast mode [ 183.533502][ T9374] __nla_validate_parse: 58 callbacks suppressed [ 183.533526][ T9374] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2065'. [ 183.558648][ T9374] loop4: detected capacity change from 0 to 512 [ 183.568571][ T9374] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 183.596371][ T9374] EXT4-fs (loop4): 1 truncate cleaned up [ 183.602922][ T9374] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 183.620097][ T9374] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.656841][ T9374] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.665803][ T9374] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.674655][ T9374] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.683512][ T9374] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.727338][ T9374] geneve2: entered promiscuous mode [ 183.732781][ T9374] geneve2: entered allmulticast mode [ 183.768066][ T9374] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.777092][ T9374] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.786146][ T9374] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.795292][ T9374] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.023184][ T7635] kernel write not supported for file bpf-prog (pid: 7635 comm: kworker/0:17) [ 184.035861][ T9396] 9pnet_fd: Insufficient options for proto=fd [ 184.277762][ T9419] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=9419 comm=syz.1.2082 [ 184.416752][ T9422] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2073'. [ 184.429356][ T9422] vlan2: entered promiscuous mode [ 184.434477][ T9422] veth0_virt_wifi: entered promiscuous mode [ 184.667832][ T30] kauditd_printk_skb: 953 callbacks suppressed [ 184.667853][ T30] audit: type=1326 audit(1748928448.435:15197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9407 comm="syz.4.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 184.697765][ T30] audit: type=1326 audit(1748928448.435:15198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9430 comm="syz.3.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 184.721320][ T30] audit: type=1326 audit(1748928448.435:15199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9438 comm="syz.1.2089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 184.744985][ T30] audit: type=1326 audit(1748928448.435:15200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9407 comm="syz.4.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 184.768568][ T30] audit: type=1326 audit(1748928448.435:15201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9430 comm="syz.3.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 184.792221][ T30] audit: type=1326 audit(1748928448.435:15202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9438 comm="syz.1.2089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 184.815818][ T30] audit: type=1326 audit(1748928448.435:15203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9407 comm="syz.4.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 184.839441][ T30] audit: type=1326 audit(1748928448.435:15204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9430 comm="syz.3.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 184.863043][ T30] audit: type=1326 audit(1748928448.435:15205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9438 comm="syz.1.2089" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 184.886780][ T30] audit: type=1326 audit(1748928448.465:15206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9407 comm="syz.4.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 185.056335][ T9452] loop4: detected capacity change from 0 to 1024 [ 185.080142][ T9452] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 185.092559][ T9452] ext4 filesystem being mounted at /387/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 185.115937][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.139196][ T9457] loop4: detected capacity change from 0 to 1024 [ 185.161693][ T9457] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 185.173998][ T9457] ext4 filesystem being mounted at /388/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 185.204674][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.269879][ T9467] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2099'. [ 185.279067][ T9467] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2099'. [ 185.288393][ T9467] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2099'. [ 185.297521][ T9467] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2099'. [ 185.306754][ T9467] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2099'. [ 185.515899][ T9484] loop1: detected capacity change from 0 to 512 [ 186.290303][ T9517] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2116'. [ 186.299312][ T9517] IPVS: Unknown mcast interface: vcan0 [ 186.597661][ T9521] netlink: 8 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 186.785657][ T9531] netlink: 92 bytes leftover after parsing attributes in process `syz.3.2122'. [ 186.885441][ T9536] netlink: 'syz.3.2122': attribute type 21 has an invalid length. [ 186.938829][ T9540] loop4: detected capacity change from 0 to 1024 [ 186.957733][ T9540] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 186.968774][ T9540] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 186.984236][ T9540] JBD2: no valid journal superblock found [ 186.990116][ T9540] EXT4-fs (loop4): Could not load journal inode [ 187.014601][ T9544] loop2: detected capacity change from 0 to 1024 [ 187.094681][ T9544] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 187.123005][ T9544] ext4 filesystem being mounted at /477/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 187.152780][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.178373][ T9559] netlink: 'syz.0.2132': attribute type 10 has an invalid length. [ 187.274749][ T9559] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.294396][ T9559] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 187.348909][ T9583] tipc: Enabling of bearer rejected, failed to enable media [ 187.429951][ T9590] loop0: detected capacity change from 0 to 1024 [ 187.450170][ T9590] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 187.462470][ T9590] ext4 filesystem being mounted at /376/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 187.484717][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.522963][ T9597] FAULT_INJECTION: forcing a failure. [ 187.522963][ T9597] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 187.536242][ T9597] CPU: 0 UID: 0 PID: 9597 Comm: syz.0.2147 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 187.536272][ T9597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 187.536288][ T9597] Call Trace: [ 187.536354][ T9597] [ 187.536409][ T9597] __dump_stack+0x1d/0x30 [ 187.536433][ T9597] dump_stack_lvl+0xe8/0x140 [ 187.536463][ T9597] dump_stack+0x15/0x1b [ 187.536480][ T9597] should_fail_ex+0x265/0x280 [ 187.536502][ T9597] should_fail+0xb/0x20 [ 187.536522][ T9597] should_fail_usercopy+0x1a/0x20 [ 187.536547][ T9597] _copy_from_user+0x1c/0xb0 [ 187.536637][ T9597] ___sys_sendmsg+0xc1/0x1d0 [ 187.536684][ T9597] __x64_sys_sendmsg+0xd4/0x160 [ 187.536725][ T9597] x64_sys_call+0x2999/0x2fb0 [ 187.536754][ T9597] do_syscall_64+0xd2/0x200 [ 187.536793][ T9597] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 187.536820][ T9597] ? clear_bhb_loop+0x40/0x90 [ 187.536922][ T9597] ? clear_bhb_loop+0x40/0x90 [ 187.536944][ T9597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.536969][ T9597] RIP: 0033:0x7f4d3e71e969 [ 187.536988][ T9597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.537030][ T9597] RSP: 002b:00007f4d3cd87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 187.537054][ T9597] RAX: ffffffffffffffda RBX: 00007f4d3e945fa0 RCX: 00007f4d3e71e969 [ 187.537069][ T9597] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 187.537081][ T9597] RBP: 00007f4d3cd87090 R08: 0000000000000000 R09: 0000000000000000 [ 187.537094][ T9597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 187.537105][ T9597] R13: 0000000000000000 R14: 00007f4d3e945fa0 R15: 00007ffcef838b28 [ 187.537124][ T9597] [ 187.742167][ T9599] loop0: detected capacity change from 0 to 1024 [ 187.749619][ T9599] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 187.760781][ T9599] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 187.771569][ T9599] JBD2: no valid journal superblock found [ 187.777423][ T9599] EXT4-fs (loop0): Could not load journal inode [ 188.161436][ T9620] loop0: detected capacity change from 0 to 1024 [ 188.198805][ T9625] usb usb1: usbfs: process 9625 (syz.1.2159) did not claim interface 0 before use [ 188.221451][ T9620] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.242540][ T9620] ext4 filesystem being mounted at /384/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 188.337195][ T9631] netlink: 'syz.2.2160': attribute type 1 has an invalid length. [ 188.364056][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.747261][ T9661] __nla_validate_parse: 2 callbacks suppressed [ 188.747277][ T9661] netlink: 268 bytes leftover after parsing attributes in process `syz.0.2171'. [ 188.767064][ T9661] unsupported nla_type 65024 [ 188.830839][ T9661] bond1: entered promiscuous mode [ 188.836014][ T9661] bond1: entered allmulticast mode [ 188.875097][ T9661] 8021q: adding VLAN 0 to HW filter on device bond1 [ 188.898868][ T9661] bond1 (unregistering): Released all slaves [ 188.954023][ T9670] loop2: detected capacity change from 0 to 1024 [ 189.050354][ T9670] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 189.086987][ T9674] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2176'. [ 189.102513][ T9670] ext4 filesystem being mounted at /488/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 189.207928][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.233901][ T9680] loop3: detected capacity change from 0 to 1024 [ 189.276095][ T9680] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 189.308873][ T9625] syz.1.2159 (9625) used greatest stack depth: 7160 bytes left [ 189.322962][ T9680] ext4 filesystem being mounted at /457/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 189.366845][ T9691] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2183'. [ 189.376374][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.465909][ T9697] vlan2: entered promiscuous mode [ 189.471223][ T9697] bridge0: entered promiscuous mode [ 189.522006][ T9701] FAULT_INJECTION: forcing a failure. [ 189.522006][ T9701] name failslab, interval 1, probability 0, space 0, times 0 [ 189.534887][ T9701] CPU: 1 UID: 0 PID: 9701 Comm: syz.0.2187 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 189.534916][ T9701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 189.534928][ T9701] Call Trace: [ 189.534935][ T9701] [ 189.534942][ T9701] __dump_stack+0x1d/0x30 [ 189.535047][ T9701] dump_stack_lvl+0xe8/0x140 [ 189.535071][ T9701] dump_stack+0x15/0x1b [ 189.535093][ T9701] should_fail_ex+0x265/0x280 [ 189.535121][ T9701] should_failslab+0x8c/0xb0 [ 189.535163][ T9701] kmem_cache_alloc_noprof+0x50/0x310 [ 189.535202][ T9701] ? posix_lock_inode+0x162/0x2380 [ 189.535246][ T9701] posix_lock_inode+0x162/0x2380 [ 189.535291][ T9701] ? file_has_perm+0x324/0x370 [ 189.535329][ T9701] fcntl_setlk+0x61f/0x950 [ 189.535363][ T9701] do_fcntl+0x5dd/0xdf0 [ 189.535398][ T9701] ? selinux_file_fcntl+0x1cb/0x1e0 [ 189.535438][ T9701] __se_sys_fcntl+0xb1/0x120 [ 189.535547][ T9701] __x64_sys_fcntl+0x43/0x50 [ 189.535587][ T9701] x64_sys_call+0x1f1d/0x2fb0 [ 189.535615][ T9701] do_syscall_64+0xd2/0x200 [ 189.535646][ T9701] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 