last executing test programs: 1.752709494s ago: executing program 0 (id=468): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="30000000130001"], 0x30}, 0x1, 0x0, 0x0, 0x8004}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r1, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="100100002700010000000000000000000001008024d4e3455c7216da3484447f8a081f930884b55764ca84de3d0e7bc8d6f29cd84ba9408cf2351604f1724e10a8fcc3988de886d82375980e92a1ba2f8410b06773cbbf6293af17222761aa1289e6a8f1d8b53d1d97f2f820a715ce709fcaa40a70dc4c98ebbe761c0eec46d4f50508215e72fc781a471b1a7c769a074f2d6388253cfdd4b0e37a788fbb7296ae39bb35439c66437fa3347adfaca46f74fbc95f1b070287096cc9bdc953ea637c118a68a8ddc03aa44e8aa8ca5dac063a2d0000008bb982eb4ec7e08b552a2807c00bbf76d79b02c6a4f3eba1267e29e89d27673db50050419e278e613000000018bbfb3f1a62e1bc87ff925d8f1dbfb9719968b842c473533b8ef67d852d94722de0bdaac8c1e2a755132e7aa2ad42b0ccc8be5226687c0800adaf2e"], 0x110}], 0x1}, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r0}, 0x8) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, 0x0, 0x20008804) syz_mount_image$msdos(&(0x7f0000000340), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000400)={[{@nodots}, {@nodots}, {@fat=@errors_continue}, {@fat=@check_strict}, {@fat=@dos1xfloppy}, {@dots}, {@fat=@dmask={'dmask', 0x3d, 0x5}}, {@fat=@tz_utc}, {@nodots}, {@nodots}, {@nodots}]}, 0x0, 0x237, &(0x7f0000000480)="$eJzs3EFrM0UcB+CJaZs2paUnQU+DXvQStFc9KFKhGFCsKepB2NKthsSkZHNIPOXsyc/g0YNevAl+g34J9VaE0ouCYKTdtElaLfVt9y28fZ5L/zu/nd2Z7mYJE9jjN7/5snWQ1Q6S/u5ypRSeeyuM/vhrnAu5UXj1h49Pv95ZCnNijOvjSl6v7v64/lMlHG18dnyy+dvR80cvHP/90RfNLDaz2On2YxL3ut1+stdO434za9Vi/KCdJlkam50s7c3lB+3u4eEwJp39tephL82ymHSGsZUOY78b+71hTD5Pmp1Yq9XiWjVwF43v/hyPw8nZta6MwvSK81i4/o/bziefvvd2vb71YYzLIfw+GjQGjfxvnr+7Xd96LZ7bmPY6HQwa5cv89TyPM4cdDBqLoTrJN6/lZ/2Xwisv5/lZ9s779Sv5StgvfPYAAAAAAPBsqsVL19f3S5PN+fzX6vn6fr4x8/tAvn7/7c+T/gvhxYWnPBkAAADgX2XDr1pJu532ZotftkOYaSmHEKb7rIT5ne+/WAzttLcQ5qOLARd10kKKUsgXUaYtb4Q7HnlcCaH4wZcn/+2r0dJFy8pN908Rt8TceMrXBna3YvWyJWzcrlf5vmf6feEfq/9Z3PDQeKm45xEAAFCc6Zf+hx4JAAAAAAAAAAAAAAAAAAAAPF63eB/Yxavenvh1YtOzlR5qmgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/+mfAAAA///s9FOv") r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="180000003800ffcf000000000000000003"], 0x18}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021bc0000000c0a01010000000003f40000070000000900020073797a31000000000900010073797a3000000000900003808c000080080003400000000280000b807c000180090001006c617374000000006c000280080001400000000508000140000000090c0002"], 0x140}, 0x1, 0x0, 0x0, 0x10}, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000004c0)={@map=r4, r5, 0x2f, 0x2028, r5, @void, @void, @value=0xffffffffffffffff}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1f, 0x8001, 0x2, 0x9, 0x1, 0x1}, 0x50) r6 = perf_event_open$cgroup(&(0x7f0000000040)={0x2, 0x80, 0x43, 0x4, 0xf8, 0x5, 0x0, 0x10001, 0x10104, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x6, 0x1, @perf_config_ext={0x7, 0x2}, 0x100100, 0x4, 0x80000001, 0x3, 0x9, 0x6, 0x4, 0x0, 0xfffffffa, 0x0, 0x1}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0xd) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x40082406, &(0x7f0000000180)='cpuset.cpus\x00') openat$cgroup_int(r0, &(0x7f0000000000)='cpuset.cpus\x00', 0x2, 0x0) r7 = fsopen(&(0x7f0000000200)='mqueue\x00', 0x0) r8 = fsmount(r7, 0x0, 0x0) setsockopt$inet6_int(r8, 0x29, 0x38, &(0x7f0000000400)=0xfffff464, 0x4) 1.494100768s ago: executing program 0 (id=473): openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000340)="07000000010000", 0x7) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e) r3 = socket$unix(0x1, 0x2, 0x0) bind$unix(r3, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r4, &(0x7f0000000040), 0x10) listen(r4, 0x0) r5 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r5, &(0x7f0000000080), 0x10) setsockopt$sock_linger(r5, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8) sendmmsg(r5, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x31}], 0x1}}], 0x1, 0x24008094) r6 = accept4$unix(r4, 0x0, 0x0, 0x0) recvfrom$unix(r6, &(0x7f0000000140)=""/263, 0x107, 0x0, 0x0, 0x0) shutdown(r5, 0x1) pselect6(0x40, &(0x7f00000001c0)={0x2, 0x3, 0x4, 0xfffffffffffffffd, 0x3, 0xffffffffffffffff, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x3, 0x7fffffff, 0x3f8}, 0x0, 0x0) sendto$unix(r3, 0x0, 0x0, 0x40000, &(0x7f0000000040)=@abs={0x1, 0x0, 0x4e20}, 0x6e) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000004, 0x20010, r1, 0x5e21b000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe2}, [@ldst={0x1, 0x2, 0x6b324fb906924663, 0x2, 0x1, 0x43, 0x4}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) statx(r7, 0x0, 0x1000, 0xf0cb2f4a0c2cfc5d, &(0x7f0000000540)) 1.377484892s ago: executing program 4 (id=474): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) ioctl$BTRFS_IOC_INO_PATHS(r1, 0xc0389423, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000050ff850000007200000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0xe, 0x0, &(0x7f00000003c0)="fdfc19f52a929e03000000000000", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r3 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r3, &(0x7f0000002dc0)={&(0x7f0000001640)=@l2tp6={0xa, 0x0, 0x7fff, @local, 0x8}, 0x80, &(0x7f0000000340)=[{&(0x7f00000003c0)='!', 0x1}], 0x1}, 0x41) r4 = socket(0x80000000000000a, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r5) r6 = socket(0x10, 0x3, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x0, 0x4}) connect$netlink(r6, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0f0000000400000004000000a2"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r8}, &(0x7f0000000180), &(0x7f00000001c0)=r5}, 0x20) r9 = semget$private(0x0, 0x20000000102, 0x200) semop(r9, &(0x7f0000000240)=[{0x1, 0x20, 0x800}, {0x0, 0xe65b}], 0x2) semctl$GETALL(r9, 0x0, 0xd, &(0x7f0000000700)=""/236) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000140), 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r8, &(0x7f00000047c0), &(0x7f0000000200)=@udp=r4}, 0x20) r10 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r10, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000080)="1c516cc0", 0x4}], 0x1, 0x0, 0x0, 0x2804c044}, 0x10000) shutdown(r10, 0x1) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r10, 0x84, 0x73, &(0x7f00000000c0)={0x0, 0x9, 0x20, 0x6, 0xff}, &(0x7f0000000100)=0x18) readv(r5, &(0x7f0000000000)=[{&(0x7f00000002c0)=""/126, 0x7e}], 0x1) 1.124882165s ago: executing program 2 (id=477): r0 = syz_open_dev$loop(&(0x7f00000000c0), 0x4, 0x880) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000040)=0xfffffffa) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$sock_int(r2, 0x1, 0x10, &(0x7f0000000080)=0x7ff, 0x4) ioctl$BLKCRYPTOIMPORTKEY(r0, 0xc0401289, 0x0) 1.111942477s ago: executing program 2 (id=478): perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, @perf_bp={0x0, 0x6}, 0x4, 0x9, 0xfff, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) (async) umount2(&(0x7f0000000000)='./file0\x00', 0x9) (async) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) faccessat(r0, &(0x7f0000000000)='./file0\x00', 0x5) (async) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000500)=@mangle={'mangle\x00', 0x1f, 0x6, 0x520, 0x2b8, 0x2b8, 0xf0, 0x1c0, 0xf0, 0x488, 0x488, 0x488, 0x488, 0x488, 0x6, &(0x7f00000000c0), {[{{@ip={@initdev={0xac, 0x1e, 0x1, 0x0}, @remote, 0xff, 0xffffff00, 'veth1_vlan\x00', 'veth0\x00', {}, {0xff}, 0x73, 0x1, 0x3}, 0x0, 0xc8, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x9}}, @common=@addrtype={{0x30}, {0x124, 0x80, 0x1, 0x1}}]}, @TTL={0x28, 'TTL\x00', 0x0, {0x2, 0x9}}}, {{@uncond, 0x0, 0x90, 0xd0, 0x0, {}, [@common=@socket0={{0x20}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0xb2, 0x1e186acd, @ipv6=@remote, 0x4e22}}}, {{@ip={@rand_addr=0x64010101, @private=0xa010102, 0x0, 0xff000000, 'bond_slave_0\x00', 'ip_vti0\x00', {0xff}, {0xff}, 0x1, 0x1, 0x42}, 0x0, 0x98, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @local, 0x9, 0x8, [0x1d, 0x31, 0x1b, 0x37, 0x16, 0x33, 0x14, 0x1f, 0x33, 0x3b, 0x10, 0x4, 0x16, 0x2e, 0x18, 0xd], 0x1, 0xca, 0x67}}}, {{@ip={@remote, @private=0xa010101, 0x0, 0xffffffff, 'syzkaller1\x00', 'ip6erspan0\x00', {0xff}, {0xff}, 0xc, 0x1}, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x1}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}, @inet=@rpfilter={{0x28}, {0xd}}]}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x7}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x580) 1.095441479s ago: executing program 3 (id=479): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) time(0x0) r0 = getpid() syz_pidfd_open(r0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0xe, 0x0, 0x0, 0xb, 0x1080a, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={&(0x7f0000000080), 0x7}, 0x101928, 0x6, 0x0, 0x1, 0x8, 0xfffd, 0x1, 0x0, 0x4, 0x0, 0x20000006}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x0, 0x80, 0x7ffc1ffb}]}) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0x40000000000, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x2) gettid() keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000a00)=[{0x0}, {0xffffffffffffffff}], 0x2, 0x0) getpriority(0x2, 0x80000000) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000200)='asymmetric\x00', &(0x7f0000000000)) add_key$keyring(&(0x7f0000000040), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, r2) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 1.035650136s ago: executing program 2 (id=480): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001440)=ANY=[@ANYBLOB="900000001000ffff28bd7000fadbdf2500000000", @ANYRES32=0x0, @ANYBLOB="391a03006abe0500140012800900010069706970000000000600000054001a8004201c002c000a8014000700fc020000000000000000000000000001140007000000000000000000000000000000000020000a80140007"], 0x90}, 0x1, 0x0, 0x0, 0x40c4}, 0x240400c0) syz_open_dev$usbfs(&(0x7f00000001c0), 0x800000001fe, 0x2) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000280)={0x0, 0x5, 0x17, 0x4009, 0x0, 0x1, 0x0}) write(0xffffffffffffffff, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe004681000000078a151f75080039000500", 0x27) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000140)={'syztnl1\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x0, 0x3, 0x3, 0x5, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x10, 0x40, 0xe18}}) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000001740)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000bc7ef9642d29ba564165605dca29708efdf9b15a5c10a126121b2751f642635bcd9a8bf7a928a5d054b0d2c54d519ea75c52f41ed6f2886973626b684c8bd9108c0b0b2ea7e556948f0367aff4fbcede3294f6e73d06ad16dc2d26725ff833b5f83b499918e6a6ec245b781d41aee9624c847e2f2312d6b9db45bad354fc1a3f20407ffe406483a0524937ee7559e4bf70136746b37fdfbbb152758d37ed8bcac41fb7243bdcd536249c7996e898b61927eaa5a8790054ba13d3ade593220f96027090a34aaf7ea92f41aab73e7a85eef87e956bb7c5c76a347264fd99359f4e57b0dcc2bcc188ea880a4b11a8bb81eb22b0ddfc689e3218cf310dcc61cab354149d9107d8a88b0aa5b5661555f00443aee5e714009e52cee5e88f008148ddbc0fa81bf938bed4a1ac778d5337cc0311d0772eeac3eab38426e8d1472ff514aa5379ed21551790cc10148410b4fc27582fd7106a8887a9a0b613dfe10aee77542d887208f5534f5dce4d43f258fc9ef975834e1917666e2aff1cebfc3ce2c1e8ff66bba1d9050000000000000078db7024bf321636bede8651e672ed4f01ba5da2c3f9042a8552bd3f2c9ad546ad0ea20b4d35fb0a15c6239f67c7747a40fe26a88adf727fd1b801b4e56fbffcad99ce68fe2af0d94fdc78d27268de435021dca51acaa7a9e0944bdf579c170db6405944b6791a7713ee54f650fdf71b57c3629fb185efce700620ef5744623be08ec935dd563e6ba0b461bda98b364acf3dcdafa9b0e68c21ea509212c2938aa09cc31aa4ee5bfb8e507181909f5854b13997af4888cd61c8aab5fdfd701a16d546e5a533cd9b985dcc582b67979551dcc750fc51f2c9b6814edeffc76a86ea9f58b7c66fa24540daf14c2163d064f8cf0b4878f81e6b8bc4dabc10dac82b39e033963a6d02434cb783a198829d1373790a85c0e01a362d89e80165d280283af3c2060000000000000034b12a73b0c53bfae5d2f6e55728052247adfe0966c6c5eca57918c4540c979a70a281ba00e408c9fe1b20fa208976dd6a56f9bd9a74d81447c9b265d8c23f0e983e0b1d2d62d1e57c9188e4882634476e62ab1b7415a58208eaaf166d14720092f79a6197fe8b4ea7d5485cc6b3630afed8d3403cfa4d7bf48efb371706e0e65901eea3743c98261cbb7a246cf62f99bbc918741d32539ec0754e7d7f08dd45aaf49623342eabf466e54d8da4346e73da54ba2e4b5e2ae2823864d4147b490e55c9509f75c8828500ac32cab11b0262e75fa9e39e3792d01e0b210fdfb686bfffdc677432f6332c1a27502b43997060acdf7784c79fed0325e06f6b64b6434ebf4730509bcf95b9a1d0ba7c469d55351cc1dce6c90f5872e7ad5eed5f850d9d1f928b4e0263b241e8fe03e5e66252c8a3bd320e8deee5b91c653b8f22f58cff36c2ba4d6774f14229939595d2beb998c9312212de00468fc488591aca07ab75fba4a318d3ee4581711927b77a7f14dbcd639892f8cb0000000000000080411736eb1ee86eec338197a56293c9cdb72e84155681553b896d58b62a96852320e74dc4c9b41d6f90d2353dc573a94a092a84209c12da57f8c78e161b0899eb1c8b694d26c5fbf7f65fefacdbf39151f335dddc3b179a13f6de93ffb338e94738c86e35e9fcc654e4d6618dc1201cbd16e1281df911e6c699da16fbbb7a2e5c77966c98d3e7edd58cabfe6bf1bb7f6329084e3e4a2a36da07bbac3ebc00472f55b7966f250109fcce0ad5d4526d20ef74d1a634d724"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x0, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1c, 0x3, &(0x7f0000000640)=@framed={{0x18, 0x2, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x3b}}, &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r7, r6}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x5, &(0x7f0000000740)=@framed={{}, [@map_val={0x18, 0x6, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x80}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYRESOCT], &(0x7f0000001b80)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', r2, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff9}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="18080000000000000000000000000000180000000000000000"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r8) mkdir(0x0, 0x0) 1.035458507s ago: executing program 3 (id=481): syz_init_net_socket$llc(0x1a, 0x1, 0x0) syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x2010410, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==") r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000003c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000020000006a0a00fe00000000850000000b000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c7c56f0979bd10b97163c1d6d0e196bf02f46e8953ab1abda45cbe8d0d26b5069f8a98f7dc8f76b74635fc9f9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d35c32aac1c7d5b5be399f6609876b5887437a172fbc02a74067529194e533583412dff048f0000000000000000b2728a04816cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13caec04a347383420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad30000000000000003626165866c154e2514890000b515a1000000000000000eb2e9c15b6c8f6198282d0086fa0000c2ccf3f6d69cfcf1e15ea7a9e57aee78e12ace55736fa42811654e19a7e9b531636794a718b4766d744263b6681da2b2204d848619a3eb62e77460c048df8e72bfe31438163ec4270439b350274e5aa941bfc32ce08e3790dfb0c59bbe45cd27264669c187eed6d67b3be191137814bcb226b2078a1bc45502705d538d8723113445b08b0ac8dc2dfa17fd79ed5fd33b14b0adabf72df024dcde1ef330b927ce1a80474ce4f99a292c71456ec1abbfbb61dc9f0f71395a1751d35fa1"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r2, 0xffff0000, 0x10, 0x0, &(0x7f0000000000)="2b206d0748010097737ea49da2aae9f8", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$nl_route_sched(r1, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) fdatasync(r3) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f00000002c0)=@req3={0x10000, 0x1, 0x100, 0x100, 0xe, 0x0, 0x3}, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ftruncate(r3, 0x5) 1.01227916s ago: executing program 2 (id=482): unshare(0x6060600) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$key(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x80}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='rdma.current\x00', 0x275a, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x64, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xf}]}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x64}}, 0x0) r5 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000004c0)=ANY=[@ANYBLOB="120000003a000000080000000200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000003d000000000000000000000000009425c426ef6df27c7dc933b4a6dbf850755eefc497abd2979248b7ef5adf60f255f53c9756ebb1f4b37734d3e922c2b3f31c282fcc57297a11e95a88e8e13a5425e73d48cf870d31889caa24b190366842082db94b9397b63abf1a1dc88520b4a16e9b9d4e64c13375e8e4fa6074a7ea3cf2bb8a3bcc44c9f0fbb525737ef1dc1c5a58388dd788e0f0f5589613f8a075bce30bf30cd165727a3956019812fe91d15c06b6141c07f0d2"], 0x48) bpf$BPF_PROG_ATTACH(0x1c, &(0x7f00000002c0)=ANY=[@ANYRES32=r5, @ANYRES32, @ANYBLOB=',\x00\x00\x00\x00'], 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000ffffff7f0000000000000018010000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="0000000000000000b70800000200396f6b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000020000850400000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x40000) write$P9_RWALK(r9, &(0x7f0000000280)=ANY=[@ANYRESOCT=r4, @ANYRES16=r8, @ANYRESHEX=r6, @ANYRESHEX=r7, @ANYRES8=r2, @ANYRES16=r3], 0x64) r10 = socket$nl_route(0x10, 0x3, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1c0000006800e97800000000000000000a00ddff00000004040004"], 0x1c}}, 0x0) sendmsg$nl_route(r10, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="d2090000100001002dbd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="1843010000000000140003007866726d30000000000000000000000024001a8020000a80050008000300000014000700"/64], 0x58}, 0x1, 0x0, 0x0, 0x4040084}, 0x0) r12 = socket$phonet_pipe(0x23, 0x5, 0x2) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000000, 0x10010, r12, 0x422f5000) 901.767804ms ago: executing program 1 (id=483): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x24, 0x2, 0x3, 0x101, 0x0, 0x0, {0xa, 0x0, 0xffff}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x2e}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x7}]}, 0x24}}, 0x814) r1 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(r1, 0x7005, 0x0) readv(r1, &(0x7f0000000000)=[{&(0x7f00000012c0)=""/191, 0x4}], 0x3) 837.467522ms ago: executing program 1 (id=484): accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f00000000c0)=0x10, 0x81800) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) r0 = syz_open_procfs(0x0, &(0x7f0000000800)='net\x00') lseek(r0, 0x8000, 0x0) getdents64(r0, 0x0, 0x0) capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) prctl$PR_SET_MM_MAP(0x34, 0xe, 0x0, 0x0) acct(0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x101201, 0x0) pipe(0xffffffffffffffff) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000100)=""/74, 0x4a, 0x0, &(0x7f0000000180)=""/23, 0x17}, &(0x7f0000000200)=0x40) ioctl$PTP_ENABLE_PPS(r1, 0x40043d04, 0x0) 837.109962ms ago: executing program 1 (id=485): r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r3, 0x110, 0x5, &(0x7f0000000100)=[0x3, 0x3], 0x2) setsockopt$inet6_int(r2, 0x29, 0x4c, &(0x7f0000000000)=0xc000000, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x33}, 0xfffffffd, 0x33}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x2}, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0xfffffffe}}, 0xe8) sendmmsg(r6, &(0x7f0000000480), 0x21, 0x0) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r6, 0x84, 0xc, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r7 = socket$inet_udp(0x2, 0x2, 0x0) close(r7) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000680001ed020000000000008000000000000000000c00020001000000060000000800010001"], 0x2c}}, 0x4000) write$binfmt_misc(r5, &(0x7f0000000000), 0xfffffecc) splice(r4, 0x0, r7, 0x0, 0x4ffe6, 0x0) futex(0x0, 0x85, 0x2, 0x0, &(0x7f0000000780), 0x14fffffe) r8 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000340)={0x4800, 0x1, 0xea}, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="180000001600010a0000000000dffffdff000000f1"], 0x78}}, 0x0) write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0xffa8) 803.049557ms ago: executing program 1 (id=486): socketpair$unix(0x1, 0x2, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x9400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, @perf_config_ext={0x9, 0x7}, 0x110, 0xa88, 0x8406, 0x5, 0x0, 0x3c, 0xffff, 0x0, 0x0, 0x0, 0xedf2}, 0x0, 0xffbfffffffffffff, 0xffffffffffffffff, 0x1) lgetxattr(0x0, 0x0, 0x0, 0x0) 785.137429ms ago: executing program 1 (id=487): r0 = fsopen(&(0x7f0000000080)='mqueue\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x50) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) keyctl$invalidate(0x15, 0x0) add_key(&(0x7f0000000180)='id_legacy\x00', 0x0, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c000000020682f60000000000000000000000000d000356686173683a6e6174000000000500040000000000797a310000000004000780050005000200"/71], 0x4c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) readahead(r1, 0x3, 0x6) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000009060102000000000000000000ff00000900020073797a31000000000500010007f2ff001c0007800c00018008000140fffffffe0c0002800800014004"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050) 722.149877ms ago: executing program 1 (id=488): syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000180)=[{&(0x7f00000005c0)="7bd422f6a3", 0x5}], 0x1, 0x0, 0x0, 0x804c040}, 0x1) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e21, @local}}, 0xcde, 0x9}, &(0x7f0000000000)=0x90) 721.447557ms ago: executing program 3 (id=489): perf_event_open(&(0x7f0000000500)={0x1, 0x80, 0x27, 0x6, 0x0, 0x0, 0x0, 0x9, 0x6c0bb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x1, @perf_bp={0x0, 0x8}, 0x880, 0x34, 0x43a1bd76, 0x7, 0x3, 0x1, 0x2, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x1) r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="2800000010000104fcffffff8000000000000000", @ANYRES32=r2, @ANYBLOB="dbc7831f4ca2034608000a00", @ANYRES32=r2], 0x28}, 0x1, 0x0, 0x0, 0x4044001}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=@newqdisc={0x40, 0x24, 0x3fe3aa0262d8c583, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}, {0xfff1, 0xfff3}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x7, 0x1, 0x2}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000002}, 0x20044018) 679.415633ms ago: executing program 3 (id=490): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f00000001c0)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x3ff, @private0, 0x9}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000480)='\r', 0x1}], 0x1}}], 0x1, 0x931766f6319eed40) getsockopt$bt_hci(r0, 0x84, 0x83, &(0x7f0000001c40)=""/4130, &(0x7f0000000000)=0x913) 678.962852ms ago: executing program 3 (id=491): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r1, 0x540a, 0x2) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000015c0)=ANY=[@ANYBLOB="1400000042000501c256768477e550b57b70"], 0x14}}, 0x44014) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0, 0xffffffffffffffff}, 0x4) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) write$binfmt_aout(r4, &(0x7f00000001c0)=ANY=[], 0xff2e) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"}) r5 = syz_open_pts(r4, 0x80) r6 = dup3(r5, r4, 0x80000) read(r6, &(0x7f0000000300)=""/231, 0xc8) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r3}, 0x4) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000180), 0x200000, 0x0) read$watch_queue(r6, &(0x7f0000002d40)=""/4105, 0x1009) setsockopt$MRT_ADD_MFC_PROXY(r6, 0x0, 0xd2, &(0x7f0000000000)={@dev={0xac, 0x14, 0x14, 0x21}, @local, 0xffffffffffffffff, "33330ecd535b50418a67982ad7a214886a482c8ffbf1b1225f620f772854c20d", 0x2, 0x5, 0x6, 0x3}, 0x3c) read$watch_queue(r6, &(0x7f00000000c0)=""/170, 0xaa) quotactl_fd$Q_QUOTAON(0xffffffffffffffff, 0x80000601, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xc, 0x10, &(0x7f0000000200)=ANY=[@ANYRES32=r3, @ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYBLOB="0000000000000000b704000008000000850000004900000095", @ANYRESDEC=r5, @ANYRES32=r3], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000007c0)={r7, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000680)="76389e6a65585578f830e9000000", 0x0, 0x10001, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 607.700502ms ago: executing program 0 (id=492): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000780)=@newsa={0x138, 0x10, 0x7, 0x0, 0x25dfdbfc, {{@in=@local, @in6=@mcast1, 0x4e21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0xee00}, {@in=@empty, 