189.535726][ T9701] ? clear_bhb_loop+0x40/0x90 [ 189.535765][ T9701] ? clear_bhb_loop+0x40/0x90 [ 189.535787][ T9701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.535808][ T9701] RIP: 0033:0x7f4d3e71e969 [ 189.535875][ T9701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.535893][ T9701] RSP: 002b:00007f4d3cd87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 189.535912][ T9701] RAX: ffffffffffffffda RBX: 00007f4d3e945fa0 RCX: 00007f4d3e71e969 [ 189.535924][ T9701] RDX: 0000200000000000 RSI: 0000000000000026 RDI: 0000000000000007 [ 189.535937][ T9701] RBP: 00007f4d3cd87090 R08: 0000000000000000 R09: 0000000000000000 [ 189.535953][ T9701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 189.535969][ T9701] R13: 0000000000000000 R14: 00007f4d3e945fa0 R15: 00007ffcef838b28 [ 189.536024][ T9701] [ 189.696546][ T30] kauditd_printk_skb: 1199 callbacks suppressed [ 189.696565][ T30] audit: type=1326 audit(1748928453.455:16406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9700 comm="syz.2.2188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 189.770262][ T30] audit: type=1400 audit(1748928453.465:16407): avc: denied { accept } for pid=9693 comm="syz.3.2185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 189.791113][ T30] audit: type=1326 audit(1748928453.485:16408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9700 comm="syz.2.2188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 189.815007][ T30] audit: type=1326 audit(1748928453.495:16409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9700 comm="syz.2.2188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 189.838541][ T30] audit: type=1326 audit(1748928453.505:16410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9700 comm="syz.2.2188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 189.853602][ T9707] loop0: detected capacity change from 0 to 1024 [ 189.862127][ T30] audit: type=1326 audit(1748928453.535:16411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9700 comm="syz.2.2188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 189.862714][ T30] audit: type=1326 audit(1748928453.545:16412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9704 comm="syz.4.2191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 189.891926][ T9707] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 189.892322][ T30] audit: type=1326 audit(1748928453.545:16413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9704 comm="syz.4.2191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 189.917908][ T9707] ext4 filesystem being mounted at /395/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 189.927794][ T30] audit: type=1326 audit(1748928453.555:16414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9704 comm="syz.4.2191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 189.985691][ T30] audit: type=1326 audit(1748928453.555:16415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9704 comm="syz.4.2191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 190.010590][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.130913][ T7635] kernel write not supported for file bpf-prog (pid: 7635 comm: kworker/0:17) [ 190.140893][ T9727] 9pnet_fd: Insufficient options for proto=fd [ 190.165478][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x1 [ 190.173078][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.180584][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.188020][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.195474][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.202938][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.211584][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.219196][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.226717][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.234237][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x2 [ 190.241809][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.249250][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.256711][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.264182][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.271636][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.279205][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.286709][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.294268][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.301697][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.309207][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.316610][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.324145][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.329326][ T9729] x_tables: ip_tables: bpf.1 match: invalid size 528 (kernel) != (user) 536 [ 190.331572][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.347800][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.355242][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.362804][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.370338][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.377785][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.385309][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.392766][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.400292][ T7645] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 190.408335][ T7645] hid-generic 0000:0004:0000.0003: hidraw0: HID v0.02 Device [syz0] on syz1 [ 190.483647][ T9732] fido_id[9732]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 190.496940][ T7645] lo speed is unknown, defaulting to 1000 [ 190.540300][ T9740] hub 8-0:1.0: USB hub found [ 190.545062][ T9740] hub 8-0:1.0: 8 ports detected [ 190.610865][ T9748] loop3: detected capacity change from 0 to 256 [ 190.670234][ T7635] kernel write not supported for file bpf-prog (pid: 7635 comm: kworker/0:17) [ 190.693561][ T9754] 9pnet_fd: Insufficient options for proto=fd [ 190.731550][ T9759] netlink: 'syz.3.2211': attribute type 10 has an invalid length. [ 190.791740][ T9761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.814238][ T9761] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 191.010921][ T9786] ÿÿÿÿÿÿ: renamed from vlan1 (while UP) [ 191.477069][ T9793] FAULT_INJECTION: forcing a failure. [ 191.477069][ T9793] name failslab, interval 1, probability 0, space 0, times 0 [ 191.489926][ T9793] CPU: 0 UID: 0 PID: 9793 Comm: syz.4.2220 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 191.489962][ T9793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 191.489979][ T9793] Call Trace: [ 191.489988][ T9793] [ 191.489997][ T9793] __dump_stack+0x1d/0x30 [ 191.490022][ T9793] dump_stack_lvl+0xe8/0x140 [ 191.490046][ T9793] dump_stack+0x15/0x1b [ 191.490071][ T9793] should_fail_ex+0x265/0x280 [ 191.490100][ T9793] should_failslab+0x8c/0xb0 [ 191.490133][ T9793] kmem_cache_alloc_node_noprof+0x57/0x320 [ 191.490215][ T9793] ? __alloc_skb+0x101/0x320 [ 191.490247][ T9793] __alloc_skb+0x101/0x320 [ 191.490274][ T9793] tipc_buf_acquire+0x2c/0xb0 [ 191.490395][ T9793] tipc_msg_build+0x3d0/0x840 [ 191.490429][ T9793] tipc_send_group_bcast+0x5a4/0x6c0 [ 191.490528][ T9793] ? __pfx_woken_wake_function+0x10/0x10 [ 191.490560][ T9793] __tipc_sendmsg+0x186/0x1b00 [ 191.490585][ T9793] ? avc_has_perm+0xd3/0x150 [ 191.490621][ T9793] ? selinux_socket_sendmsg+0x175/0x1b0 [ 191.490653][ T9793] ? _raw_spin_unlock_bh+0x36/0x40 [ 191.490676][ T9793] ? lock_sock_nested+0x112/0x140 [ 191.490707][ T9793] tipc_sendmsg+0x3e/0x60 [ 191.490727][ T9793] ? __pfx_tipc_sendmsg+0x10/0x10 [ 191.490747][ T9793] __sock_sendmsg+0x142/0x180 [ 191.490771][ T9793] ____sys_sendmsg+0x345/0x4e0 [ 191.490815][ T9793] ___sys_sendmsg+0x17b/0x1d0 [ 191.490891][ T9793] __sys_sendmmsg+0x178/0x300 [ 191.490934][ T9793] __x64_sys_sendmmsg+0x57/0x70 [ 191.490974][ T9793] x64_sys_call+0x2f2f/0x2fb0 [ 191.491032][ T9793] do_syscall_64+0xd2/0x200 [ 191.491070][ T9793] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 191.491101][ T9793] ? clear_bhb_loop+0x40/0x90 [ 191.491127][ T9793] ? clear_bhb_loop+0x40/0x90 [ 191.491225][ T9793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.491249][ T9793] RIP: 0033:0x7f77f51be969 [ 191.491264][ T9793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.491283][ T9793] RSP: 002b:00007f77f3806038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 191.491308][ T9793] RAX: ffffffffffffffda RBX: 00007f77f53e6080 RCX: 00007f77f51be969 [ 191.491350][ T9793] RDX: 0400000000000181 RSI: 00002000000030c0 RDI: 0000000000000006 [ 191.491367][ T9793] RBP: 00007f77f3806090 R08: 0000000000000000 R09: 0000000000000000 [ 191.491389][ T9793] R10: 9200000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 191.491405][ T9793] R13: 0000000000000001 R14: 00007f77f53e6080 R15: 00007ffc0ada2e38 [ 191.491459][ T9793] [ 191.850326][ T7646] kernel write not supported for file bpf-prog (pid: 7646 comm: kworker/1:8) [ 191.861196][ T9798] 9pnet_fd: Insufficient options for proto=fd [ 191.909627][ T9804] netlink: 'syz.0.2225': attribute type 1 has an invalid length. [ 191.935339][ T9804] bond1: entered promiscuous mode [ 191.940827][ T9804] 8021q: adding VLAN 0 to HW filter on device bond1 [ 191.960160][ T9804] bond1: (slave bridge2): making interface the new active one [ 191.967778][ T9804] bridge2: entered promiscuous mode [ 191.983409][ T9804] bond1: (slave bridge2): Enslaving as an active interface with an up link [ 192.010350][ T9807] blktrace: Concurrent blktraces are not allowed on loop2 [ 192.035518][ T9807] wireguard1: entered promiscuous mode [ 192.041244][ T9807] wireguard1: entered allmulticast mode [ 192.096807][ T9812] netlink: 268 bytes leftover after parsing attributes in process `syz.0.2228'. [ 192.229732][ T9824] FAULT_INJECTION: forcing a failure. [ 192.229732][ T9824] name failslab, interval 1, probability 0, space 0, times 0 [ 192.242437][ T9824] CPU: 0 UID: 0 PID: 9824 Comm: syz.0.2233 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 192.242467][ T9824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 192.242500][ T9824] Call Trace: [ 192.242509][ T9824] [ 192.242520][ T9824] __dump_stack+0x1d/0x30 [ 192.242549][ T9824] dump_stack_lvl+0xe8/0x140 [ 192.242572][ T9824] dump_stack+0x15/0x1b [ 192.242611][ T9824] should_fail_ex+0x265/0x280 [ 192.242651][ T9824] should_failslab+0x8c/0xb0 [ 192.242686][ T9824] kmem_cache_alloc_node_noprof+0x57/0x320 [ 192.242800][ T9824] ? __alloc_skb+0x101/0x320 [ 192.242863][ T9824] __alloc_skb+0x101/0x320 [ 192.242892][ T9824] netlink_alloc_large_skb+0xba/0xf0 [ 192.242931][ T9824] netlink_sendmsg+0x3cf/0x6b0 [ 192.243115][ T9824] ? __pfx_netlink_sendmsg+0x10/0x10 [ 192.243149][ T9824] __sock_sendmsg+0x142/0x180 [ 192.243174][ T9824] ____sys_sendmsg+0x31e/0x4e0 [ 192.243218][ T9824] ___sys_sendmsg+0x17b/0x1d0 [ 192.243283][ T9824] __x64_sys_sendmsg+0xd4/0x160 [ 192.243379][ T9824] x64_sys_call+0x2999/0x2fb0 [ 192.243407][ T9824] do_syscall_64+0xd2/0x200 [ 192.243441][ T9824] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 192.243477][ T9824] ? clear_bhb_loop+0x40/0x90 [ 192.243534][ T9824] ? clear_bhb_loop+0x40/0x90 [ 192.243614][ T9824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.243640][ T9824] RIP: 0033:0x7f4d3e71e969 [ 192.243668][ T9824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.243695][ T9824] RSP: 002b:00007f4d3cd87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 192.243721][ T9824] RAX: ffffffffffffffda RBX: 00007f4d3e945fa0 RCX: 00007f4d3e71e969 [ 192.243738][ T9824] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000004 [ 192.243755][ T9824] RBP: 00007f4d3cd87090 R08: 0000000000000000 R09: 0000000000000000 [ 192.243801][ T9824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 