0x0, 0x2b}, @in6=@local, {0x0, 0x0, 0x2, 0x0, 0x10000000, 0x2000}, {0x0, 0x200000, 0x6}, {0x40100, 0xfffffffd, 0xae8}, 0x0, 0x0, 0x2, 0x2, 0x0, 0x70}, [@algo_auth={0x48, 0x1, {{'sha3-384-generic\x00'}}}]}, 0x138}}, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0x33, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, @perf_config_ext={0x6, 0x400000008}, 0x4c58, 0x6, 0x0, 0x5, 0xe, 0x2, 0xf, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000080)=0x4, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 445.502473ms ago: executing program 4 (id=493): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000000)={'syztnl0\x00', &(0x7f0000000140)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x2, {{0x5, 0x4, 0x0, 0x24, 0x14, 0x0, 0x0, 0x5, 0x29, 0x0, @private=0xa010101, @empty}}}}) (fail_nth: 8) 445.131163ms ago: executing program 4 (id=494): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000200)={[{@jqfmt_vfsold}, {@orlov}, {@debug}, {@noload}, {@nombcache}, {@noblock_validity}, {@grpjquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000}}]}, 0xfa, 0x47c, &(0x7f0000001f80)="$eJzs3M1vFOUfAPDvTLulwI9fK+ILCFJFI/GlpeVFDl40mnDQxEQPGE+1LaRSqKE1EUK0esCjIfFu/C+MJ70Y9aKJV70bEmK4gHpZMzsztLS77ZZud4H9fJLZfZ6Z2X2e78w8O8/Ms7sBdK2h7CGJ+F9E/B4RA3n29hWG8qeb1y9N/H390kQS1epbfyW19W5cvzRRrlq+bnueqVaL/JY65V5+N2J8ZmbqfJEfmT/7wcjchYsvTJ8dPz11eurc2PHjRw7v6zs2drQlcWZx3djz8eze3SfeufLGxMkr7/2UpJHHHcviaJWhfOvW9XSrC+uwHUvSSW/22F/k9v+yuKTekUAn9UREtrsqtfY/ED2x9daygXjts45WDthU1Wq1usqn8kIVuI8l0ekaAJ1Rnuiz699yalPX465w7eX8AiiL+2Yx5Ut6I80T+yvLrm9baSgiTi7881U2xSbdhwAAWOq7rP/zfL3+XxoP54m+7OH/xRjKYEQ8EBE7I+LBiNgVEQ9F1NZ9JCIeXWf5y0dIVvZ/0qt3HFwTsv7fS8XY1u39v7RcZbCnyO2oxV9JTk3PTB0qtsnBqGw5NZ1Mja5Sxvev/vZFo2VL+3/ZlJVf9gWLelztXXaDbnJ8fnwjMS917dOIPb314k9q4wJRjOvtjog9d1jG9LO9DZetHf8qGr9t06pfRzyT7/+FWBZ/KWk4Pjn64rGxoyP9MTN1aKQ8Klb6+dfLbzYqf0Pxt0C2/7fVPf5vxT+Y9EfMXbh4pjZeO7f+Mi7/8XnDa5p1Hv8ndhTHf1/ydm1GX7Hgo/H5+fOjEX3J6yvnjy2+W5kv18/iP3igfvvfGYtb4rGI2BsR+yLi8eyisKj7ExHxZEQcWCX+H1956v31x9+esdIs/sm19n8s3f/rT/Sc+eHbtePvj4hG+/9ILXWwmNPM51+zFdzItgMAAIB7Rf4d+CQdXkwnw8P5d/h3xbZ0ZnZu/rlTsx+em8y/Kz8YlbS80zWw5H7oaHFvuMyPLcsfLu4bf9mztZYfnpidmex08NDltq9o/2matf/Mnz2drh2w6Vowjgbco7R/6F7aP3SnZM32X2lbXYD2c/6H7lWv/X/ScO3hbza1MkBbOf9D92qi/S/kT417BcC9yfkfupf2D12p4W/j0w395L/tiX+L/zO8W+pz/ycivSuqcf8nepv+M4tGicrKtlwdyNt/NmdL3Vd1+pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNf4LAAD///R05PQ=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40086610, 0x0) r1 = epoll_create1(0x0) syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) close_range(r1, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = memfd_secret(0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$xdp(0x2c, 0x3, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000080), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) sendmsg$can_bcm(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="0500000000e0ffffffffffff", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008001"], 0x48}}, 0x0) connect$l2tp(r0, &(0x7f0000000480)={0x2, 0x0, @private=0xa010102, 0x2}, 0x10) sendmsg$can_bcm(r3, &(0x7f00000002c0)={&(0x7f0000000500)={0x1d, r4}, 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r3], 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO(r2, 0xc0389424, &(0x7f0000000140)={0x4, 0x0, '\x00', 0x1, &(0x7f0000000100)}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r6, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r7 = syz_open_procfs(0x0, &(0x7f0000000240)='projid_map\x00') preadv(r7, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x21, 0x0) close_range(r5, r6, 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(r0, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)={0xec, 0x2, 0x9, 0x301, 0x0, 0x0, {0x3}, [@NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x7}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x7fffffff}, @NFCTH_STATUS={0x8}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0xe}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0xffff}, @NFCTH_TUPLE={0x94, 0x2, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @local}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @local}}}]}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x3}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x59}}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0xff}]}, 0xec}, 0x1, 0x0, 0x0, 0xc017}, 0x2001) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x6, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0xbea, 0x6, 0x5, 0x10001}]}) 394.179689ms ago: executing program 4 (id=495): close(0xffffffffffffffff) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x8, 0x40008, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000004, 0x2, @perf_config_ext={0x9, 0x100000001}, 0x0, 0x0, 0x800000, 0x8, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) preadv(r0, &(0x7f0000000040)=[{&(0x7f0000002780)=""/4096, 0x1000}], 0x1, 0x5b3d2934, 0xfffffff8) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004400000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000c00), r5) sendmsg$IEEE802154_LLSEC_ADD_KEY(r5, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000d40)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB="010029bd7000fcdbdf2527000000"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4040000) sendmsg$NFT_MSG_GETSETELEM(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f80)=ANY=[@ANYBLOB="480000000d0a010800000000000000000a0000010900020073797a31008000000900010073797a31000000001c000380180000800800034000000002"], 0x48}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000240)={'gre0\x00', 0x0, 0x20, 0x700, 0x6, 0x3, {{0x8, 0x4, 0x0, 0x0, 0x20, 0x67, 0x0, 0x4, 0x2f, 0x0, @remote, @multicast1, {[@end, @generic={0x88, 0xb, "22ec802d8e96788ce8"}]}}}}}) sendmsg$nl_route_sched(r7, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=@deltclass={0x50, 0x29, 0x200, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, r8, {0xa, 0x8}, {0xfff1, 0x4}, {0x6, 0xf}}, [@TCA_RATE={0x6, 0x5, {0x4, 0x6e}}, @tclass_kind_options=@c_fq_codel={0xd}, @tclass_kind_options=@c_multiq={0xb}, @TCA_RATE={0x6, 0x5, {0x87, 0x2}}]}, 0x50}, 0x1, 0x0, 0x0, 0x8004}, 0x8004891) r9 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) ioctl$SNAPSHOT_SET_SWAP_AREA(r9, 0x400c330d, &(0x7f00000001c0)={0x2b22}) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) close(0x4) sendmmsg(r7, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000003c0)="4df78d51efc2f1bb313f24d0ef444c8ec422af9417416fa5338f50ef75e3341362450f86acf51226af2a63f2e8340821f183adde315d32c497ab3c9bdc4ecce19ae5ac90614fd43ab64b439bb4a9cb725b3823339a77c609e217deb6309535755a0c68857f530b71519a9f49d08b4603f6ffa80d6316ff95385850ac9929e32dee204b5ec12a3a376aa020", 0x8b}, {&(0x7f0000000480)="52c51ddd0fa889c1843284882c7293fb6cdecab534991573ac65badab0434c4aa31a511f35c147e91a66b2e5f0bbda842fa9e6e852294eb65bf57ca405b98d5d2832cbe9b90d88afb053a5ea86de7e98800fbe8174d5b529e3fdd575ecb891857334d870e4fed71faac758c3bf4f92b645d148f5b07efac7210aea523710fbc63b75edcdfd1806fb2641775f6db46d64c0a96cc13be68c476ef96de54733d09a1d8439e3ecbbc3b16786c641d349d23cb40f82d198867853c49a777aae4d860c1069567626909612ec2f0f2c477206239f43fb20a80163e94b2c788d3f", 0xdd}, {&(0x7f0000000580)="e8c749dd680bab12855e2c6eacbf9d98606dfd8ad1d3d4d1f46df2d48c63f4fda9de3c940192aaaa733bc178cecff9b4", 0x30}, {&(0x7f00000005c0)="fcd9fd49f6dcd61865065b50", 0xc}, {&(0x7f0000000600)="d4243b45eaac36892472f9b816b292251d7c8bc119c5973d98afe6b6b14fa852966615e0c0c74344ef856ba86a248e86310081c72e2b86b522063e0e914dec24b49b3a094a1cf04a4a81ccf35db6152a7a4bb720232d24f90c148b3ced272d12d000abb8d763bb4a328adf46b369b672afd48f5fbdb049f056da63addb403c31fc1bfd1b9b2a7f9132f853d21d3ec47232ddb8accb3c52a5f2314ab751257bc92ff2fde3dc8a2f5dea5489953c1b975d61e3c8155288cd1e6f34fc36b652b26366abb5c043d38f7fbbc87db416d9444a0d58", 0xd2}], 0x5}}], 0x1, 0x20000004) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r10], 0x1c}}, 0x0) capset(&(0x7f0000000800)={0x20071026}, &(0x7f0000000840)={0x2, 0x1, 0xe, 0x2, 0x10001}) 384.111991ms ago: executing program 3 (id=496): syz_init_net_socket$llc(0x1a, 0x1, 0x0) syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x2010410, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==") r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000003c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000020000006a0a00fe00000000850000000b000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c7c56f0979bd10b97163c1d6d0e196bf02f46e8953ab1abda45cbe8d0d26b5069f8a98f7dc8f76b74635fc9f9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d35c32aac1c7d5b5be399f6609876b5887437a172fbc02a74067529194e533583412dff048f0000000000000000b2728a04816cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13caec04a347383420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad30000000000000003626165866c154e2514890000b515a1000000000000000eb2e9c15b6c8f6198282d0086fa0000c2ccf3f6d69cfcf1e15ea7a9e57aee78e12ace55736fa42811654e19a7e9b531636794a718b4766d744263b6681da2b2204d848619a3eb62e77460c048df8e72bfe31438163ec4270439b350274e5aa941bfc32ce08e3790dfb0c59bbe45cd27264669c187eed6d67b3be191137814bcb226b2078a1bc45502705d538d8723113445b08b0ac8dc2dfa17fd79ed5fd33b14b0adabf72df024dcde1ef330b927ce1a80474ce4f99a292c71456ec1abbfbb61dc9f0f71395a1751d35fa1"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r2, 0xffff0000, 0x10, 0x0, &(0x7f0000000000)="2b206d0748010097737ea49da2aae9f8", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$nl_route_sched(r1, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f00000002c0)=@req3={0x10000, 0x1, 0x100, 0x100, 0xe, 0x0, 0x3}, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ftruncate(r3, 0x5) 352.753455ms ago: executing program 0 (id=497): perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 304.603131ms ago: executing program 4 (id=498): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="30000000130001"], 0x30}, 0x1, 0x0, 0x0, 0x8004}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r1, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f00000002c0)=ANY=[@ANYBLOB="100100002700010000000000000000000001008024d4e3455c7216da3484447f8a081f930884b55764ca84de3d0e7bc8d6f29cd84ba9408cf2351604f1724e10a8fcc3988de886d82375980e92a1ba2f8410b06773cbbf6293af17222761aa1289e6a8f1d8b53d1d97f2f820a715ce709fcaa40a70dc4c98ebbe761c0eec46d4f50508215e72fc781a471b1a7c769a074f2d6388253cfdd4b0e37a788fbb7296ae39bb35439c66437fa3347adfaca46f74fbc95f1b070287096cc9bdc953ea637c118a68a8ddc03aa44e8aa8ca5dac063a2d0000008bb982eb4ec7e08b552a2807c00bbf76d79b02c6a4f3eba1267e29e89d27673db50050419e278e613000000018bbfb3f1a62e1bc87ff925d8f1dbfb9719968b842c473533b8ef67d852d94722de0bdaac8c1e2a755132e7aa2ad42b0ccc8be5226687c0800adaf2e"], 0x110}], 0x1}, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, 0x0, 0x20008804) syz_mount_image$msdos(&(0x7f0000000340), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000400)={[{@nodots}, {@nodots}, {@fat=@errors_continue}, {@fat=@check_strict}, {@fat=@dos1xfloppy}, {@dots}, {@fat=@dmask={'dmask', 0x3d, 0x5}}, {@fat=@tz_utc}, {@nodots}, {@nodots}, {@nodots}]}, 0x0, 0x237, &(0x7f0000000480)="$eJzs3EFrM0UcB+CJaZs2paUnQU+DXvQStFc9KFKhGFCsKepB2NKthsSkZHNIPOXsyc/g0YNevAl+g34J9VaE0ouCYKTdtElaLfVt9y28fZ5L/zu/nd2Z7mYJE9jjN7/5snWQ1Q6S/u5ypRSeeyuM/vhrnAu5UXj1h49Pv95ZCnNijOvjSl6v7v64/lMlHG18dnyy+dvR80cvHP/90RfNLDaz2On2YxL3ut1+stdO434za9Vi/KCdJlkam50s7c3lB+3u4eEwJp39tephL82ymHSGsZUOY78b+71hTD5Pmp1Yq9XiWjVwF43v/hyPw8nZta6MwvSK81i4/o/bziefvvd2vb71YYzLIfw+GjQGjfxvnr+7Xd96LZ7bmPY6HQwa5cv89TyPM4cdDBqLoTrJN6/lZ/2Xwisv5/lZ9s779Sv5StgvfPYAAAAAAPBsqsVL19f3S5PN+fzX6vn6fr4x8/tAvn7/7c+T/gvhxYWnPBkAAADgX2XDr1pJu532ZotftkOYaSmHEKb7rIT5ne+/WAzttLcQ5qOLARd10kKKUsgXUaYtb4Q7HnlcCaH4wZcn/+2r0dJFy8pN908Rt8TceMrXBna3YvWyJWzcrlf5vmf6feEfq/9Z3PDQeKm45xEAAFCc6Zf+hx4JAAAAAAAAAAAAAAAAAAAAPF63eB/Yxavenvh1YtOzlR5qmgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/+mfAAAA///s9FOv") r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="180000003800ffcf000000000000000003"], 0x18}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021bc0000000c0a01010000000003f40000070000000900020073797a31000000000900010073797a3000000000900003808c000080080003400000000280000b807c000180090001006c617374000000006c000280080001400000000508000140000000090c0002"], 0x140}, 0x1, 0x0, 0x0, 0x10}, 0x0) 303.078451ms ago: executing program 0 (id=499): sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000001c0)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x3ff, @private0, 0x9}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000480)='\r', 0x1}], 0x1}}], 0x1, 0x931766f6319eed40) shutdown(0xffffffffffffffff, 0x1) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000001c40)=""/4130, &(0x7f0000000000)=0x913) 302.898921ms ago: executing program 4 (id=500): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4, 0xffffffff, 0xfffffff8, 0xd}, 0x54) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a00bd700003dcdf2502202001000000000020000008000700ac1414aa000000"], 0x24}}, 0x40050) sendto$inet6(r0, &(0x7f0000000400)="cd", 0x1, 0x8010, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0xfcb}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000440)=ANY=[@ANYRES32=0x0, @ANYBLOB="06"], 0x9) 229.29607ms ago: executing program 0 (id=501): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x110, 0xd, {0x0, @loopback=0x7f000300, @multicast1}}}], 0x20}, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='debugfs\x00', 0x0, 0x0) mount$bind(&(0x7f0000000800)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x1a9851, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xcac2d78a}}, 0x0, 0x0, 0x43, 0x0, "ee8bcb650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c1da009444a131f4da58ae36556dd38ea6c029607462029add0924000000000267517308a3d40aa1c788df6"}, 0xd8) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6711f234db5aaa13f382ad796bd667c9e00000009873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) ioctl$int_in(r1, 0x5421, &(0x7f0000000140)=0x1) writev(r1, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x401, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@var={0x2, 0x0, 0x0, 0xe, 0x4, 0x1}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8, 0x0, 0x32}, @fwd={0x1}, @ptr={0xa, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x61, 0x5f]}}, 0x0, 0x54}, 0x28) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'}) 153.79777ms ago: executing program 2 (id=502): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x80, 0x0, 0x7ffc1ffb}]}) r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8001}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="18080000000000000000000000000000180000000000000000"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open$cgroup(&(0x7f0000000240)={0x4, 0x80, 0x8, 0x10, 0x4, 0x80, 0x0, 0x5, 0x220, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x4, 0x1, @perf_config_ext={0x6, 0x8}, 0xc92, 0x1, 0xd, 0x8, 0x3, 0x7, 0xfffc, 0x0, 0x2, 0x0, 0x1d4}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0xa) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(0x0, r2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000006c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0xb, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={&(0x7f00000001c0), 0x3}, 0x100b28, 0x6, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) times(0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0) mq_getsetattr(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x1d, 0x5, 0x5}, &(0x7f00000000c0)) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x200000, &(0x7f0000000200), 0x6, 0x5af, &(0x7f0000000dc0)="$eJzs3d9rFNceAPDvbDbGRL0qiNx7Hy4BH67FuvnVHxYK2sfSSoX23YZkDZKNK9mNmFRQHyqUvhQplFKh9A/oex+lf0D7VwitIEVC+9CXlNnM6prNZjdxdRf384FJzpmZ3XPOzDlnztnZYQMYWOPpn1zEfyLiqyTicMO2fGQbxzf3W398Yy5dktjY+PiPJJJsXX3/JPt/IIv8OyJ+/jziVK453crq2uJsqVRczuIT1aWrE5XVtdOXl2YXigvFK9MzM2fenJl+5+23ulbW1y789e1H998/8+WJ9W9+fHj0bhLn4mC2rbEcz+FWY2Q8xrNjMhzntuw41YXE+knS6wywJ0NZOx+OtA84HENZq0+N9jRnwIt2MyI2gAGVdNz+h/UU8EqpjwPqc/st8+BtZu6vlkfvbU6Amsuf3/xsJPbX5kZj60nDzGhzvnukC+mnafz0+7276RJtPoe4+UxsXxdSBwbZrdsRMZnPN/d/Sdb/7d1kB9ePrWl06XNYoAP30/HP6zGSRRvaf+7J+Ce2Gf90a/TRvv3nHnYpqW2l4793tx3/Pum6jgxlsUO1Md9wculyqTgZEf+KiJMxPJLGd7qfc2b9wUarbY3jv3RJ06+PBbN8PMyPPPua+dnq7POUudGj2xH/fTr+TaKp/99fG+uOjcYz5z89HhfSwC9ftE3jePHe/1pta1/+Rjd3Wbr2Nn6I+P+253/zjlYuC+1wf3KiVh8m6rWi2Z93jv/aKv3dlb/70vM/tkP50yqfNN6vrezu/dO50/f7/y622r7X+r8v+aQWrvdD12er1eWpiH3Jh83rp5++th6v75+W/+SJ7dt/vf6PbtP/pes+7fAY3Dl2p+Wu/XD+53d1/ncfePDBZ9+1Sr+z8/9GLXQyW9NJ/1cq1ivNzhnc63EDAAAAAACAfpTLnv8pZOGDkcsVCpvP8B6LsVypXKmeulReuTIftWdl63cFJ2PzWeH69yGmsu/D1uPTW+IzEXE0Ir4eGq3FC3Pl0nyPyw4AAAAAAAAAAAAAAAAAAAD94kDtmf8kt/X5/9RvQ73OHfDC5XudAaBn2rb/5/0lOKBvuf7D4NL+YXBtbf8jPcoH8FLlw/UfBlpj+x/uYT6Al8/1HwaX9g+DS/sHAAAAAAAAAAAAAAAAAAAAAAAAAACArrpw/ny6bKw/vjGXxuevra4slq+dni9WFgtLK3OFufLy1cJCubxQKhbmykvt3q9ULl+dmo6V6xPVYqU6UVldu7hUXrlSvXh5aXaheLHo50UAAAAAAAAAAAAAAAAAAACgWWV1bXG2VCouC7QMnI2+yMaeA0m7s3w2qwy7eufIAvneF7DfAoc6b1aj0Sd5bgr0uGMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAb/BAAA//9okSnn") r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x0, 0x2b8, 0xb0000010, 0x2, 0x5c8f0200, 0x388, 0x3a8, 0x3a8, 0x388, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'vlan1\x00', 'veth0_to_team\x00'}, 0x0, 0x248, 0x290, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0xf1, 0x0, 0x33, 0x0, 0x0, 0x1, 0x7fffffff}}}, @common=@unspec=@limit={{0x48}, {0x10000000, 0x3}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x206, 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) getdents64(r5, 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x19) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100)=0xff) 0s ago: executing program 2 (id=503): r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d) unshare(0x2010000) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x34, r2, 0x6ff, 0x0, 0x25dfdbfc, {0x52}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x48004}, 0x0) setresgid(0xee00, 0xee01, 0x0) listen(r1, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x7ffffffb}]}) setresgid(0x0, 0x0, 0xee01) close_range(r3, 0xffffffffffffffff, 0x0) r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x4) r5 = openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0xc, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1c, 0x0, &(0x7f0000000080)) write$selinux_load(r5, &(0x7f0000000000)=ANY=[], 0x603f) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) writev(r7, &(0x7f0000000280)=[{&(0x7f0000000040)}, {&(0x7f0000000200)="6a51ce016576c7a6b8a2c2a7be53f5754f4d7b07b0f11907aa7d883a9ba09793d44972fb8a0b5a97c941170f91a5e6a0084363db6eaa286af78a718dce78494a8298a59f0bf020397eaf11ab4a2f2855de87", 0x52}, {&(0x7f00000005c0)="b218a065a2833b9b22316018bcd69719c0172cae630dd58b7987477882fe9adea8994b3c57ec66c8b55f2da138a30cf0cbcee1d465ffb76676cc82b9728cc65c89981edb18c42d83b954eaf4b8a5893794ee26fc7987da17e65259a62d6332e8c3dda8260fb1ff199b3970a93cab0fce78176474d2390ce4ba27320d185bbcb9b0803c2d290be9ebdc0fc42264967a9ced1471e99305ad114dbc99985b67f842af6c9a6709ff8cd585fe43c94d202b67b109e3ae5c1f85a5b61f8e463caeec6465ead461ffcffa7de0022d76321a61f69c1e071335fb09850b6d19a7f85d4a5e", 0xe0}], 0x3) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000840)={'veth1_to_bond\x00', 0x0}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x1000, 0x5, 0x3, 0x1, 0x9}, 0x9, 0x1, 0x1, 0x6, 0x41, 0x11, 0x12, 0x6, 0x4, 0xfffffff8, {0xe61a, 0x8000, 0x10006, 0x1, 0x6, 0xbf5}}}}]}, 0x78}}, 0x0) kernel console output (not intermixed with test programs): ][ T3317] veth0_macvtap: entered promiscuous mode [ 31.365077][ T3317] veth1_macvtap: entered promiscuous mode [ 31.377963][ T3325] veth0_macvtap: entered promiscuous mode [ 31.394000][ T3325] veth1_macvtap: entered promiscuous mode [ 31.410000][ T3319] veth0_macvtap: entered promiscuous mode [ 31.426972][ T3319] veth1_macvtap: entered promiscuous mode [ 31.443368][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.452453][ T3325] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.478053][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.488820][ T3495] loop1: detected capacity change from 0 to 512 [ 31.500165][ T3325] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.508472][ T3495] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.7: invalid indirect mapped block 256 (level 2) [ 31.523167][ T3495] EXT4-fs (loop1): 2 truncates cleaned up [ 31.527622][ T3498] netlink: 'syz.3.4': attribute type 25 has an invalid length. [ 31.530184][ T3495] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 31.536537][ T3498] FAULT_INJECTION: forcing a failure. [ 31.536537][ T3498] name failslab, interval 1, probability 0, space 0, times 1 [ 31.536607][ T3498] CPU: 1 UID: 0 PID: 3498 Comm: syz.3.4 Not tainted syzkaller #0 PREEMPT(voluntary) [ 31.536631][ T3498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 31.536736][ T3498] Call Trace: [ 31.536767][ T3498] [ 31.536806][ T3498] __dump_stack+0x1d/0x30 [ 31.536880][ T3498] dump_stack_lvl+0x95/0xd0 [ 31.537020][ T3498] dump_stack+0x15/0x1b [ 31.537147][ T3498] should_fail_ex+0x263/0x280 [ 31.537239][ T3498] should_failslab+0x8c/0xb0 [ 31.537309][ T3498] kmem_cache_alloc_node_noprof+0x6a/0x4a0 [ 31.537390][ T3498] ? __alloc_skb+0x2f0/0x4b0 [ 31.537472][ T3498] __alloc_skb+0x2f0/0x4b0 [ 31.537561][ T3498] ? __alloc_skb+0x219/0x4b0 [ 31.537635][ T3498] br_rtr_notify+0xc2/0x580 [ 31.537743][ T3498] ? vprintk_emit+0x5ec/0x600 [ 31.537837][ T3498] br_multicast_add_router+0x202/0x2c0 [ 31.537966][ T3498] ? vprintk+0x1d/0x30 [ 31.538036][ T3498] ? _printk+0x79/0xa0 [ 31.538094][ T3498] br_multicast_mark_router+0x22f/0x300 [ 31.538299][ T3498] br_multicast_set_port_router+0x23f/0x710 [ 31.538405][ T3498] br_setport+0xa03/0xd20 [ 31.538470][ T3498] ? __nla_parse+0x40/0x60 [ 31.538495][ T3498] br_setlink+0x30d/0x470 [ 31.538586][ T3498] ? mutex_is_locked+0x12/0x30 [ 31.538672][ T3498] rtnl_bridge_setlink+0x33a/0x470 [ 31.538866][ T3498] ? __mutex_lock_slowpath+0xa/0x10 [ 31.538962][ T3498] ? __pfx_rtnl_bridge_setlink+0x10/0x10 [ 31.539114][ T3498] rtnetlink_rcv_msg+0x6a7/0x720 [ 31.539186][ T3498] netlink_rcv_skb+0x123/0x220 [ 31.539286][ T3498] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 31.539374][ T3498] rtnetlink_rcv+0x1c/0x30 [ 31.539435][ T3498] netlink_unicast+0x5c0/0x690 [ 31.539548][ T3498] netlink_sendmsg+0x5c8/0x6f0 [ 31.539670][ T3498] ? __pfx_netlink_sendmsg+0x10/0x10 [ 31.539730][ T3498] __sock_sendmsg+0x145/0x170 [ 31.539800][ T3498] ____sys_sendmsg+0x31e/0x4a0 [ 31.539917][ T3498] ___sys_sendmsg+0x195/0x1e0 [ 31.540031][ T3498] __x64_sys_sendmsg+0xd4/0x160 [ 31.540201][ T3498] x64_sys_call+0x17ba/0x3000 [ 31.540281][ T3498] do_syscall_64+0xc0/0x2a0 [ 31.540349][ T3498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 31.540427][ T3498] RIP: 0033:0x7f39f673acb9 [ 31.540494][ T3498] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 31.540545][ T3498] RSP: 002b:00007f39f5197028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 31.540605][ T3498] RAX: ffffffffffffffda RBX: 00007f39f69b5fa0 RCX: 00007f39f673acb9 [ 31.540654][ T3498] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 31.540726][ T3498] RBP: 00007f39f5197090 R08: 0000000000000000 R09: 0000000000000000 [ 31.540765][ T3498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 31.540806][ T3498] R13: 00007f39f69b6038 R14: 00007f39f69b5fa0 R15: 00007ffe15723478 [ 31.540865][ T3498] [ 31.845674][ T1711] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.855642][ T29] kauditd_printk_skb: 31 callbacks suppressed [ 31.855655][ T29] audit: type=1400 audit(1768710944.844:111): avc: denied { mount } for pid=3494 comm="syz.1.7" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 31.883249][ T29] audit: type=1400 audit(1768710944.864:112): avc: denied { read write } for pid=3494 comm="syz.1.7" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 31.906344][ T29] audit: type=1400 audit(1768710944.864:113): avc: denied { read write open } for pid=3494 comm="syz.1.7" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 31.930163][ T29] audit: type=1400 audit(1768710944.864:114): avc: denied { ioctl } for pid=3494 comm="syz.1.7" path="/dev/ppp" dev="devtmpfs" ino=140 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 31.957811][ T29] audit: type=1400 audit(1768710944.954:115): avc: denied { map_create } for pid=3494 comm="syz.1.