192.243817][ T9824] R13: 0000000000000000 R14: 00007f4d3e945fa0 R15: 00007ffcef838b28 [ 192.243843][ T9824] [ 192.613778][ T9836] loop4: detected capacity change from 0 to 512 [ 192.770201][ T9845] FAULT_INJECTION: forcing a failure. [ 192.770201][ T9845] name failslab, interval 1, probability 0, space 0, times 0 [ 192.782927][ T9845] CPU: 1 UID: 0 PID: 9845 Comm: syz.2.2240 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 192.782956][ T9845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 192.782973][ T9845] Call Trace: [ 192.782983][ T9845] [ 192.782993][ T9845] __dump_stack+0x1d/0x30 [ 192.783024][ T9845] dump_stack_lvl+0xe8/0x140 [ 192.783050][ T9845] dump_stack+0x15/0x1b [ 192.783071][ T9845] should_fail_ex+0x265/0x280 [ 192.783100][ T9845] should_failslab+0x8c/0xb0 [ 192.783147][ T9845] kmem_cache_alloc_noprof+0x50/0x310 [ 192.783186][ T9845] ? getname_flags+0x80/0x3b0 [ 192.783224][ T9845] getname_flags+0x80/0x3b0 [ 192.783258][ T9845] getname_uflags+0x21/0x30 [ 192.783333][ T9845] __x64_sys_execveat+0x5d/0x90 [ 192.783466][ T9845] x64_sys_call+0x2dae/0x2fb0 [ 192.783494][ T9845] do_syscall_64+0xd2/0x200 [ 192.783530][ T9845] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 192.783559][ T9845] ? clear_bhb_loop+0x40/0x90 [ 192.783586][ T9845] ? clear_bhb_loop+0x40/0x90 [ 192.783658][ T9845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.783680][ T9845] RIP: 0033:0x7f89f950e969 [ 192.783700][ T9845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.783788][ T9845] RSP: 002b:00007f89f7b77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 192.783812][ T9845] RAX: ffffffffffffffda RBX: 00007f89f9735fa0 RCX: 00007f89f950e969 [ 192.783828][ T9845] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 192.783844][ T9845] RBP: 00007f89f7b77090 R08: 0000000000000000 R09: 0000000000000000 [ 192.783859][ T9845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 192.783946][ T9845] R13: 0000000000000000 R14: 00007f89f9735fa0 R15: 00007fff1e591a18 [ 192.783973][ T9845] [ 193.155780][ T9856] FAULT_INJECTION: forcing a failure. [ 193.155780][ T9856] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 193.169131][ T9856] CPU: 1 UID: 0 PID: 9856 Comm: syz.1.2244 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 193.169162][ T9856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 193.169175][ T9856] Call Trace: [ 193.169183][ T9856] [ 193.169192][ T9856] __dump_stack+0x1d/0x30 [ 193.169247][ T9856] dump_stack_lvl+0xe8/0x140 [ 193.169274][ T9856] dump_stack+0x15/0x1b [ 193.169297][ T9856] should_fail_ex+0x265/0x280 [ 193.169326][ T9856] should_fail_alloc_page+0xf2/0x100 [ 193.169357][ T9856] __alloc_frozen_pages_noprof+0xff/0x360 [ 193.169435][ T9856] alloc_pages_mpol+0xb3/0x250 [ 193.169481][ T9856] alloc_pages_noprof+0x90/0x130 [ 193.169580][ T9856] get_zeroed_page_noprof+0x1a/0x40 [ 193.169668][ T9856] simple_transaction_get+0x4c/0x130 [ 193.169693][ T9856] selinux_transaction_write+0x9d/0x110 [ 193.169768][ T9856] ? __pfx_selinux_transaction_write+0x10/0x10 [ 193.169931][ T9856] vfs_write+0x269/0x8e0 [ 193.169970][ T9856] ? __rcu_read_unlock+0x4f/0x70 [ 193.170038][ T9856] ? __fget_files+0x184/0x1c0 [ 193.170073][ T9856] ksys_write+0xda/0x1a0 [ 193.170098][ T9856] __x64_sys_write+0x40/0x50 [ 193.170156][ T9856] x64_sys_call+0x2cdd/0x2fb0 [ 193.170186][ T9856] do_syscall_64+0xd2/0x200 [ 193.170227][ T9856] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 193.170293][ T9856] ? clear_bhb_loop+0x40/0x90 [ 193.170357][ T9856] ? clear_bhb_loop+0x40/0x90 [ 193.170380][ T9856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.170404][ T9856] RIP: 0033:0x7f4489a7e969 [ 193.170424][ T9856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.170525][ T9856] RSP: 002b:00007f44880e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 193.170551][ T9856] RAX: ffffffffffffffda RBX: 00007f4489ca5fa0 RCX: 00007f4489a7e969 [ 193.170567][ T9856] RDX: 0000000000000057 RSI: 0000200000000ec0 RDI: 0000000000000004 [ 193.170584][ T9856] RBP: 00007f44880e7090 R08: 0000000000000000 R09: 0000000000000000 [ 193.170600][ T9856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.170617][ T9856] R13: 0000000000000000 R14: 00007f4489ca5fa0 R15: 00007ffe75d54a78 [ 193.170637][ T9856] [ 193.562713][ T9866] futex_wake_op: syz.4.2248 tries to shift op by -1; fix this program [ 193.735467][ T9872] loop1: detected capacity change from 0 to 1024 [ 193.784362][ T9872] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 193.991426][ T9871] netlink: 8 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 194.145675][ T9886] blktrace: Concurrent blktraces are not allowed on loop8 [ 194.167949][ T9886] wireguard0: entered promiscuous mode [ 194.173561][ T9886] wireguard0: entered allmulticast mode [ 194.450115][ T9900] netlink: 'syz.4.2258': attribute type 10 has an invalid length. [ 194.469041][ T9900] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.479612][ T9900] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 194.699739][ T30] kauditd_printk_skb: 1110 callbacks suppressed [ 194.699759][ T30] audit: type=1326 audit(1748928458.465:17526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9912 comm="syz.4.2264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 194.731177][ T30] audit: type=1326 audit(1748928458.495:17527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9912 comm="syz.4.2264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 194.754883][ T30] audit: type=1326 audit(1748928458.495:17528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9916 comm="syz.0.2265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f4d3e71e969 code=0x7ffc0000 [ 194.781248][ T30] audit: type=1326 audit(1748928458.545:17529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9912 comm="syz.4.2264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 194.804841][ T30] audit: type=1326 audit(1748928458.545:17530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9916 comm="syz.0.2265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f4d3e71e969 code=0x7ffc0000 [ 194.836344][ T30] audit: type=1326 audit(1748928458.595:17531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9916 comm="syz.0.2265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f4d3e71e969 code=0x7ffc0000 [ 194.860063][ T30] audit: type=1326 audit(1748928458.595:17532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9912 comm="syz.4.2264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 194.885006][ T30] audit: type=1326 audit(1748928458.645:17533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9912 comm="syz.4.2264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 194.908682][ T30] audit: type=1326 audit(1748928458.645:17534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9916 comm="syz.0.2265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f4d3e71e969 code=0x7ffc0000 [ 194.932437][ T30] audit: type=1326 audit(1748928458.685:17535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9912 comm="syz.4.2264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 194.994886][ T9922] loop2: detected capacity change from 0 to 1024 [ 195.015191][ T9922] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 195.032704][ T9922] ext4 filesystem being mounted at /507/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 195.065161][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.179155][ T9932] xt_l2tp: wrong L2TP version: 0 [ 195.185743][ T9932] netlink: 'syz.2.2271': attribute type 64 has an invalid length. [ 195.196063][ T9932] sch_tbf: burst 0 is lower than device lo mtu (39799) ! [ 195.292363][ T9936] loop2: detected capacity change from 0 to 8192 [ 195.481334][ T9942] loop4: detected capacity change from 0 to 1024 [ 195.529424][ T9942] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 195.558021][ T9942] ext4 filesystem being mounted at /420/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 195.611761][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.874625][ T9965] netlink: 268 bytes leftover after parsing attributes in process `syz.4.2283'. [ 196.086877][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.169264][ T9984] loop1: detected capacity change from 0 to 1024 [ 196.199159][ T9984] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.211770][ T9984] ext4 filesystem being mounted at /449/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 196.240026][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.312797][ T9992] loop3: detected capacity change from 0 to 8192 [ 196.360392][ T9994] loop1: detected capacity change from 0 to 512 [ 196.390292][ T9994] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 196.429372][ T9994] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 196.442422][ T9994] System zones: 0-2, 18-18, 34-34 [ 196.449586][ T9994] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.462607][ T9994] ext4 filesystem being mounted at /451/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 196.478387][ T9994] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 196.523790][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.648098][T10018] blktrace: Concurrent blktraces are not allowed on loop2 [ 196.659395][T10018] wireguard1: entered promiscuous mode [ 196.664984][T10018] wireguard1: entered allmulticast mode [ 196.834435][T10027] loop2: detected capacity change from 0 to 128 [ 196.847090][T10027] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 196.908239][T10033] netlink: 92 bytes leftover after parsing attributes in process `syz.4.2307'. [ 196.933976][ T41] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 197.176340][T10054] blktrace: Concurrent blktraces are not allowed on loop4 [ 197.187574][T10054] wireguard0: entered promiscuous mode [ 197.193186][T10054] wireguard0: entered allmulticast mode [ 197.270675][T10056] lo speed is unknown, defaulting to 1000 [ 198.424425][T10064] netlink: 8 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 198.446689][T10078] loop2: detected capacity change from 0 to 512 [ 199.177331][T10106] blktrace: Concurrent blktraces are not allowed on loop4 [ 199.189843][T10106] wireguard0: entered promiscuous mode [ 199.195475][T10106] wireguard0: entered allmulticast mode [ 199.455995][T10119] netlink: 92 bytes leftover after parsing attributes in process `syz.3.2335'. [ 199.557167][T10128] loop1: detected capacity change from 0 to 512 [ 199.574816][T10128] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 199.585697][T10128] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 not in group (block 2)! [ 199.595846][T10128] EXT4-fs (loop1): group descriptors corrupted! [ 199.696529][T10135] loop1: detected capacity change from 0 to 512 [ 199.708347][ T30] kauditd_printk_skb: 721 callbacks suppressed [ 199.708364][ T30] audit: type=1326 audit(1748928463.475:18257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.1.2340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 199.738508][ T30] audit: type=1326 audit(1748928463.475:18258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10120 comm="syz.3.2336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 199.762303][ T30] audit: type=1326 audit(1748928463.475:18259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.1.2340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 199.785913][ T30] audit: type=1326 audit(1748928463.475:18260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.1.2340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 199.809648][ T30] audit: type=1326 audit(1748928463.475:18261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.1.2340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 199.833265][ T30] audit: type=1326 audit(1748928463.475:18262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.1.2340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 199.856959][ T30] audit: type=1326 audit(1748928463.475:18263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.1.2340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 199.880599][ T30] audit: type=1326 audit(1748928463.475:18264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.1.2340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4489a7d2d0 code=0x7ffc0000 [ 199.904323][ T30] audit: type=1326 audit(1748928463.475:18265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.1.2340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 199.927998][ T30] audit: type=1326 audit(1748928463.475:18266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10131 comm="syz.1.2340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 199.962377][T10140] loop4: detected capacity change from 0 to 512 [ 199.969582][T10140] EXT4-fs (loop4): filesystem is read-only [ 199.976331][T10140] EXT4-fs (loop4): filesystem is read-only [ 199.982258][T10140] EXT4-fs (loop4): orphan cleanup on readonly fs [ 199.988888][T10140] EXT4-fs error (device loop4): ext4_orphan_get:1419: comm syz.4.2342: bad orphan inode 16 [ 199.999312][T10140] ext4_test_bit(bit=15, block=3) = 0 [ 200.005036][T10140] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 200.100615][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.158137][T10144] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2343'. [ 200.167315][T10144] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 200.228557][T10146] netlink: 'syz.2.2344': attribute type 10 has an invalid length. [ 200.239347][T10146] bond0: (slave batadv0): Error -22 calling dev_set_mtu [ 200.605095][T10177] loop1: detected capacity change from 0 to 8192 [ 200.652482][T10155] netlink: 8 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 200.763246][T10182] FAULT_INJECTION: forcing a failure. [ 200.763246][T10182] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 200.776518][T10182] CPU: 1 UID: 0 PID: 10182 Comm: syz.3.2357 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 200.776548][T10182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 200.776608][T10182] Call Trace: [ 200.776617][T10182] [ 200.776625][T10182] __dump_stack+0x1d/0x30 [ 200.776654][T10182] dump_stack_lvl+0xe8/0x140 [ 200.776707][T10182] dump_stack+0x15/0x1b [ 200.776828][T10182] should_fail_ex+0x265/0x280 [ 200.776858][T10182] should_fail+0xb/0x20 [ 200.776882][T10182] should_fail_usercopy+0x1a/0x20 [ 200.776931][T10182] _copy_from_user+0x1c/0xb0 [ 200.776957][T10182] __sys_bpf+0x178/0x790 [ 200.776983][T10182] __x64_sys_bpf+0x41/0x50 [ 200.777088][T10182] x64_sys_call+0x2478/0x2fb0 [ 200.777161][T10182] do_syscall_64+0xd2/0x200 [ 200.777203][T10182] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 200.777231][T10182] ? clear_bhb_loop+0x40/0x90 [ 200.777260][T10182] ? clear_bhb_loop+0x40/0x90 [ 200.777343][T10182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.777373][T10182] RIP: 0033:0x7fad5cfde969 [ 200.777399][T10182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.777423][T10182] RSP: 002b:00007fad5b647038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 200.777480][T10182] RAX: ffffffffffffffda RBX: 00007fad5d205fa0 RCX: 00007fad5cfde969 [ 200.777501][T10182] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 200.777547][T10182] RBP: 00007fad5b647090 R08: 0000000000000000 R09: 0000000000000000 [ 200.777563][T10182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 200.777578][T10182] R13: 0000000000000000 R14: 00007fad5d205fa0 R15: 00007fff3691cc58 [ 200.777604][T10182] [ 201.026602][ T7646] kernel write not supported for file bpf-prog (pid: 7646 comm: kworker/1:8) [ 201.038247][T10186] 9pnet_fd: Insufficient options for proto=fd [ 201.202644][T10200] loop1: detected capacity change from 0 to 512 [ 201.212222][T10207] blktrace: Concurrent blktraces are not allowed on loop4 [ 201.225265][T10207] wireguard0: entered promiscuous mode [ 201.231073][T10207] wireguard0: entered allmulticast mode [ 201.290249][T10212] loop3: detected capacity change from 0 to 8192 [ 201.471319][T10222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2374'. [ 201.519998][ T7635] kernel write not supported for file bpf-prog (pid: 7635 comm: kworker/0:17) [ 201.537816][T10228] 9pnet_fd: Insufficient options for proto=fd [ 201.663964][T10242] netlink: 'syz.0.2382': attribute type 10 has an invalid length. [ 202.002383][ T7635] kernel write not supported for file bpf-prog (pid: 7635 comm: kworker/0:17) [ 202.015236][T10258] 9pnet_fd: Insufficient options for proto=fd [ 202.053330][T10262] loop0: detected capacity change from 0 to 1024 [ 202.090057][T10262] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 202.108751][T10262] ext4 filesystem being mounted at /442/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 202.123701][T10271] netlink: 'syz.1.2393': attribute type 10 has an invalid length. [ 202.135765][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.140781][T10271] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.170321][T10271] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 202.232391][T10276] loop0: detected capacity change from 0 to 8192 [ 202.330243][T10282] loop1: detected capacity change from 0 to 512 [ 202.594426][ T7646] kernel write not supported for file bpf-prog (pid: 7646 comm: kworker/1:8) [ 202.609465][T10296] 9pnet_fd: Insufficient options for proto=fd [ 202.756977][T10305] loop0: detected capacity change from 0 to 1024 [ 202.783167][T10305] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 202.805946][T10305] ext4 filesystem being mounted at /445/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 202.845241][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.858860][T10298] netlink: 8 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 202.861524][T10314] loop4: detected capacity change from 0 to 128 [ 202.897063][T10302] bio_check_eod: 8 callbacks suppressed [ 202.897179][T10302] syz.4.2406: attempt to access beyond end of device [ 202.897179][T10302] loop4: rw=34817, sector=102, nr_sectors = 32 limit=128 [ 203.013059][T10326] blktrace: Concurrent blktraces are not allowed on loop0 [ 203.023776][T10326] wireguard0: entered promiscuous mode [ 203.029488][T10326] wireguard0: entered allmulticast mode [ 203.131599][T10331] loop1: detected capacity change from 0 to 8192 [ 203.209017][T10335] FAULT_INJECTION: forcing a failure. [ 203.209017][T10335] name failslab, interval 1, probability 0, space 0, times 0 [ 203.221755][T10335] CPU: 0 UID: 0 PID: 10335 Comm: syz.0.2415 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 203.221792][T10335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 203.221809][T10335] Call Trace: [ 203.221896][T10335] [ 203.221906][T10335] __dump_stack+0x1d/0x30 [ 203.221928][T10335] dump_stack_lvl+0xe8/0x140 [ 203.221954][T10335] dump_stack+0x15/0x1b [ 203.221976][T10335] should_fail_ex+0x265/0x280 [ 203.222068][T10335] should_failslab+0x8c/0xb0 [ 203.222099][T10335] kmem_cache_alloc_node_noprof+0x57/0x320 [ 203.222260][T10335] ? __alloc_skb+0x101/0x320 [ 203.222292][T10335] __alloc_skb+0x101/0x320 [ 203.222322][T10335] netlink_alloc_large_skb+0xba/0xf0 [ 203.222360][T10335] netlink_sendmsg+0x3cf/0x6b0 [ 203.222428][T10335] ? __pfx_netlink_sendmsg+0x10/0x10 [ 203.222509][T10335] __sock_sendmsg+0x142/0x180 [ 203.222533][T10335] ____sys_sendmsg+0x31e/0x4e0 [ 203.222593][T10335] ___sys_sendmsg+0x17b/0x1d0 [ 203.222699][T10335] __x64_sys_sendmsg+0xd4/0x160 [ 203.222742][T10335] x64_sys_call+0x2999/0x2fb0 [ 203.222765][T10335] do_syscall_64+0xd2/0x200 [ 203.222799][T10335] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 203.222859][T10335] ? clear_bhb_loop+0x40/0x90 [ 203.222888][T10335] ? clear_bhb_loop+0x40/0x90 [ 203.222954][T10335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.222982][T10335] RIP: 0033:0x7f4d3e71e969 [ 203.223076][T10335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.223133][T10335] RSP: 002b:00007f4d3cd87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 203.223155][T10335] RAX: ffffffffffffffda RBX: 00007f4d3e945fa0 RCX: 00007f4d3e71e969 [ 203.223169][T10335] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000004 [ 203.223185][T10335] RBP: 00007f4d3cd87090 R08: 0000000000000000 R09: 0000000000000000 [ 203.223200][T10335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 203.223266][T10335] R13: 0000000000000000 R14: 00007f4d3e945fa0 R15: 00007ffcef838b28 [ 203.223287][T10335] [ 203.476033][T10341] loop0: detected capacity change from 0 to 1024 [ 203.486148][T10341] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 203.497155][T10341] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 203.507840][T10341] JBD2: no valid journal superblock found [ 203.513733][T10341] EXT4-fs (loop0): Could not load journal inode [ 203.882376][T10354] lo speed is unknown, defaulting to 1000 [ 204.150709][T10347] netlink: 8 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 204.874509][T10371] loop4: detected capacity change from 0 to 8192 [ 204.954597][T10374] lo speed is unknown, defaulting to 1000 [ 204.971517][T10373] loop2: detected capacity change from 0 to 8192 [ 205.493495][T10380] IPv6: NLM_F_REPLACE set, but no existing node found! [ 205.523848][ T30] kauditd_printk_skb: 1214 callbacks suppressed [ 205.523862][ T30] audit: type=1326 audit(1748928469.285:19481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10381 comm="syz.1.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 205.553930][ T30] audit: type=1326 audit(1748928469.285:19482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10381 comm="syz.1.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 205.577680][ T30] audit: type=1326 audit(1748928469.285:19483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10381 comm="syz.1.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 205.601284][ T30] audit: type=1326 audit(1748928469.285:19484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10381 comm="syz.1.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 205.669676][ T30] audit: type=1326 audit(1748928469.365:19485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10381 comm="syz.1.2429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4489a7e969 code=0x7ffc0000 [ 205.814558][ T30] audit: type=1326 audit(1748928469.575:19486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.2.2430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 205.838356][ T30] audit: type=1326 audit(1748928469.575:19487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.2.2430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 205.861974][ T30] audit: type=1326 audit(1748928469.575:19488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.2.2430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 205.885643][ T30] audit: type=1326 audit(1748928469.575:19489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.2.2430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 205.909410][ T30] audit: type=1326 audit(1748928469.575:19490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10389 comm="syz.2.2430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 206.052194][T10388] netlink: 8 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 206.201015][T10400] netlink: 8 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 206.209426][T10406] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2438'. [ 206.266817][T10413] loop4: detected capacity change from 0 to 1024 [ 206.273694][T10413] EXT4-fs: Ignoring removed i_version option [ 206.280441][T10413] EXT4-fs: Ignoring removed mblk_io_submit option [ 206.287160][T10413] EXT4-fs: Ignoring removed nobh option [ 206.292814][T10413] EXT4-fs: Ignoring removed bh option [ 206.310402][T10413] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 206.348269][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.602000][ T7646] Process accounting resumed [ 206.842527][T10449] blktrace: Concurrent blktraces are not allowed on loop4 [ 206.866499][T10449] wireguard0: entered promiscuous mode [ 206.872194][T10449] wireguard0: entered allmulticast mode [ 206.884204][T10452] 9pnet_fd: Insufficient options for proto=fd [ 207.036758][T10454] loop1: detected capacity change from 0 to 8192 [ 207.050201][T10454] vfat: Unknown parameter 'sched_switch' [ 207.106721][T10466] blktrace: Concurrent blktraces are not allowed on loop4 [ 207.110148][T10454] lo speed is unknown, defaulting to 1000 [ 207.120092][T10466] wireguard0: entered promiscuous mode [ 207.125604][T10466] wireguard0: entered allmulticast mode [ 207.196957][T10469] loop1: detected capacity change from 0 to 1024 [ 207.324028][T10469] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 207.560838][T10492] FAULT_INJECTION: forcing a failure. [ 207.560838][T10492] name failslab, interval 1, probability 0, space 0, times 0 [ 207.573646][T10492] CPU: 1 UID: 0 PID: 10492 Comm: syz.0.2470 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 207.573739][T10492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 207.573758][T10492] Call Trace: [ 207.573766][T10492] [ 207.573854][T10492] __dump_stack+0x1d/0x30 [ 207.573883][T10492] dump_stack_lvl+0xe8/0x140 [ 207.573903][T10492] dump_stack+0x15/0x1b [ 207.573920][T10492] should_fail_ex+0x265/0x280 [ 207.573946][T10492] should_failslab+0x8c/0xb0 [ 207.573981][T10492] kmem_cache_alloc_node_noprof+0x57/0x320 [ 207.574084][T10492] ? __alloc_skb+0x101/0x320 [ 207.574186][T10492] __alloc_skb+0x101/0x320 [ 207.574216][T10492] netlink_alloc_large_skb+0xba/0xf0 [ 207.574293][T10492] netlink_sendmsg+0x3cf/0x6b0 [ 207.574333][T10492] ? __pfx_netlink_sendmsg+0x10/0x10 [ 207.574420][T10492] __sock_sendmsg+0x142/0x180 [ 207.574450][T10492] ____sys_sendmsg+0x31e/0x4e0 [ 207.574569][T10492] ___sys_sendmsg+0x17b/0x1d0 [ 207.574673][T10492] __x64_sys_sendmsg+0xd4/0x160 [ 207.574721][T10492] x64_sys_call+0x2999/0x2fb0 [ 207.574812][T10492] do_syscall_64+0xd2/0x200 [ 207.574854][T10492] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 207.574889][T10492] ? clear_bhb_loop+0x40/0x90 [ 207.574917][T10492] ? clear_bhb_loop+0x40/0x90 [ 207.574983][T10492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.575011][T10492] RIP: 0033:0x7f4d3e71e969 [ 207.575032][T10492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 207.575095][T10492] RSP: 002b:00007f4d3cd87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 207.575120][T10492] RAX: ffffffffffffffda RBX: 00007f4d3e945fa0 RCX: 00007f4d3e71e969 [ 207.575136][T10492] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 207.575152][T10492] RBP: 00007f4d3cd87090 R08: 0000000000000000 R09: 0000000000000000 [ 207.575168][T10492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.575183][T10492] R13: 0000000000000000 R14: 00007f4d3e945fa0 R15: 00007ffcef838b28 [ 207.575207][T10492] [ 207.842071][T10497] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2472'. [ 207.858005][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.904836][T10499] loop3: detected capacity change from 0 to 512 [ 207.933317][T10499] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 207.951190][T10499] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 207.960537][T10499] System zones: 0-2, 18-18, 34-34 [ 207.968957][T10499] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.982388][T10499] ext4 filesystem being mounted at /509/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 208.007542][T10499] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 208.030400][T10499] IPv6: NLM_F_REPLACE set, but no existing node found! [ 208.050962][T10514] loop4: detected capacity change from 0 to 1024 [ 208.061592][T10514] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 208.072779][T10514] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 208.092140][T10514] JBD2: no valid journal superblock found [ 208.093740][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.098225][T10514] EXT4-fs (loop4): Could not load journal inode [ 208.270321][T10524] loop3: detected capacity change from 0 to 1024 [ 208.279402][T10524] EXT4-fs: Ignoring removed i_version option [ 208.296242][T10524] EXT4-fs: Ignoring removed mblk_io_submit option [ 208.304093][T10524] EXT4-fs: Ignoring removed nobh option [ 208.309776][T10524] EXT4-fs: Ignoring removed bh option [ 208.347220][T10524] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 208.352650][T10528] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2485'. [ 208.379616][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.428152][T10538] 9pnet_fd: Insufficient options for proto=fd [ 208.489161][T10545] loop3: detected capacity change from 0 to 512 [ 208.496761][T10545] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 208.508757][T10545] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 208.516838][T10545] System zones: 0-2, 18-18, 34-34 [ 208.523264][T10545] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 208.545586][T10545] ext4 filesystem being mounted at /517/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 208.560432][T10545] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 208.574277][T10545] IPv6: NLM_F_REPLACE set, but no existing node found! [ 208.597238][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.640126][T10555] netlink: 'syz.3.2492': attribute type 10 has an invalid length. [ 208.764001][ T7635] kernel write not supported for file bpf-prog (pid: 7635 comm: kworker/0:17) [ 208.775752][T10567] 9pnet_fd: Insufficient options for proto=fd [ 208.841663][T10574] loop0: detected capacity change from 0 to 512 [ 208.851749][T10574] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 208.887889][T10574] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 208.901873][T10574] System zones: 0-2, 18-18, 34-34 [ 208.912712][T10581] loop3: detected capacity change from 0 to 1024 [ 208.912763][T10574] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 208.947170][T10574] ext4 filesystem being mounted at /466/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 208.947268][T10581] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 208.972970][T10574] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 208.976594][T10578] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2503'. [ 208.996429][T10581] ext4 filesystem being mounted at /522/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 209.020290][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.032861][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.067878][T10586] netlink: 'syz.0.2505': attribute type 10 has an invalid length. [ 209.097776][T10590] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2507'. [ 209.161118][T10594] can0: slcan on ptm1. [ 209.214530][T10599] loop1: detected capacity change from 0 to 1024 [ 209.221306][T10597] loop2: detected capacity change from 0 to 1024 [ 209.222346][T10593] can0 (unregistered): slcan off ptm1. [ 209.239602][T10599] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.239817][T10597] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.268674][T10597] ext4 filesystem being mounted at /559/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 209.274204][T10599] ext4 filesystem being mounted at /488/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 209.298466][ T7635] kernel write not supported for file bpf-prog (pid: 7635 comm: kworker/0:17) [ 209.309984][T10605] 9pnet_fd: Insufficient options for proto=fd [ 209.338144][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.347820][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.358742][T10607] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2513'. [ 209.418764][T10612] loop2: detected capacity change from 0 to 1024 [ 209.425368][T10613] loop1: detected capacity change from 0 to 1024 [ 209.430902][T10612] EXT4-fs: Ignoring removed i_version option [ 209.438386][T10612] EXT4-fs: Ignoring removed mblk_io_submit option [ 209.445881][T10612] EXT4-fs: Ignoring removed nobh option [ 209.447295][T10613] EXT4-fs: Ignoring removed i_version option [ 209.451585][T10612] EXT4-fs: Ignoring removed bh option [ 209.468267][T10613] EXT4-fs: Ignoring removed mblk_io_submit option [ 209.475343][T10613] EXT4-fs: Ignoring removed nobh option [ 209.478478][T10612] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.481048][T10613] EXT4-fs: Ignoring removed bh option [ 209.513938][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.526021][T10613] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.583496][T10627] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2521'. [ 209.601745][T10625] 9pnet_fd: Insufficient options for proto=fd [ 209.608500][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.658241][ T7645] kernel write not supported for file bpf-prog (pid: 7645 comm: kworker/1:7) [ 209.689435][T10629] 9pnet_fd: Insufficient options for proto=fd [ 209.712628][T10635] loop0: detected capacity change from 0 to 1024 [ 209.746972][T10642] loop4: detected capacity change from 0 to 512 [ 209.754394][T10644] loop1: detected capacity change from 0 to 1024 [ 209.756437][T10635] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.761914][T10644] EXT4-fs: Ignoring removed i_version option [ 209.779331][T10644] EXT4-fs: Ignoring removed mblk_io_submit option [ 209.785891][T10644] EXT4-fs: Ignoring removed nobh option [ 209.791590][T10644] EXT4-fs: Ignoring removed bh option [ 209.798521][T10635] ext4 filesystem being mounted at /476/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 209.823462][T10642] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 209.831049][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.844253][T10644] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.878997][T10642] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 209.887105][T10642] System zones: 0-2, 18-18, 34-34 [ 209.901234][T10651] netlink: 'syz.2.2530': attribute type 10 has an invalid length. [ 209.909575][T10651] bond0: (slave batadv0): Error -22 calling dev_set_mtu [ 209.950956][T10642] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.001956][T10642] ext4 filesystem being mounted at /469/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 210.024093][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.034444][T10660] wireguard0: entered promiscuous mode [ 210.036335][T10642] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 210.040040][T10660] wireguard0: entered allmulticast mode [ 210.082132][T10665] FAULT_INJECTION: forcing a failure. [ 210.082132][T10665] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 210.095451][T10665] CPU: 1 UID: 0 PID: 10665 Comm: syz.1.2534 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 210.095488][T10665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 210.095505][T10665] Call Trace: [ 210.095513][T10665] [ 210.095560][T10665] __dump_stack+0x1d/0x30 [ 210.095588][T10665] dump_stack_lvl+0xe8/0x140 [ 210.095614][T10665] dump_stack+0x15/0x1b [ 210.095636][T10665] should_fail_ex+0x265/0x280 [ 210.095715][T10665] should_fail+0xb/0x20 [ 210.095733][T10665] should_fail_usercopy+0x1a/0x20 [ 210.095761][T10665] _copy_from_iter+0xcf/0xe40 [ 210.095853][T10665] ? __build_skb_around+0x1a0/0x200 [ 210.095984][T10665] ? __alloc_skb+0x223/0x320 [ 210.096021][T10665] netlink_sendmsg+0x471/0x6b0 [ 210.096059][T10665] ? __pfx_netlink_sendmsg+0x10/0x10 [ 210.096164][T10665] __sock_sendmsg+0x142/0x180 [ 210.096186][T10665] ____sys_sendmsg+0x31e/0x4e0 [ 210.096231][T10665] ___sys_sendmsg+0x17b/0x1d0 [ 210.096292][T10665] __x64_sys_sendmsg+0xd4/0x160 [ 210.096428][T10665] x64_sys_call+0x2999/0x2fb0 [ 210.096496][T10665] do_syscall_64+0xd2/0x200 [ 210.096528][T10665] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 210.096626][T10665] ? clear_bhb_loop+0x40/0x90 [ 210.096700][T10665] ? clear_bhb_loop+0x40/0x90 [ 210.096725][T10665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.096753][T10665] RIP: 0033:0x7f4489a7e969 [ 210.096773][T10665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 210.096870][T10665] RSP: 002b:00007f44880e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 210.096895][T10665] RAX: ffffffffffffffda RBX: 00007f4489ca5fa0 RCX: 00007f4489a7e969 [ 210.096910][T10665] RDX: 000000000000c000 RSI: 0000200000000080 RDI: 0000000000000006 [ 210.096922][T10665] RBP: 00007f44880e7090 R08: 0000000000000000 R09: 0000000000000000 [ 210.096952][T10665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 210.096969][T10665] R13: 0000000000000000 R14: 00007f4489ca5fa0 R15: 00007ffe75d54a78 [ 210.096995][T10665] [ 210.322136][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.396070][T10676] loop2: detected capacity change from 0 to 1024 [ 210.443574][T10676] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 210.455876][T10676] ext4 filesystem being mounted at /567/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 210.487769][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.525272][T10686] SELinux: policydb magic number 0x69662f2e does not match expected magic number 0xf97cff8c [ 210.535546][ T30] kauditd_printk_skb: 825 callbacks suppressed [ 210.535561][ T30] audit: type=1400 audit(1748928474.285:20316): avc: denied { load_policy } for pid=10671 comm="syz.3.2538" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 210.576367][T10677] siw: device registration error -23 [ 210.598725][T10686] SELinux: failed to load policy [ 210.776370][T10693] loop4: detected capacity change from 0 to 1024 [ 210.793383][T10693] EXT4-fs: Ignoring removed i_version option [ 210.811592][T10693] EXT4-fs: Ignoring removed mblk_io_submit option [ 210.830449][T10693] EXT4-fs: Ignoring removed nobh option [ 210.836089][T10693] EXT4-fs: Ignoring removed bh option [ 210.879454][T10693] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 210.900483][T10699] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=10699 comm=syz.2.2543 [ 210.992525][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.107118][T10707] loop3: detected capacity change from 0 to 512 [ 211.121172][T10707] ext4: Unknown parameter 'dont_measure' [ 211.186565][T10709] loop4: detected capacity change from 0 to 512 [ 211.212881][T10709] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 211.239872][T10711] FAULT_INJECTION: forcing a failure. [ 211.239872][T10711] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.253184][T10711] CPU: 1 UID: 0 PID: 10711 Comm: syz.0.2548 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 211.253271][T10711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.253289][T10711] Call Trace: [ 211.253298][T10711] [ 211.253339][T10711] __dump_stack+0x1d/0x30 [ 211.253367][T10711] dump_stack_lvl+0xe8/0x140 [ 211.253391][T10711] dump_stack+0x15/0x1b [ 211.253412][T10711] should_fail_ex+0x265/0x280 [ 211.253436][T10711] should_fail+0xb/0x20 [ 211.253463][T10711] should_fail_usercopy+0x1a/0x20 [ 211.253550][T10711] _copy_from_user+0x1c/0xb0 [ 211.253585][T10711] ___sys_sendmsg+0xc1/0x1d0 [ 211.253645][T10711] __x64_sys_sendmsg+0xd4/0x160 [ 211.253768][T10711] x64_sys_call+0x2999/0x2fb0 [ 211.253798][T10711] do_syscall_64+0xd2/0x200 [ 211.253847][T10711] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 211.253889][T10711] ? clear_bhb_loop+0x40/0x90 [ 211.253950][T10711] ? clear_bhb_loop+0x40/0x90 [ 211.253973][T10711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.254052][T10711] RIP: 0033:0x7f4d3e71e969 [ 211.254072][T10711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.254097][T10711] RSP: 002b:00007f4d3cd87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.254123][T10711] RAX: ffffffffffffffda RBX: 00007f4d3e945fa0 RCX: 00007f4d3e71e969 [ 211.254139][T10711] RDX: 0000000004000044 RSI: 00002000000000c0 RDI: 0000000000000007 [ 211.254153][T10711] RBP: 00007f4d3cd87090 R08: 0000000000000000 R09: 0000000000000000 [ 211.254231][T10711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.254247][T10711] R13: 0000000000000000 R14: 00007f4d3e945fa0 R15: 00007ffcef838b28 [ 211.254352][T10711] [ 211.450696][T10713] loop3: detected capacity change from 0 to 128 [ 211.460011][T10709] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 211.518037][T10709] System zones: 0-2, 18-18, 34-34 [ 211.536871][ T30] audit: type=1326 audit(1748928475.295:20317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10712 comm="syz.3.2549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 211.560629][ T30] audit: type=1326 audit(1748928475.295:20318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10712 comm="syz.3.2549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5cfde969 code=0x7ffc0000 [ 211.591933][T10709] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 211.599675][T10721] loop2: detected capacity change from 0 to 1024 [ 211.604968][T10709] ext4 filesystem being mounted at /473/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 211.621122][ T30] audit: type=1326 audit(1748928475.385:20319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10718 comm="syz.0.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d3e71e969 code=0x7ffc0000 [ 211.644946][ T30] audit: type=1326 audit(1748928475.385:20320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10718 comm="syz.0.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d3e71e969 code=0x7ffc0000 [ 211.669388][ T30] audit: type=1326 audit(1748928475.415:20321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10718 comm="syz.0.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f4d3e71e969 code=0x7ffc0000 [ 211.674208][T10709] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 211.693045][ T30] audit: type=1326 audit(1748928475.415:20322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10718 comm="syz.0.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d3e71e969 code=0x7ffc0000 [ 211.727287][ T30] audit: type=1326 audit(1748928475.415:20323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10718 comm="syz.0.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d3e71e969 code=0x7ffc0000 [ 211.732886][T10723] netlink: 'syz.1.2551': attribute type 10 has an invalid length. [ 211.735837][T10721] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 211.735951][T10721] ext4 filesystem being mounted at /570/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 211.736315][T10723] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.738726][T10723] bond0: (slave team0): Enslaving as an active interface with an up link [ 211.775049][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.863841][T10733] loop2: detected capacity change from 0 to 1024 [ 211.864220][T10733] EXT4-fs: Ignoring removed i_version option [ 211.864256][T10733] EXT4-fs: Ignoring removed mblk_io_submit option [ 211.864389][T10733] EXT4-fs: Ignoring removed nobh option [ 211.864417][T10733] EXT4-fs: Ignoring removed bh option [ 211.883709][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.885250][T10733] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 211.927776][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.005819][ T30] audit: type=1326 audit(1748928475.765:20324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10747 comm="syz.4.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 212.005863][ T30] audit: type=1326 audit(1748928475.765:20325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10747 comm="syz.4.2561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77f51be969 code=0x7ffc0000 [ 212.063118][T10746] pim6reg1: entered promiscuous mode [ 212.068542][T10746] pim6reg1: entered allmulticast mode [ 212.135968][T10752] loop0: detected capacity change from 0 to 1024 [ 212.168074][T10752] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 212.179100][T10752] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 212.214513][T10752] JBD2: no valid journal superblock found [ 212.220344][T10752] EXT4-fs (loop0): Could not load journal inode [ 212.231148][T10764] loop1: detected capacity change from 0 to 512 [ 212.288431][T10764] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 212.350584][T10764] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 212.359154][T10764] System zones: 0-2, 18-18, 34-34 [ 212.365464][T10764] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 212.387985][T10782] FAULT_INJECTION: forcing a failure. [ 212.387985][T10782] name failslab, interval 1, probability 0, space 0, times 0 [ 212.400701][T10782] CPU: 0 UID: 0 PID: 10782 Comm: syz.0.2575 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 212.400815][T10782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 212.400829][T10782] Call Trace: [ 212.400837][T10782] [ 212.400847][T10782] __dump_stack+0x1d/0x30 [ 212.400891][T10782] dump_stack_lvl+0xe8/0x140 [ 212.400940][T10782] dump_stack+0x15/0x1b [ 212.400961][T10782] should_fail_ex+0x265/0x280 [ 212.400987][T10782] should_failslab+0x8c/0xb0 [ 212.401013][T10782] __kmalloc_cache_node_noprof+0x54/0x320 [ 212.401130][T10782] ? __get_vm_area_node+0x106/0x1d0 [ 212.401168][T10782] __get_vm_area_node+0x106/0x1d0 [ 212.401202][T10782] __vmalloc_node_range_noprof+0x273/0xe00 [ 212.401273][T10782] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 212.401310][T10782] ? mntput_no_expire+0x6f/0x3c0 [ 212.401349][T10782] ? __rcu_read_unlock+0x4f/0x70 [ 212.401457][T10782] ? selinux_capable+0x1f9/0x270 [ 212.401531][T10782] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 212.401573][T10782] __vmalloc_noprof+0x83/0xc0 [ 212.401683][T10782] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 212.401726][T10782] bpf_prog_alloc_no_stats+0x47/0x390 [ 212.401764][T10782] ? bpf_prog_alloc+0x2a/0x150 [ 212.401799][T10782] bpf_prog_alloc+0x3c/0x150 [ 212.401884][T10782] bpf_prog_load+0x514/0x1070 [ 212.401926][T10782] ? security_bpf+0x2b/0x90 [ 212.401952][T10782] __sys_bpf+0x51d/0x790 [ 212.401978][T10782] __x64_sys_bpf+0x41/0x50 [ 212.402050][T10782] x64_sys_call+0x2478/0x2fb0 [ 212.402077][T10782] do_syscall_64+0xd2/0x200 [ 212.402115][T10782] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 212.402185][T10782] ? clear_bhb_loop+0x40/0x90 [ 212.402213][T10782] ? clear_bhb_loop+0x40/0x90 [ 212.402241][T10782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.402264][T10782] RIP: 0033:0x7f4d3e71e969 [ 212.402279][T10782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.402344][T10782] RSP: 002b:00007f4d3cd87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 212.402367][T10782] RAX: ffffffffffffffda RBX: 00007f4d3e945fa0 RCX: 00007f4d3e71e969 [ 212.402383][T10782] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005 [ 212.402399][T10782] RBP: 00007f4d3cd87090 R08: 0000000000000000 R09: 0000000000000000 [ 212.402412][T10782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.402424][T10782] R13: 0000000000000001 R14: 00007f4d3e945fa0 R15: 00007ffcef838b28 [ 212.402442][T10782] [ 212.402450][T10782] syz.0.2575: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null) [ 212.472280][T10764] ext4 filesystem being mounted at /498/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 212.475672][T10782] ,cpuset= [ 212.561548][T10784] loop3: detected capacity change from 0 to 8192 [ 212.564821][T10782] /,mems_allowed=0 [ 212.564852][T10782] CPU: 0 UID: 0 PID: 10782 Comm: syz.0.2575 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 212.564936][T10782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 212.564954][T10782] Call Trace: [ 212.564965][T10782] [ 212.564976][T10782] __dump_stack+0x1d/0x30 [ 212.565007][T10782] dump_stack_lvl+0xe8/0x140 [ 212.565034][T10782] dump_stack+0x15/0x1b [ 212.565093][T10782] warn_alloc+0x12b/0x1a0 [ 212.565146][T10782] __vmalloc_node_range_noprof+0x297/0xe00 [ 212.565197][T10782] ? mntput_no_expire+0x6f/0x3c0 [ 212.565241][T10782] ? __rcu_read_unlock+0x4f/0x70 [ 212.565367][T10782] ? selinux_capable+0x1f9/0x270 [ 212.565524][T10782] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 212.565627][T10782] __vmalloc_noprof+0x83/0xc0 [ 212.565668][T10782] ? bpf_prog_alloc_no_stats+0x47/0x390 [ 212.565701][T10782] bpf_prog_alloc_no_stats+0x47/0x390 [ 212.565797][T10782] ? bpf_prog_alloc+0x2a/0x150 [ 212.565841][T10782] bpf_prog_alloc+0x3c/0x150 [ 212.565886][T10782] bpf_prog_load+0x514/0x1070 [ 212.565923][T10782] ? security_bpf+0x2b/0x90 [ 212.565988][T10782] __sys_bpf+0x51d/0x790 [ 212.566023][T10782] __x64_sys_bpf+0x41/0x50 [ 212.566065][T10782] x64_sys_call+0x2478/0x2fb0 [ 212.566095][T10782] do_syscall_64+0xd2/0x200 [ 212.566156][T10782] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 212.566193][T10782] ? clear_bhb_loop+0x40/0x90 [ 212.566296][T10782] ? clear_bhb_loop+0x40/0x90 [ 212.566329][T10782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.566359][T10782] RIP: 0033:0x7f4d3e71e969 [ 212.566445][T10782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.566471][T10782] RSP: 002b:00007f4d3cd87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 212.566503][T10782] RAX: ffffffffffffffda RBX: 00007f4d3e945fa0 RCX: 00007f4d3e71e969 [ 212.566521][T10782] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005 [ 212.566539][T10782] RBP: 00007f4d3cd87090 R08: 0000000000000000 R09: 0000000000000000 [ 212.566563][T10782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.566656][T10782] R13: 0000000000000001 R14: 00007f4d3e945fa0 R15: 00007ffcef838b28 [ 212.566682][T10782] [ 212.566709][T10782] Mem-Info: [ 212.576004][T10764] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 212.579912][T10782] active_anon:16478 inactive_anon:8 isolated_anon:0 [ 212.579912][T10782] active_file:13612 inactive_file:12515 isolated_file:0 [ 212.579912][T10782] unevictable:0 dirty:371 writeback:0 [ 212.579912][T10782] slab_reclaimable:3241 slab_unreclaimable:15598 [ 212.579912][T10782] mapped:30054 shmem:4126 pagetables:1444 [ 212.579912][T10782] sec_pagetables:0 bounce:0 [ 212.579912][T10782] kernel_misc_reclaimable:0 [ 212.579912][T10782] free:1819116 free_pcp:34120 free_cma:0 [ 212.684657][T10773] SELinux: policydb magic number 0x69662f2e does not match expected magic number 0xf97cff8c [ 212.685114][T10782] Node 0 active_anon:65912kB inactive_anon:32kB active_file:54448kB inactive_file:50060kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:120216kB dirty:1484kB writeback:0kB shmem:16504kB writeback_tmp:0kB kernel_stack:3408kB pagetables:5776kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 212.690106][T10773] SELinux: failed to load policy [ 212.701076][T10782] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 212.878869][T10790] loop4: detected capacity change from 0 to 512 [ 212.884861][T10782] lowmem_reserve[]: 0 2882 7861 7861 [ 212.884894][T10782] Node 0 DMA32 free:2947808kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951436kB mlocked:0kB bounce:0kB free_pcp:3628kB local_pcp:100kB free_cma:0kB [ 212.917810][T10790] EXT4-fs: Ignoring removed nobh option [ 212.925680][T10782] lowmem_reserve[]: [ 212.991256][T10790] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 213.010125][T10782] 0 0 4978 4978 [ 213.010162][T10782] Node 0 Normal free:4313296kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:49788kB inactive_anon:32kB active_file:54448kB inactive_file:50060kB unevictable:0kB writepending:1484kB present:5242880kB managed:5098232kB mlocked:0kB bounce:0kB free_pcp:148428kB local_pcp:61168kB free_cma:0kB [ 213.016466][T10790] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #13: comm syz.4.2579: casefold flag without casefold feature [ 213.043762][T10782] lowmem_reserve[]: 0 0 0 0 [ 213.043802][T10782] Node 0 DMA: 0*4kB 0*8kB [ 213.052113][T10790] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.2579: couldn't read orphan inode 13 (err -117) [ 213.055369][T10782] 0*16kB 0*32kB 0*64kB [ 213.088995][T10790] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 213.091122][T10782] 0*128kB [ 213.095579][T10790] FAULT_INJECTION: forcing a failure. [ 213.095579][T10790] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 213.103087][T10782] 0*256kB 0*512kB [ 213.106669][T10790] CPU: 1 UID: 0 PID: 10790 Comm: syz.4.2579 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 213.106751][T10790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 213.106770][T10790] Call Trace: [ 213.106779][T10790] [ 213.106790][T10790] __dump_stack+0x1d/0x30 [ 213.106867][T10790] dump_stack_lvl+0xe8/0x140 [ 213.106895][T10790] dump_stack+0x15/0x1b [ 213.106918][T10790] should_fail_ex+0x265/0x280 [ 213.106947][T10790] should_fail+0xb/0x20 [ 213.106972][T10790] should_fail_usercopy+0x1a/0x20 [ 213.107004][T10790] _copy_from_user+0x1c/0xb0 [ 213.107077][T10790] do_ipt_set_ctl+0x3a0/0x820 [ 213.107125][T10790] nf_setsockopt+0x196/0x1b0 [ 213.107315][T10790] ip_setsockopt+0x102/0x110 [ 213.107351][T10790] udp_setsockopt+0x99/0xb0 [ 213.107455][T10790] sock_common_setsockopt+0x66/0x80 [ 213.107488][T10790] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 213.107521][T10790] __sys_setsockopt+0x184/0x200 [ 213.107569][T10790] __x64_sys_setsockopt+0x64/0x80 [ 213.107622][T10790] x64_sys_call+0x2bd5/0x2fb0 [ 213.107652][T10790] do_syscall_64+0xd2/0x200 [ 213.107713][T10790] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 213.107809][T10790] ? clear_bhb_loop+0x40/0x90 [ 213.107838][T10790] ? clear_bhb_loop+0x40/0x90 [ 213.107948][T10790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.108048][T10790] RIP: 0033:0x7f77f51be969 [ 213.108068][T10790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.108094][T10790] RSP: 002b:00007f77f3827038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 213.108147][T10790] RAX: ffffffffffffffda RBX: 00007f77f53e5fa0 RCX: 00007f77f51be969 [ 213.108165][T10790] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004 [ 213.108183][T10790] RBP: 00007f77f3827090 R08: 0000000000000538 R09: 0000000000000000 [ 213.108201][T10790] R10: 0000200000000540 R11: 0000000000000246 R12: 0000000000000001 [ 213.108218][T10790] R13: 0000000000000000 R14: 00007f77f53e5fa0 R15: 00007ffc0ada2e38 [ 213.108250][T10790] [ 213.415213][T10782] 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 213.421869][T10782] Node 0 DMA32: 4*4kB (M) 2*8kB (M) 2*16kB (M) 1*32kB (M) 2*64kB (M) 2*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947808kB [ 213.438055][T10782] Node 0 Normal: 1957*4kB (UME) 1367*8kB (UM) 606*16kB (UME) 536*32kB (UME) 279*64kB (UME) 179*128kB (UME) 142*256kB (UM) 125*512kB (UM) 113*1024kB (UME) 64*2048kB (UME) 949*4096kB (UM) = 4320620kB [ 213.457827][T10782] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 213.467177][T10782] 30335 total pagecache pages [ 213.472014][T10782] 14 pages in swap cache [ 213.476298][T10782] Free swap = 124868kB [ 213.480482][T10782] Total swap = 124996kB [ 213.484650][T10782] 2097051 pages RAM [ 213.488729][T10782] 0 pages HighMem/MovableOnly [ 213.493442][T10782] 80794 pages reserved [ 213.501327][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.553951][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.563859][T10799] netlink: 232 bytes leftover after parsing attributes in process `syz.4.2580'. [ 213.581087][T10801] netlink: 'syz.0.2583': attribute type 39 has an invalid length. [ 213.618771][T10807] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2582'. [ 213.630514][T10808] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2585'. [ 213.706370][T10799] loop4: detected capacity change from 0 to 2048 [ 213.808275][T10824] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2580'. [ 213.812044][T10823] FAULT_INJECTION: forcing a failure. [ 213.812044][T10823] name failslab, interval 1, probability 0, space 0, times 0 [ 213.828286][T10799] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2580'. [ 213.830522][T10823] CPU: 1 UID: 0 PID: 10823 Comm: syz.3.2591 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 213.830561][T10823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 213.830580][T10823] Call Trace: [ 213.830589][T10823] [ 213.830601][T10823] __dump_stack+0x1d/0x30 [ 213.830670][T10823] dump_stack_lvl+0xe8/0x140 [ 213.830699][T10823] dump_stack+0x15/0x1b [ 213.830722][T10823] should_fail_ex+0x265/0x280 [ 213.830752][T10823] should_failslab+0x8c/0xb0 [ 213.830826][T10823] kmem_cache_alloc_node_noprof+0x57/0x320 [ 213.830937][T10823] ? __alloc_skb+0x101/0x320 [ 213.830976][T10823] __alloc_skb+0x101/0x320 [ 213.831009][T10823] ? audit_log_start+0x365/0x6c0 [ 213.831091][T10823] audit_log_start+0x380/0x6c0 [ 213.831142][T10823] audit_seccomp+0x48/0x100 [ 213.831181][T10823] ? __seccomp_filter+0x68c/0x10d0 [ 213.831279][T10823] __seccomp_filter+0x69d/0x10d0 [ 213.831315][T10823] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 213.831349][T10823] ? vfs_write+0x75e/0x8e0 [ 213.831430][T10823] __secure_computing+0x82/0x150 [ 213.831465][T10823] syscall_trace_enter+0xcf/0x1e0 [ 213.831527][T10823] do_syscall_64+0xac/0x200 [ 213.831679][T10823] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 213.831716][T10823] ? clear_bhb_loop+0x40/0x90 [ 213.831747][T10823] ? clear_bhb_loop+0x40/0x90 [ 213.831782][T10823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.831812][T10823] RIP: 0033:0x7fad5cfde969 [ 213.831833][T10823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.831859][T10823] RSP: 002b:00007fad5b647038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b7 [ 213.831885][T10823] RAX: ffffffffffffffda RBX: 00007fad5d205fa0 RCX: 00007fad5cfde969 [ 213.831939][T10823] RDX: 0000000000000001 RSI: 0000200000000880 RDI: 0000000000000006 [ 213.831956][T10823] RBP: 00007fad5b647090 R08: 0000000000000000 R09: 0000000000000000 [ 213.832054][T10823] R10: 0000000000001100 R11: 0000000000000246 R12: 0000000000000001 [ 213.832071][T10823] R13: 0000000000000000 R14: 00007fad5d205fa0 R15: 00007fff3691cc58 [ 213.832098][T10823] [ 213.951912][T10833] netlink: 'syz.0.2592': attribute type 27 has an invalid length. [ 214.062561][T10826] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 214.078949][T10835] loop2: detected capacity change from 0 to 1024 [ 214.096007][T10835] EXT4-fs: Ignoring removed i_version option [ 214.112204][T10835] EXT4-fs: Ignoring removed mblk_io_submit option [ 214.120363][T10835] EXT4-fs: Ignoring removed nobh option [ 214.126043][T10835] EXT4-fs: Ignoring removed bh option [ 214.142985][T10843] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2596'. [ 214.157427][T10835] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 214.199869][T10845] netlink: 'syz.3.2597': attribute type 39 has an invalid length. [ 214.214061][T10826] netlink: 'syz.0.2592': attribute type 13 has an invalid length. [ 214.240938][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.257108][T10833] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.264432][T10833] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.323108][T10853] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2598'. [ 214.348628][T10833] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.361190][T10833] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 214.448646][T10833] ipvlan0: left allmulticast mode [ 214.453839][T10833] veth0_vlan: left allmulticast mode [ 214.504618][T10833] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.513840][T10833] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.522904][T10833] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.531930][T10833] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.557010][T10865] loop2: detected capacity change from 0 to 1024 [ 214.576669][T10865] EXT4-fs: Ignoring removed i_version option [ 214.586865][T10865] EXT4-fs: Ignoring removed mblk_io_submit option [ 214.606527][T10833] bond1: left promiscuous mode [ 214.611557][T10833] bridge2: left promiscuous mode [ 214.614339][T10865] EXT4-fs: Ignoring removed nobh option [ 214.622229][T10865] EXT4-fs: Ignoring removed bh option [ 214.671072][T10865] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 214.729961][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.740102][T10873] loop3: detected capacity change from 0 to 1024 [ 214.748482][T10873] EXT4-fs: Ignoring removed i_version option [ 214.754991][T10873] EXT4-fs: Ignoring removed mblk_io_submit option [ 214.761986][T10873] EXT4-fs: Ignoring removed nobh option [ 214.767667][T10873] EXT4-fs: Ignoring removed bh option [ 214.801499][T10873] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 214.850551][T10884] loop0: detected capacity change from 0 to 512 [ 214.866184][T10884] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 214.894905][T10884] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 214.906138][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.916741][T10884] System zones: 0-2, 18-18, 34-34 [ 214.924281][T10884] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 214.937131][T10884] ext4 filesystem being mounted at /494/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 214.951275][T10884] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 214.990499][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.066870][T10899] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2615'. [ 215.132051][T10904] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2617'. [ 215.415331][T10926] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2626'. [ 215.472307][T10932] loop4: detected capacity change from 0 to 164 [ 215.480023][T10932] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 215.505389][T10932] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 215.513919][T10932] Symlink component flag not implemented [ 215.514352][T10934] netlink: 'syz.2.2630': attribute type 39 has an invalid length. [ 215.519655][T10932] Symlink component flag not implemented [ 215.521134][T10932] Symlink component flag not implemented (7) [ 215.539298][T10932] Symlink component flag not implemented (116) [ 215.545613][ T30] kauditd_printk_skb: 306 callbacks suppressed [ 215.545626][ T30] audit: type=1326 audit(1748928479.295:20630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10933 comm="syz.2.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 215.575875][ T30] audit: type=1326 audit(1748928479.295:20631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10933 comm="syz.2.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 215.599513][ T30] audit: type=1326 audit(1748928479.295:20632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10933 comm="syz.2.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 215.623256][ T30] audit: type=1326 audit(1748928479.295:20633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10933 comm="syz.2.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 215.647011][ T30] audit: type=1326 audit(1748928479.295:20634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10933 comm="syz.2.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 215.670811][ T30] audit: type=1326 audit(1748928479.295:20635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10933 comm="syz.2.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 215.694547][ T30] audit: type=1326 audit(1748928479.295:20636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10933 comm="syz.2.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 215.718313][ T30] audit: type=1326 audit(1748928479.295:20637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10933 comm="syz.2.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 215.742141][ T30] audit: type=1326 audit(1748928479.305:20638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10933 comm="syz.2.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 215.766020][ T30] audit: type=1326 audit(1748928479.305:20639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10933 comm="syz.2.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89f950e969 code=0x7ffc0000 [ 215.891004][T10947] loop4: detected capacity change from 0 to 1024 [ 215.914154][T10947] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 215.925302][T10947] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 215.940014][T10947] JBD2: no valid journal superblock found [ 215.945819][T10947] EXT4-fs (loop4): Could not load journal inode [ 215.996526][T10962] loop3: detected capacity change from 0 to 1024 [ 216.004484][T10962] EXT4-fs: Ignoring removed i_version option [ 216.011215][T10962] EXT4-fs: Ignoring removed mblk_io_submit option [ 216.019244][T10962] EXT4-fs: Ignoring removed nobh option [ 216.025022][T10962] EXT4-fs: Ignoring removed bh option [ 216.062200][T10962] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 216.105524][T10970] FAULT_INJECTION: forcing a failure. [ 216.105524][T10970] name failslab, interval 1, probability 0, space 0, times 0 [ 216.118301][T10970] CPU: 1 UID: 0 PID: 10970 Comm: syz.4.2643 Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 216.118339][T10970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 216.118356][T10970] Call Trace: [ 216.118365][T10970] [ 216.118375][T10970] __dump_stack+0x1d/0x30 [ 216.118403][T10970] dump_stack_lvl+0xe8/0x140 [ 216.118472][T10970] dump_stack+0x15/0x1b [ 216.118494][T10970] should_fail_ex+0x265/0x280 [ 216.118585][T10970] should_failslab+0x8c/0xb0 [ 216.118618][T10970] __kmalloc_noprof+0xa5/0x3e0 [ 216.118669][T10970] ? io_cache_alloc_new+0x2a/0xb0 [ 216.118710][T10970] io_cache_alloc_new+0x2a/0xb0 [ 216.118736][T10970] io_sqe_buffer_register+0xf2/0x12f0 [ 216.118773][T10970] ? __memcg_slab_post_alloc_hook+0x44c/0x580 [ 216.118821][T10970] ? __kvmalloc_node_noprof+0x39b/0x4f0 [ 216.118858][T10970] ? io_sqe_buffers_register+0xc2/0x530 [ 216.118942][T10970] io_sqe_buffers_register+0x2ac/0x530 [ 216.119061][T10970] __se_sys_io_uring_register+0xa9f/0xeb0 [ 216.119089][T10970] ? fput+0x8f/0xc0 [ 216.119120][T10970] ? ksys_write+0x192/0x1a0 [ 216.119145][T10970] __x64_sys_io_uring_register+0x55/0x70 [ 216.119219][T10970] x64_sys_call+0xc91/0x2fb0 [ 216.119243][T10970] do_syscall_64+0xd2/0x200 [ 216.119351][T10970] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 216.119380][T10970] ? clear_bhb_loop+0x40/0x90 [ 216.119404][T10970] ? clear_bhb_loop+0x40/0x90 [ 216.119502][T10970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.119525][T10970] RIP: 0033:0x7f77f51be969 [ 216.119541][T10970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 216.119560][T10970] RSP: 002b:00007f77f3827038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 216.119580][T10970] RAX: ffffffffffffffda RBX: 00007f77f53e5fa0 RCX: 00007f77f51be969 [ 216.119594][T10970] RDX: 00002000000002c0 RSI: 0000000000000000 RDI: 0000000000000006 [ 216.119607][T10970] RBP: 00007f77f3827090 R08: 0000000000000000 R09: 0000000000000000 [ 216.119644][T10970] R10: 100000000000011a R11: 0000000000000246 R12: 0000000000000001 [ 216.119656][T10970] R13: 0000000000000000 R14: 00007f77f53e5fa0 R15: 00007ffc0ada2e38 [ 216.119677][T10970] [ 216.376378][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.511790][T10983] loop4: detected capacity change from 0 to 512 [ 216.583196][T10994] loop3: detected capacity change from 0 to 1024 [ 216.618331][T10994] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 216.644510][T10994] ext4 filesystem being mounted at /547/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 216.818993][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.899813][T11004] loop4: detected capacity change from 0 to 1024 [ 216.910060][T10995] loop0: detected capacity change from 0 to 128 [ 216.926817][T11004] EXT4-fs: Ignoring removed i_version option [ 216.945621][T10995] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 216.985691][T11004] EXT4-fs: Ignoring removed mblk_io_submit option [ 217.010915][T11004] EXT4-fs: Ignoring removed nobh option [ 217.016553][T11004] EXT4-fs: Ignoring removed bh option [ 217.023624][T10995] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 217.119967][T11004] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 217.252289][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.255403][T10991] SELinux: failed to load policy [ 217.368074][T11026] netlink: 'syz.4.2667': attribute type 39 has an invalid length. [ 217.412428][T11027] loop3: detected capacity change from 0 to 512 [ 217.445327][T11030] loop2: detected capacity change from 0 to 1024 [ 217.454422][T11032] 9pnet_fd: Insufficient options for proto=fd [ 217.486799][T11030] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 217.504173][T11030] ext4 filesystem being mounted at /598/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 217.517351][ T3499] ================================================================== [ 217.525491][ T3499] BUG: KCSAN: data-race in fill_mg_cmtime / shmem_mknod [ 217.532455][ T3499] [ 217.534785][ T3499] write to 0xffff8881034cef74 of 4 bytes by task 3306 on cpu 1: [ 217.542422][ T3499] shmem_mknod+0x137/0x180 [ 217.546861][ T3499] shmem_create+0x34/0x50 [ 217.551205][ T3499] path_openat+0x1105/0x2170 [ 217.555803][ T3499] do_filp_open+0x109/0x230 [ 217.560318][ T3499] do_sys_openat2+0xa6/0x110 [ 217.564936][ T3499] __x64_sys_openat+0xf2/0x120 [ 217.569732][ T3499] x64_sys_call+0x1af/0x2fb0 [ 217.574355][ T3499] do_syscall_64+0xd2/0x200 [ 217.578895][ T3499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.584844][ T3499] [ 217.587179][ T3499] read to 0xffff8881034cef74 of 4 bytes by task 3499 on cpu 0: [ 217.594732][ T3499] fill_mg_cmtime+0x5b/0x260 [ 217.599352][ T3499] generic_fillattr+0x24a/0x340 [ 217.604223][ T3499] shmem_getattr+0x181/0x200 [ 217.608832][ T3499] vfs_getattr_nosec+0x146/0x1e0 [ 217.613794][ T3499] vfs_statx+0x113/0x390 [ 217.618057][ T3499] vfs_fstatat+0x115/0x170 [ 217.622494][ T3499] __se_sys_newfstatat+0x55/0x260 [ 217.627544][ T3499] __x64_sys_newfstatat+0x55/0x70 [ 217.632593][ T3499] x64_sys_call+0x2c22/0x2fb0 [ 217.637285][ T3499] do_syscall_64+0xd2/0x200 [ 217.641814][ T3499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.647727][ T3499] [ 217.650055][ T3499] value changed: 0x1127570b -> 0x112bbe24 [ 217.655780][ T3499] [ 217.658109][ T3499] Reported by Kernel Concurrency Sanitizer on: [ 217.664276][ T3499] CPU: 0 UID: 0 PID: 3499 Comm: udevd Not tainted 6.15.0-syzkaller-11121-gfe4281644c62 #0 PREEMPT(voluntary) [ 217.675930][ T3499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 217.686008][ T3499] ================================================================== [ 217.739064][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.