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 31.977083][ T29] audit: type=1400 audit(1768710944.954:116): avc: denied { map_read map_write } for pid=3494 comm="syz.1.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 31.996628][ T29] audit: type=1326 audit(1768710944.954:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3494 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d9bcbacb9 code=0x7ffc0000 [ 32.017987][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.019894][ T29] audit: type=1326 audit(1768710944.954:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3494 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1d9bcbacb9 code=0x7ffc0000 [ 32.028913][ T3499] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 32.050099][ T29] audit: type=1326 audit(1768710944.954:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3494 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d9bcbacb9 code=0x7ffc0000 [ 32.063431][ T1711] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.086026][ T29] audit: type=1326 audit(1768710944.954:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3494 comm="syz.1.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1d9bcbacb9 code=0x7ffc0000 [ 32.098302][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.147604][ T1711] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.159370][ T3505] loop3: detected capacity change from 0 to 512 [ 32.166617][ T3505] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 32.179712][ T3505] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 32.191698][ T3424] kernel read not supported for file / (pid: 3424 comm: kworker/0:5) [ 32.205966][ T1711] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.217870][ T1711] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.244051][ T1711] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.266723][ T3505] EXT4-fs (loop3): 1 truncate cleaned up [ 32.272835][ T3505] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.285251][ T1711] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.294879][ T1711] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.310838][ T3512] syz.2.3 uses obsolete (PF_INET,SOCK_PACKET) [ 32.318101][ T1711] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.351987][ T1711] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.365544][ T1711] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.379150][ T1711] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.393026][ T3515] loop0: detected capacity change from 0 to 1024 [ 32.403596][ T3515] ======================================================= [ 32.403596][ T3515] WARNING: The mand mount option has been deprecated and [ 32.403596][ T3515] and is ignored by this kernel. Remove the mand [ 32.403596][ T3515] option from the mount to silence this warning. [ 32.403596][ T3515] ======================================================= [ 32.460257][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.477029][ T3515] EXT4-fs: inline encryption not supported [ 32.482915][ T3515] EXT4-fs: Ignoring removed nobh option [ 32.488676][ T3515] EXT4-fs: Ignoring removed bh option [ 32.510531][ T3523] netlink: 83992 bytes leftover after parsing attributes in process `syz.4.5'. [ 32.519598][ T3523] netlink: zone id is out of range [ 32.524736][ T3523] netlink: zone id is out of range [ 32.535665][ T3523] netlink: zone id is out of range [ 32.550230][ T3523] netlink: set zone limit has 8 unknown bytes [ 32.556528][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.566743][ T3515] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.621404][ T3529] Zero length message leads to an empty skb [ 32.631861][ T3531] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13'. [ 32.677310][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.807023][ T3547] capability: warning: `syz.2.20' uses 32-bit capabilities (legacy support in use) [ 32.824177][ T3547] program syz.2.20 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 32.915030][ T3552] loop0: detected capacity change from 0 to 8192 [ 32.943189][ T3554] bridge_slave_0: left allmulticast mode [ 32.948998][ T3554] bridge_slave_0: left promiscuous mode [ 32.954748][ T3554] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.954756][ T3559] loop4: detected capacity change from 0 to 1024 [ 32.962132][ T3559] EXT4-fs: inline encryption not supported [ 33.006125][ C0] hrtimer: interrupt took 42307 ns [ 33.044086][ T3559] EXT4-fs: Ignoring removed nobh option [ 33.049820][ T3559] EXT4-fs: Ignoring removed bh option [ 33.056480][ T3554] bridge_slave_1: left allmulticast mode [ 33.062230][ T3554] bridge_slave_1: left promiscuous mode [ 33.067918][ T3554] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.079174][ T3554] bond0: (slave bond_slave_0): Releasing backup interface [ 33.090420][ T3554] bond0: (slave bond_slave_1): Releasing backup interface [ 33.103189][ T3554] team0: Port device team_slave_0 removed [ 33.104015][ T3559] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.123565][ T3554] team0: Port device team_slave_1 removed [ 33.130607][ T3554] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 33.138153][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 33.166707][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.219818][ T3554] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 33.227386][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 33.268024][ T3554] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 33.317692][ T3563] team0: Mode changed to "loadbalance" [ 33.317888][ T3572] loop4: detected capacity change from 0 to 512 [ 33.365776][ T3572] EXT4-fs: Ignoring removed i_version option [ 33.384362][ T3572] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2857: Unable to expand inode 17. Delete some EAs or run e2fsck. [ 33.406309][ T3572] EXT4-fs (loop4): 1 truncate cleaned up [ 33.412522][ T3572] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.601568][ T3581] netlink: 4 bytes leftover after parsing attributes in process `syz.2.31'. [ 33.664368][ T3584] delete_channel: no stack [ 33.697788][ T3588] netlink: 20 bytes leftover after parsing attributes in process `syz.3.34'. [ 33.845807][ T3597] netlink: 104 bytes leftover after parsing attributes in process `syz.3.37'. [ 33.855060][ T3596] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3596 comm=syz.2.39 [ 33.891662][ T3596] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=3596 comm=syz.2.39 [ 33.966138][ T3600] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 34.081740][ T3564] loop0: detected capacity change from 0 to 2048 [ 34.169355][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.223088][ T3564] pimreg0: tun_chr_ioctl cmd 1074025677 [ 34.230256][ T3564] pimreg0: linktype set to 805 [ 34.262831][ T3610] loop4: detected capacity change from 0 to 1024 [ 34.290079][ T3610] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 34.320500][ T3610] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 34.338411][ T3614] netlink: 4 bytes leftover after parsing attributes in process `syz.2.45'. [ 34.360606][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 34.393244][ T3616] loop4: detected capacity change from 0 to 128 [ 34.418876][ T3616] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 34.440076][ T3619] loop2: detected capacity change from 0 to 128 [ 34.447048][ T3616] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 34.461112][ T3619] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 34.473414][ T3619] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 34.475117][ T3616] netlink: 8752 bytes leftover after parsing attributes in process `syz.4.46'. [ 34.496156][ T3619] EXT4-fs error (device loop2): htree_dirblock_to_tree:1080: inode #2: block 4: comm syz.2.47: bad entry in directory: directory entry overrun - offset=1012, inode=128, rec_len=65544, size=1024 fake=0 [ 34.529541][ T3619] EXT4-fs (loop2): Remounting filesystem read-only [ 34.551017][ T3319] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 34.575978][ T3325] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 34.626933][ T3633] FAULT_INJECTION: forcing a failure. [ 34.626933][ T3633] name failslab, interval 1, probability 0, space 0, times 0 [ 34.639701][ T3633] CPU: 0 UID: 0 PID: 3633 Comm: syz.2.50 Not tainted syzkaller #0 PREEMPT(voluntary) [ 34.639734][ T3633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 34.639763][ T3633] Call Trace: [ 34.639771][ T3633] [ 34.639780][ T3633] __dump_stack+0x1d/0x30 [ 34.639811][ T3633] dump_stack_lvl+0x95/0xd0 [ 34.639838][ T3633] dump_stack+0x15/0x1b [ 34.639862][ T3633] should_fail_ex+0x263/0x280 [ 34.639920][ T3633] should_failslab+0x8c/0xb0 [ 34.639942][ T3633] kmem_cache_alloc_noprof+0x68/0x490 [ 34.639969][ T3633] ? skb_clone+0x151/0x1f0 [ 34.640004][ T3633] skb_clone+0x151/0x1f0 [ 34.640085][ T3633] nfnetlink_rcv+0x316/0x1720 [ 34.640123][ T3633] ? __kfree_skb+0x109/0x150 [ 34.640150][ T3633] ? consume_skb+0x49/0x140 [ 34.640241][ T3633] ? nlmon_xmit+0x4f/0x60 [ 34.640268][ T3633] ? dev_hard_start_xmit+0x3a8/0x3e0 [ 34.640327][ T3633] ? __dev_queue_xmit+0x139a/0x1f20 [ 34.640364][ T3633] ? __dev_queue_xmit+0x148/0x1f20 [ 34.640411][ T3633] ? ref_tracker_free+0x37d/0x3e0 [ 34.640445][ T3633] netlink_unicast+0x5c0/0x690 [ 34.640554][ T3633] netlink_sendmsg+0x5c8/0x6f0 [ 34.640579][ T3633] ? __pfx_netlink_sendmsg+0x10/0x10 [ 34.640602][ T3633] __sock_sendmsg+0x145/0x170 [ 34.640629][ T3633] ____sys_sendmsg+0x31e/0x4a0 [ 34.640726][ T3633] ___sys_sendmsg+0x195/0x1e0 [ 34.640820][ T3633] __x64_sys_sendmsg+0xd4/0x160 [ 34.640865][ T3633] x64_sys_call+0x17ba/0x3000 [ 34.640897][ T3633] do_syscall_64+0xc0/0x2a0 [ 34.640973][ T3633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 34.640999][ T3633] RIP: 0033:0x7f406072acb9 [ 34.641027][ T3633] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 34.641051][ T3633] RSP: 002b:00007f405f187028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 34.641082][ T3633] RAX: ffffffffffffffda RBX: 00007f40609a5fa0 RCX: 00007f406072acb9 [ 34.641095][ T3633] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 34.641111][ T3633] RBP: 00007f405f187090 R08: 0000000000000000 R09: 0000000000000000 [ 34.641125][ T3633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 34.641137][ T3633] R13: 00007f40609a6038 R14: 00007f40609a5fa0 R15: 00007ffe8ab2e2c8 [ 34.641226][ T3633] [ 34.923314][ T3629] tipc: Enabling of bearer rejected, failed to enable media [ 34.983718][ T3646] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 35.058542][ T3650] netlink: 4 bytes leftover after parsing attributes in process `syz.4.57'. [ 35.114588][ T3654] FAULT_INJECTION: forcing a failure. [ 35.114588][ T3654] name failslab, interval 1, probability 0, space 0, times 0 [ 35.127299][ T3654] CPU: 1 UID: 0 PID: 3654 Comm: syz.3.59 Not tainted syzkaller #0 PREEMPT(voluntary) [ 35.127358][ T3654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 35.127370][ T3654] Call Trace: [ 35.127378][ T3654] [ 35.127387][ T3654] __dump_stack+0x1d/0x30 [ 35.127415][ T3654] dump_stack_lvl+0x95/0xd0 [ 35.127436][ T3654] dump_stack+0x15/0x1b [ 35.127526][ T3654] should_fail_ex+0x263/0x280 [ 35.127563][ T3654] should_failslab+0x8c/0xb0 [ 35.127586][ T3654] kmem_cache_alloc_noprof+0x68/0x490 [ 35.127616][ T3654] ? audit_log_start+0x34c/0x730 [ 35.127682][ T3654] audit_log_start+0x34c/0x730 [ 35.127702][ T3654] ? kstrtouint+0x76/0xc0 [ 35.127725][ T3654] audit_seccomp+0x47/0x100 [ 35.127758][ T3654] ? __seccomp_filter+0x8db/0x1350 [ 35.127791][ T3654] __seccomp_filter+0x8ec/0x1350 [ 35.127888][ T3654] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 35.127922][ T3654] ? vfs_write+0x86e/0x9f0 [ 35.127944][ T3654] __secure_computing+0x81/0x150 [ 35.127982][ T3654] syscall_trace_enter+0xce/0x1e0 [ 35.128032][ T3654] do_syscall_64+0x9a/0x2a0 [ 35.128060][ T3654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 35.128096][ T3654] RIP: 0033:0x7f39f673acb9 [ 35.128111][ T3654] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 35.128128][ T3654] RSP: 002b:00007f39f5197028 EFLAGS: 00000246 ORIG_RAX: 00000000000000dc [ 35.128148][ T3654] RAX: ffffffffffffffda RBX: 00007f39f69b5fa0 RCX: 00007f39f673acb9 [ 35.128163][ T3654] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 35.128179][ T3654] RBP: 00007f39f5197090 R08: 0000000000000000 R09: 0000000000000000 [ 35.128192][ T3654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 35.128211][ T3654] R13: 00007f39f69b6038 R14: 00007f39f69b5fa0 R15: 00007ffe15723478 [ 35.128326][ T3654] [ 35.242015][ T3656] EXT4-fs: inline encryption not supported [ 35.331024][ T3656] EXT4-fs: Ignoring removed nobh option [ 35.336720][ T3656] EXT4-fs: Ignoring removed bh option [ 35.347501][ T3656] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.376310][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.422344][ T3662] syzkaller1: entered promiscuous mode [ 35.427915][ T3662] syzkaller1: entered allmulticast mode [ 35.459622][ T3662] netlink: 32 bytes leftover after parsing attributes in process `syz.2.62'. [ 35.468969][ T3665] netlink: 8 bytes leftover after parsing attributes in process `syz.4.63'. [ 35.528869][ T3665] FAT-fs (loop4): bogus sectors per cluster 223 [ 35.535208][ T3665] FAT-fs (loop4): Can't find a valid FAT filesystem [ 35.615967][ T3671] FAULT_INJECTION: forcing a failure. [ 35.615967][ T3671] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 35.629188][ T3671] CPU: 1 UID: 0 PID: 3671 Comm: syz.3.65 Not tainted syzkaller #0 PREEMPT(voluntary) [ 35.629215][ T3671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 35.629231][ T3671] Call Trace: [ 35.629240][ T3671] [ 35.629249][ T3671] __dump_stack+0x1d/0x30 [ 35.629311][ T3671] dump_stack_lvl+0x95/0xd0 [ 35.629414][ T3671] dump_stack+0x15/0x1b [ 35.629438][ T3671] should_fail_ex+0x263/0x280 [ 35.629513][ T3671] should_fail+0xb/0x20 [ 35.629580][ T3671] should_fail_usercopy+0x1a/0x20 [ 35.629609][ T3671] _copy_from_user+0x1c/0xb0 [ 35.629643][ T3671] ___sys_sendmsg+0xc1/0x1e0 [ 35.629712][ T3671] __x64_sys_sendmsg+0xd4/0x160 [ 35.629752][ T3671] x64_sys_call+0x17ba/0x3000 [ 35.629776][ T3671] do_syscall_64+0xc0/0x2a0 [ 35.629806][ T3671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 35.629834][ T3671] RIP: 0033:0x7f39f673acb9 [ 35.629851][ T3671] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 35.629868][ T3671] RSP: 002b:00007f39f5197028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 35.629955][ T3671] RAX: ffffffffffffffda RBX: 00007f39f69b5fa0 RCX: 00007f39f673acb9 [ 35.629968][ T3671] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003 [ 35.629984][ T3671] RBP: 00007f39f5197090 R08: 0000000000000000 R09: 0000000000000000 [ 35.630000][ T3671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 35.630015][ T3671] R13: 00007f39f69b6038 R14: 00007f39f69b5fa0 R15: 00007ffe15723478 [ 35.630035][ T3671] [ 35.833964][ T3685] EXT4-fs: inline encryption not supported [ 35.840174][ T3685] EXT4-fs: Ignoring removed nobh option [ 35.845909][ T3685] EXT4-fs: Ignoring removed bh option [ 35.872705][ T3685] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.909261][ T3681] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.937846][ T3691] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3691 comm=syz.3.73 [ 35.951017][ T3691] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3691 comm=syz.3.73 [ 35.969557][ T3698] FAULT_INJECTION: forcing a failure. [ 35.969557][ T3698] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 35.982895][ T3698] CPU: 1 UID: 0 PID: 3698 Comm: syz.0.75 Not tainted syzkaller #0 PREEMPT(voluntary) [ 35.982927][ T3698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 35.982943][ T3698] Call Trace: [ 35.982951][ T3698] [ 35.982959][ T3698] __dump_stack+0x1d/0x30 [ 35.982989][ T3698] dump_stack_lvl+0x95/0xd0 [ 35.983140][ T3698] dump_stack+0x15/0x1b [ 35.983220][ T3698] should_fail_ex+0x263/0x280 [ 35.983243][ T3698] should_fail+0xb/0x20 [ 35.983284][ T3698] should_fail_usercopy+0x1a/0x20 [ 35.983322][ T3698] _copy_from_user+0x1c/0xb0 [ 35.983352][ T3698] kvmemdup_bpfptr_noprof+0x86/0xf0 [ 35.983444][ T3698] map_update_elem+0x372/0x440 [ 35.983473][ T3698] __sys_bpf+0x57b/0x7b0 [ 35.983497][ T3698] __x64_sys_bpf+0x41/0x50 [ 35.983582][ T3698] x64_sys_call+0x28e1/0x3000 [ 35.983615][ T3698] do_syscall_64+0xc0/0x2a0 [ 35.983726][ T3698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 35.983769][ T3698] RIP: 0033:0x7ff09952acb9 [ 35.983785][ T3698] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 35.983860][ T3698] RSP: 002b:00007ff097f87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 35.983899][ T3698] RAX: ffffffffffffffda RBX: 00007ff0997a5fa0 RCX: 00007ff09952acb9 [ 35.983918][ T3698] RDX: 0000000000000020 RSI: 00002000000048c0 RDI: 0000000000000002 [ 35.983935][ T3698] RBP: 00007ff097f87090 R08: 0000000000000000 R09: 0000000000000000 [ 35.983951][ T3698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 35.983965][ T3698] R13: 00007ff0997a6038 R14: 00007ff0997a5fa0 R15: 00007fffb59bed68 [ 35.984010][ T3698] [ 36.165533][ T3696] netlink: 'syz.4.74': attribute type 30 has an invalid length. [ 36.166244][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.200229][ T3705] FAULT_INJECTION: forcing a failure. [ 36.200229][ T3705] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 36.208902][ T3703] FAULT_INJECTION: forcing a failure. [ 36.208902][ T3703] name failslab, interval 1, probability 0, space 0, times 0 [ 36.214082][ T3705] CPU: 1 UID: 0 PID: 3705 Comm: syz.0.78 Not tainted syzkaller #0 PREEMPT(voluntary) [ 36.214175][ T3705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 36.214217][ T3705] Call Trace: [ 36.214237][ T3705] [ 36.214267][ T3705] __dump_stack+0x1d/0x30 [ 36.214363][ T3705] dump_stack_lvl+0x95/0xd0 [ 36.214477][ T3705] dump_stack+0x15/0x1b [ 36.214545][ T3705] should_fail_ex+0x263/0x280 [ 36.214624][ T3705] should_fail+0xb/0x20 [ 36.214727][ T3705] should_fail_usercopy+0x1a/0x20 [ 36.214807][ T3705] _copy_to_user+0x20/0xa0 [ 36.214951][ T3705] msr_read+0xc9/0x160 [ 36.215051][ T3705] ? __pfx_msr_read+0x10/0x10 [ 36.215153][ T3705] vfs_readv+0x432/0x6e0 [ 36.215340][ T3705] do_readv+0xe9/0x210 [ 36.215421][ T3705] __x64_sys_readv+0x45/0x50 [ 36.215490][ T3705] x64_sys_call+0x2831/0x3000 [ 36.215693][ T3705] do_syscall_64+0xc0/0x2a0 [ 36.215764][ T3705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 36.215884][ T3705] RIP: 0033:0x7ff09952acb9 [ 36.215980][ T3705] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 36.216075][ T3705] RSP: 002b:00007ff097f87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 36.216177][ T3705] RAX: ffffffffffffffda RBX: 00007ff0997a5fa0 RCX: 00007ff09952acb9 [ 36.216220][ T3705] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000003 [ 36.216262][ T3705] RBP: 00007ff097f87090 R08: 0000000000000000 R09: 0000000000000000 [ 36.216302][ T3705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 36.216343][ T3705] R13: 00007ff0997a6038 R14: 00007ff0997a5fa0 R15: 00007fffb59bed68 [ 36.216427][ T3705] [ 36.399928][ T3703] CPU: 0 UID: 0 PID: 3703 Comm: syz.1.77 Not tainted syzkaller #0 PREEMPT(voluntary) [ 36.399962][ T3703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 36.400041][ T3703] Call Trace: [ 36.400050][ T3703] [ 36.400060][ T3703] __dump_stack+0x1d/0x30 [ 36.400092][ T3703] dump_stack_lvl+0x95/0xd0 [ 36.400126][ T3703] dump_stack+0x15/0x1b [ 36.400223][ T3703] should_fail_ex+0x263/0x280 [ 36.400254][ T3703] should_failslab+0x8c/0xb0 [ 36.400354][ T3703] kmem_cache_alloc_noprof+0x68/0x490 [ 36.400383][ T3703] ? audit_log_start+0x34c/0x730 [ 36.400410][ T3703] audit_log_start+0x34c/0x730 [ 36.400435][ T3703] ? __rcu_read_unlock+0x4e/0x70 [ 36.400518][ T3703] audit_seccomp+0x47/0x100 [ 36.400627][ T3703] ? __seccomp_filter+0x8db/0x1350 [ 36.400663][ T3703] __seccomp_filter+0x8ec/0x1350 [ 36.400700][ T3703] ? __schedule+0x82d/0xc90 [ 36.400757][ T3703] __secure_computing+0x81/0x150 [ 36.400841][ T3703] syscall_trace_enter+0xce/0x1e0 [ 36.400870][ T3703] do_syscall_64+0x9a/0x2a0 [ 36.400928][ T3703] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 36.400958][ T3703] RIP: 0033:0x7f1d9bc7b58e [ 36.401007][ T3703] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 36.401029][ T3703] RSP: 002b:00007f1d9a716fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 36.401053][ T3703] RAX: ffffffffffffffda RBX: 00007f1d9a7176c0 RCX: 00007f1d9bc7b58e [ 36.401070][ T3703] RDX: 000000000000000f RSI: 00007f1d9a7170a0 RDI: 0000000000000005 [ 36.401161][ T3703] RBP: 00007f1d9a717090 R08: 0000000000000000 R09: 0000000000000000 [ 36.401176][ T3703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 36.401192][ T3703] R13: 00007f1d9bf36038 R14: 00007f1d9bf35fa0 R15: 00007ffdb65c7328 [ 36.401217][ T3703] [ 36.643176][ T3722] veth0_virt_wifi: entered promiscuous mode [ 36.659698][ T3724] set_capacity_and_notify: 5 callbacks suppressed [ 36.659716][ T3724] loop3: detected capacity change from 0 to 512 [ 36.661388][ T3722] veth0_virt_wifi: left promiscuous mode [ 36.711571][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.732365][ T3728] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3728 comm=syz.3.86 [ 36.780708][ T3728] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3728 comm=syz.3.86 [ 36.797382][ T3732] loop4: detected capacity change from 0 to 512 [ 36.821152][ T3732] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.866594][ T29] kauditd_printk_skb: 343 callbacks suppressed [ 36.866610][ T29] audit: type=1400 audit(1768710949.864:460): avc: denied { create } for pid=3738 comm="syz.2.90" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 36.978106][ T29] audit: type=1400 audit(1768710949.894:461): avc: denied { connect } for pid=3738 comm="syz.2.90" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 36.997904][ T29] audit: type=1400 audit(1768710949.914:462): avc: denied { getopt } for pid=3738 comm="syz.2.90" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 37.044841][ T3739] loop2: detected capacity change from 0 to 8192 [ 37.056675][ T29] audit: type=1400 audit(1768710950.044:463): avc: denied { read } for pid=3746 comm="syz.3.94" name="nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 37.079782][ T29] audit: type=1400 audit(1768710950.044:464): avc: denied { open } for pid=3746 comm="syz.3.94" path="/dev/nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 37.220000][ T29] audit: type=1400 audit(1768710950.104:465): avc: denied { create } for pid=3748 comm="syz.1.95" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 37.239276][ T29] audit: type=1400 audit(1768710950.114:466): avc: denied { bpf } for pid=3748 comm="syz.1.95" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 37.259973][ T29] audit: type=1400 audit(1768710950.114:467): avc: denied { module_request } for pid=3748 comm="syz.1.95" kmod=6E65746465762D3615DC5C56C46ED608CF8EB5720F3D scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 37.284249][ T29] audit: type=1400 audit(1768710950.144:468): avc: denied { ioctl } for pid=3746 comm="syz.3.94" path="/dev/nvram" dev="devtmpfs" ino=98 ioctlcmd=0x7041 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 37.309240][ T29] audit: type=1400 audit(1768710950.174:469): avc: denied { perfmon } for pid=3756 comm="syz.3.97" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 37.361833][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.402492][ T3775] FAULT_INJECTION: forcing a failure. [ 37.402492][ T3775] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 37.411948][ T3773] loop0: detected capacity change from 0 to 1024 [ 37.415886][ T3775] CPU: 0 UID: 0 PID: 3775 Comm: syz.4.104 Not tainted syzkaller #0 PREEMPT(voluntary) [ 37.415917][ T3775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 37.415929][ T3775] Call Trace: [ 37.415936][ T3775] [ 37.415960][ T3775] __dump_stack+0x1d/0x30 [ 37.416013][ T3775] dump_stack_lvl+0x95/0xd0 [ 37.416076][ T3775] dump_stack+0x15/0x1b [ 37.416137][ T3775] should_fail_ex+0x263/0x280 [ 37.416217][ T3775] should_fail+0xb/0x20 [ 37.416327][ T3775] should_fail_usercopy+0x1a/0x20 [ 37.416467][ T3775] _copy_from_user+0x1c/0xb0 [ 37.416556][ T3775] kvmemdup_bpfptr_noprof+0x86/0xf0 [ 37.416650][ T3775] map_update_elem+0x372/0x440 [ 37.416721][ T3775] __sys_bpf+0x57b/0x7b0 [ 37.416835][ T3775] __x64_sys_bpf+0x41/0x50 [ 37.416994][ T3775] x64_sys_call+0x28e1/0x3000 [ 37.417083][ T3775] do_syscall_64+0xc0/0x2a0 [ 37.417205][ T3775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 37.417275][ T3775] RIP: 0033:0x7f62407eacb9 [ 37.417318][ T3775] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 37.417394][ T3775] RSP: 002b:00007f623f247028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 37.417455][ T3775] RAX: ffffffffffffffda RBX: 00007f6240a65fa0 RCX: 00007f62407eacb9 [ 37.417496][ T3775] RDX: 0000000000000020 RSI: 0000200000000600 RDI: 0000000000000002 [ 37.417536][ T3775] RBP: 00007f623f247090 R08: 0000000000000000 R09: 0000000000000000 [ 37.417575][ T3775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 37.417615][ T3775] R13: 00007f6240a66038 R14: 00007f6240a65fa0 R15: 00007ffe7ef9eb28 [ 37.417669][ T3775] [ 37.580866][ T3783] __nla_validate_parse: 6 callbacks suppressed [ 37.580894][ T3783] netlink: 32 bytes leftover after parsing attributes in process `syz.1.108'. [ 37.593634][ T3780] loop3: detected capacity change from 0 to 128 [ 37.610167][ T3785] loop4: detected capacity change from 0 to 512 [ 37.620947][ T3773] EXT4-fs: Ignoring removed bh option [ 37.639550][ T3780] loop3: detected capacity change from 0 to 512 [ 37.655491][ T3780] EXT4-fs: dax option not supported [ 37.680916][ T3773] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.724593][ T3780] loop3: detected capacity change from 0 to 128 [ 37.733349][ T3773] forcing mempool usage for bio_alloc_bioset+0x57e/0xa50 [ 37.780276][ T3799] netlink: 'syz.2.113': attribute type 21 has an invalid length. [ 37.788287][ T3799] netlink: 100 bytes leftover after parsing attributes in process `syz.2.113'. [ 37.828627][ T3773] syz.0.103 (3773) used greatest stack depth: 10024 bytes left [ 37.838298][ T3802] random: crng reseeded on system resumption [ 37.838398][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.017064][ T3818] netlink: 'syz.0.120': attribute type 21 has an invalid length. [ 38.024946][ T3818] IPv6: NLM_F_CREATE should be specified when creating new route [ 38.048472][ T3818] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 38.055855][ T3818] IPv6: NLM_F_CREATE should be set when creating new route [ 38.063073][ T3818] IPv6: NLM_F_CREATE should be set when creating new route [ 38.070331][ T3818] IPv6: NLM_F_CREATE should be set when creating new route [ 38.104521][ T3825] netlink: 4 bytes leftover after parsing attributes in process `syz.0.122'. [ 38.118986][ T3825] team0: Port device team_slave_1 removed [ 38.168263][ T3825] netlink: 'syz.0.122': attribute type 4 has an invalid length. [ 38.176081][ T3825] netlink: 17 bytes leftover after parsing attributes in process `syz.0.122'. [ 38.220608][ T3832] loop3: detected capacity change from 0 to 2048 [ 38.257895][ T3832] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.399608][ T3847] loop4: detected capacity change from 0 to 512 [ 38.439900][ T3847] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 38.472995][ T3847] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.129: invalid indirect mapped block 4294967295 (level 1) [ 38.495890][ T2029] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 38.511046][ T3847] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.129: invalid indirect mapped block 4294967295 (level 1) [ 38.544097][ T2029] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 160 with error 28 [ 38.556581][ T2029] EXT4-fs (loop3): This should not happen!! Data will be lost [ 38.556581][ T2029] [ 38.566262][ T2029] EXT4-fs (loop3): Total free blocks count 0 [ 38.572276][ T2029] EXT4-fs (loop3): Free/Dirty block details [ 38.578309][ T2029] EXT4-fs (loop3): free_blocks=66060288 [ 38.583878][ T2029] EXT4-fs (loop3): dirty_blocks=160 [ 38.589131][ T2029] EXT4-fs (loop3): Block reservation details [ 38.595141][ T2029] EXT4-fs (loop3): i_reserved_data_blocks=10 [ 38.615938][ T3847] EXT4-fs (loop4): 2 truncates cleaned up [ 38.622217][ T3847] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.648466][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.790706][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.882012][ T3868] netlink: 'syz.0.138': attribute type 10 has an invalid length. [ 38.909878][ T3867] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 38.935391][ T3871] netlink: 'syz.0.138': attribute type 10 has an invalid length. [ 38.947416][ T3871] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 38.971035][ T3868] bond0: (slave dummy0): Releasing backup interface [ 38.987398][ T3868] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 39.006020][ T3868] team0: Failed to send options change via netlink (err -105) [ 39.013557][ T3868] team0: Port device dummy0 added [ 39.057061][ T3867] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.128958][ T3867] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.141676][ T3881] netlink: 16 bytes leftover after parsing attributes in process `syz.2.140'. [ 39.159275][ T3881] netlink: 252 bytes leftover after parsing attributes in process `syz.2.140'. [ 39.169265][ T3881] unsupported nlmsg_type 40 [ 39.193731][ T3881] FAT-fs (loop2): bogus logical sector size 2134 [ 39.197130][ T3884] EXT4-fs: inline encryption not supported [ 39.200455][ T3881] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 39.215341][ T3881] FAT-fs (loop2): Can't find a valid FAT filesystem [ 39.235248][ T3867] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.251666][ T3884] EXT4-fs: Ignoring removed nobh option [ 39.257414][ T3884] EXT4-fs: Ignoring removed bh option [ 39.272556][ T3879] 9p: Could not find request transport: fdrfdno=0x0000000000000009 [ 39.283039][ T3881] netlink: 76 bytes leftover after parsing attributes in process `syz.2.140'. [ 39.305985][ T1711] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.315776][ T3884] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.322606][ T1711] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.345842][ T1711] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.355235][ T1711] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.417427][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.428411][ T3893] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 39.461720][ T3893] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.545644][ T3305] loop0: p1 < > p4 [ 39.554912][ T3305] loop0: p4 size 8388608 extends beyond EOD, truncated [ 39.568166][ T3899] loop0: p1 < > p4 [ 39.574362][ T3903] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.587210][ T3899] loop0: p4 size 8388608 extends beyond EOD, truncated [ 39.627096][ T3796] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 39.636199][ T3909] EXT4-fs error (device loop2): ext4_free_blocks:6728: comm syz.2.143: Freeing blocks not in datazone - block = 0, count = 16 [ 39.642840][ T3796] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 39.667016][ T3796] EXT4-fs (loop4): This should not happen!! Data will be lost [ 39.667016][ T3796] [ 39.676792][ T3796] EXT4-fs (loop4): Total free blocks count 0 [ 39.682795][ T3796] EXT4-fs (loop4): Free/Dirty block details [ 39.688803][ T3796] EXT4-fs (loop4): free_blocks=66060288 [ 39.694404][ T3796] EXT4-fs (loop4): dirty_blocks=32 [ 39.699604][ T3796] EXT4-fs (loop4): Block reservation details [ 39.705691][ T3796] EXT4-fs (loop4): i_reserved_data_blocks=2 [ 39.712323][ T1711] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 159 with max blocks 1 with error 28 [ 39.747736][ T3912] netlink: 4 bytes leftover after parsing attributes in process `syz.1.149'. [ 39.789340][ T3912] macsec1: entered allmulticast mode [ 39.794820][ T3912] veth1_macvtap: entered allmulticast mode [ 39.806220][ T3912] veth1_macvtap: left allmulticast mode [ 39.822392][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 39.866597][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 39.879396][ T1711] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm kworker/u8:7: bg 0: block 112: padding at end of block bitmap is not set [ 39.903832][ T3923] netlink: 'syz.0.152': attribute type 1 has an invalid length. [ 39.923244][ T3301] udevd[3301]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 39.926572][ T1711] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 28 [ 39.939041][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 39.945458][ T1711] EXT4-fs (loop2): This should not happen!! Data will be lost [ 39.945458][ T1711] [ 39.964672][ T1711] EXT4-fs (loop2): Total free blocks count 0 [ 39.970702][ T1711] EXT4-fs (loop2): Free/Dirty block details [ 39.976644][ T1711] EXT4-fs (loop2): free_blocks=16 [ 39.981746][ T1711] EXT4-fs (loop2): dirty_blocks=16 [ 39.986922][ T1711] EXT4-fs (loop2): Block reservation details [ 39.992923][ T1711] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 40.000008][ T3925] EXT4-fs: inline encryption not supported [ 40.006441][ T3925] EXT4-fs: Ignoring removed nobh option [ 40.012139][ T3925] EXT4-fs: Ignoring removed bh option [ 40.024364][ T3923] 8021q: adding VLAN 0 to HW filter on device bond1 [ 40.036949][ T3925] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.040145][ T3927] ip6erspan0: entered promiscuous mode [ 40.064783][ T3927] bond1: (slave ip6erspan0): making interface the new active one [ 40.080064][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 40.086428][ T3927] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 40.112815][ T3933] program syz.2.153 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 40.113618][ T3923] macvlan2: entered promiscuous mode [ 40.134921][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.151774][ T3923] bond1: entered promiscuous mode [ 40.158683][ T3923] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 40.172454][ T3923] bond1: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 40.189643][ T3923] bond1: left promiscuous mode [ 40.200022][ T3937] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=18208 sclass=netlink_route_socket pid=3937 comm=syz.4.156 [ 40.216978][ T3931] netlink: 10 bytes leftover after parsing attributes in process `syz.1.155'. [ 40.300219][ T3938] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 40.333840][ T3947] netlink: 40 bytes leftover after parsing attributes in process `syz.2.158'. [ 40.348494][ T3947] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3947 comm=syz.2.158 [ 40.480289][ T3959] capability: warning: `syz.2.163' uses deprecated v2 capabilities in a way that may be insecure [ 40.670027][ T3968] EXT4-fs: inline encryption not supported [ 40.686046][ T3968] EXT4-fs: Ignoring removed nobh option [ 40.691756][ T3968] EXT4-fs: Ignoring removed bh option [ 40.734653][ T3972] EXT4-fs: Ignoring removed bh option [ 40.758059][ T3968] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.774211][ T3972] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 40.805685][ T3972] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.855433][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.900487][ T3981] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3981 comm=syz.0.169 [ 40.931055][ T3983] FAULT_INJECTION: forcing a failure. [ 40.931055][ T3983] name failslab, interval 1, probability 0, space 0, times 0 [ 40.944286][ T3983] CPU: 1 UID: 0 PID: 3983 Comm: syz.0.170 Not tainted syzkaller #0 PREEMPT(voluntary) [ 40.944348][ T3983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 40.944365][ T3983] Call Trace: [ 40.944373][ T3983] [ 40.944382][ T3983] __dump_stack+0x1d/0x30 [ 40.944489][ T3983] dump_stack_lvl+0x95/0xd0 [ 40.944511][ T3983] dump_stack+0x15/0x1b [ 40.944538][ T3983] should_fail_ex+0x263/0x280 [ 40.944570][ T3983] should_failslab+0x8c/0xb0 [ 40.944660][ T3983] __kmalloc_noprof+0xb8/0x580 [ 40.944690][ T3983] ? ethnl_default_notify+0x10f/0x6e0 [ 40.944745][ T3983] ethnl_default_notify+0x10f/0x6e0 [ 40.944765][ T3983] ? call_netdevice_notifiers+0xa3/0x110 [ 40.944793][ T3983] ethnl_notify+0x9d/0x150 [ 40.944837][ T3983] ethtool_notify+0x1d/0x30 [ 40.944862][ T3983] ethtool_set_channels+0x4c2/0x4d0 [ 40.944910][ T3983] dev_ethtool+0x15b2/0x16a0 [ 40.944936][ T3983] ? full_name_hash+0x92/0xe0 [ 40.944971][ T3983] dev_ioctl+0x2e0/0x960 [ 40.945017][ T3983] sock_do_ioctl+0x1aa/0x230 [ 40.945047][ T3983] sock_ioctl+0x41b/0x610 [ 40.945065][ T3983] ? mutex_lock+0x57/0x90 [ 40.945094][ T3983] ? __pfx_sock_ioctl+0x10/0x10 [ 40.945118][ T3983] __se_sys_ioctl+0xce/0x140 [ 40.945235][ T3983] __x64_sys_ioctl+0x43/0x50 [ 40.945271][ T3983] x64_sys_call+0x14b0/0x3000 [ 40.945328][ T3983] do_syscall_64+0xc0/0x2a0 [ 40.945355][ T3983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 40.945412][ T3983] RIP: 0033:0x7ff09952acb9 [ 40.945492][ T3983] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 40.945510][ T3983] RSP: 002b:00007ff097f87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 40.945529][ T3983] RAX: ffffffffffffffda RBX: 00007ff0997a5fa0 RCX: 00007ff09952acb9 [ 40.945543][ T3983] RDX: 00002000000002c0 RSI: 0000000000008946 RDI: 0000000000000003 [ 40.945555][ T3983] RBP: 00007ff097f87090 R08: 0000000000000000 R09: 0000000000000000 [ 40.945631][ T3983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 40.945648][ T3983] R13: 00007ff0997a6038 R14: 00007ff0997a5fa0 R15: 00007fffb59bed68 [ 40.945672][ T3983] [ 40.984278][ T3972] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.167: bg 0: block 112: padding at end of block bitmap is not set [ 41.182052][ T3972] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 51 with error 117 [ 41.194643][ T3972] EXT4-fs (loop3): This should not happen!! Data will be lost [ 41.194643][ T3972] [ 41.260302][ T3972] syz.3.167 (3972) used greatest stack depth: 9320 bytes left [ 41.277881][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 41.738596][ T3989] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.777642][ T3989] ext4 filesystem being mounted at /42/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.927752][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.063014][ T4025] set_capacity_and_notify: 10 callbacks suppressed [ 42.063035][ T4025] loop2: detected capacity change from 0 to 2048 [ 42.106866][ T4025] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.132332][ T3796] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 42.152186][ T3796] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 42.164484][ T3796] EXT4-fs (loop2): This should not happen!! Data will be lost [ 42.164484][ T3796] [ 42.174192][ T3796] EXT4-fs (loop2): Total free blocks count 0 [ 42.180305][ T3796] EXT4-fs (loop2): Free/Dirty block details [ 42.186303][ T3796] EXT4-fs (loop2): free_blocks=66060288 [ 42.191876][ T3796] EXT4-fs (loop2): dirty_blocks=32 [ 42.197206][ T3796] EXT4-fs (loop2): Block reservation details [ 42.203205][ T3796] EXT4-fs (loop2): i_reserved_data_blocks=2 [ 42.209623][ T3796] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 159 with max blocks 1 with error 28 [ 42.286646][ T4031] loop3: detected capacity change from 0 to 512 [ 42.303859][ T4031] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.322366][ T29] kauditd_printk_skb: 67 callbacks suppressed [ 42.322385][ T29] audit: type=1400 audit(1768710955.314:537): avc: denied { read append open } for pid=4030 comm="syz.3.185" path="/34/file0/cgroup.controllers" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 42.442397][ T29] audit: type=1400 audit(1768710955.354:538): avc: denied { write } for pid=4039 comm="syz.2.188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 42.570876][ T29] audit: type=1400 audit(1768710955.564:539): avc: denied { setopt } for pid=4044 comm="syz.1.189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 42.641723][ T29] audit: type=1400 audit(1768710955.594:540): avc: denied { write } for pid=4044 comm="syz.1.189" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 42.665006][ T29] audit: type=1400 audit(1768710955.594:541): avc: denied { open } for pid=4044 comm="syz.1.189" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 42.688888][ T29] audit: type=1400 audit(1768710955.594:542): avc: denied { ioctl } for pid=4044 comm="syz.1.189" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x937a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 42.784692][ T29] audit: type=1400 audit(1768710955.774:543): avc: denied { getopt } for pid=4047 comm="syz.1.190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 42.809121][ T4041] netlink: 'syz.2.188': attribute type 1 has an invalid length. [ 42.880507][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.931466][ T29] audit: type=1400 audit(1768710955.924:544): avc: denied { read } for pid=4052 comm="syz.3.192" path="socket:[6071]" dev="sockfs" ino=6071 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 42.978347][ T4055] loop2: detected capacity change from 0 to 764 [ 42.981910][ T29] audit: type=1400 audit(1768710955.954:545): avc: denied { audit_read } for pid=4052 comm="syz.3.192" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 43.010634][ T4057] loop1: detected capacity change from 0 to 2048 [ 43.027733][ T4055] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4055 comm=syz.2.193 [ 43.059104][ T4057] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.068886][ T4063] __nla_validate_parse: 1 callbacks suppressed [ 43.068925][ T4063] netlink: 12 bytes leftover after parsing attributes in process `syz.3.196'. [ 43.086966][ T4063] netlink: 12 bytes leftover after parsing attributes in process `syz.3.196'. [ 43.129003][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.133712][ T4063] netlink: 4 bytes leftover after parsing attributes in process `syz.3.196'. [ 43.160386][ T4063] loop3: detected capacity change from 0 to 1764 [ 43.174915][ T4063] iso9660: Unknown parameter 'ÿ0x0000000000000000' [ 43.221132][ T29] audit: type=1400 audit(1768710956.214:546): avc: denied { read write } for pid=4070 comm="syz.2.199" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 43.461024][ T4086] Driver unsupported XDP return value 0 on prog (id 39) dev N/A, expect packet loss! [ 43.556794][ T4088] loop3: detected capacity change from 0 to 2048 [ 43.596420][ T4088] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.631651][ T1711] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 43.679796][ T1711] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 43.692169][ T1711] EXT4-fs (loop3): This should not happen!! Data will be lost [ 43.692169][ T1711] [ 43.701965][ T1711] EXT4-fs (loop3): Total free blocks count 0 [ 43.708052][ T1711] EXT4-fs (loop3): Free/Dirty block details [ 43.714004][ T1711] EXT4-fs (loop3): free_blocks=66060288 [ 43.719616][ T1711] EXT4-fs (loop3): dirty_blocks=32 [ 43.724736][ T1711] EXT4-fs (loop3): Block reservation details [ 43.730824][ T1711] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 43.825803][ T1711] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 159 with max blocks 1 with error 28 [ 44.131653][ T4111] loop3: detected capacity change from 0 to 2048 [ 44.150475][ T4084] loop4: detected capacity change from 0 to 128 [ 44.172102][ T4084] FAT-fs (loop4): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 44.224890][ T4111] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.231722][ T4118] netlink: 40 bytes leftover after parsing attributes in process `syz.2.209'. [ 44.267001][ T4118] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4118 comm=syz.2.209 [ 44.281827][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.305769][ T4101] cgroup: none used incorrectly [ 44.414485][ T4123] loop3: detected capacity change from 0 to 128 [ 44.425987][ T4123] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 44.484367][ T4123] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 44.518040][ T4078] syz.4.200 (4078) used greatest stack depth: 7416 bytes left [ 44.534671][ T1711] FAT-fs (loop4): error, invalid FAT chain (i_pos 550, last_block 8) [ 44.542894][ T1711] FAT-fs (loop4): Filesystem has been set read-only [ 44.559275][ T1711] FAT-fs (loop4): error, corrupted file size (i_pos 550, 522) [ 44.576222][ T4133] netlink: 16 bytes leftover after parsing attributes in process `syz.3.214'. [ 44.594080][ T4132] loop4: detected capacity change from 0 to 512 [ 44.607341][ T4133] netlink: 252 bytes leftover after parsing attributes in process `syz.3.214'. [ 44.655379][ T4133] FAT-fs (loop3): bogus logical sector size 2134 [ 44.661783][ T4133] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 44.671177][ T4133] FAT-fs (loop3): Can't find a valid FAT filesystem [ 44.690968][ T4132] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.710621][ T4133] netlink: 76 bytes leftover after parsing attributes in process `syz.3.214'. [ 44.723800][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.856821][ T4146] netlink: 'syz.4.218': attribute type 21 has an invalid length. [ 44.864727][ T4146] IPv6: NLM_F_CREATE should be specified when creating new route [ 44.872554][ T4146] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 44.879809][ T4146] IPv6: NLM_F_CREATE should be set when creating new route [ 44.887041][ T4146] IPv6: NLM_F_CREATE should be set when creating new route [ 44.894326][ T4146] IPv6: NLM_F_CREATE should be set when creating new route [ 45.195983][ T4155] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.424070][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.491028][ T4165] EXT4-fs warning (device loop2): dx_probe:861: inode #2: comm syz.2.224: dx entry: limit 1024 != root limit 124 [ 45.503150][ T4165] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.224: Corrupt directory, running e2fsck is recommended [ 45.518844][ T4165] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 45.528393][ T4165] EXT4-fs error (device loop2): ext4_iget_extra_inode:5073: inode #15: comm syz.2.224: corrupted in-inode xattr: invalid ea_ino [ 45.542237][ T4165] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.224: couldn't read orphan inode 15 (err -117) [ 45.555786][ T4165] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.578409][ T4165] EXT4-fs warning (device loop2): dx_probe:861: inode #2: comm syz.2.224: dx entry: limit 1024 != root limit 124 [ 45.590410][ T4165] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.224: Corrupt directory, running e2fsck is recommended [ 45.607540][ T4165] EXT4-fs warning (device loop2): dx_probe:861: inode #2: comm syz.2.224: dx entry: limit 1024 != root limit 124 [ 45.619602][ T4165] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.224: Corrupt directory, running e2fsck is recommended [ 45.640134][ T4165] EXT4-fs warning (device loop2): dx_probe:861: inode #2: comm syz.2.224: dx entry: limit 1024 != root limit 124 [ 45.652215][ T4165] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.224: Corrupt directory, running e2fsck is recommended [ 45.691742][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.724254][ T4173] netlink: 76 bytes leftover after parsing attributes in process `syz.4.227'. [ 45.782653][ T4175] EXT4-fs: Ignoring removed bh option [ 45.812872][ T4177] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.856952][ T4175] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 45.884015][ T4175] ext4 filesystem being mounted at /45/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.898041][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.949500][ T4175] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.228: bg 0: block 112: padding at end of block bitmap is not set [ 45.964401][ T4175] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 51 with error 117 [ 45.976976][ T4175] EXT4-fs (loop4): This should not happen!! Data will be lost [ 45.976976][ T4175] [ 46.041089][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 46.058658][ T4188] netlink: 40 bytes leftover after parsing attributes in process `syz.0.231'. [ 46.092350][ T4188] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4188 comm=syz.0.231 [ 46.216704][ T4196] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 46.236566][ T4203] FAULT_INJECTION: forcing a failure. [ 46.236566][ T4203] name failslab, interval 1, probability 0, space 0, times 0 [ 46.249383][ T4203] CPU: 0 UID: 0 PID: 4203 Comm: syz.1.238 Not tainted syzkaller #0 PREEMPT(voluntary) [ 46.249409][ T4203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 46.249449][ T4203] Call Trace: [ 46.249456][ T4203] [ 46.249465][ T4203] __dump_stack+0x1d/0x30 [ 46.249494][ T4203] dump_stack_lvl+0x95/0xd0 [ 46.249520][ T4203] dump_stack+0x15/0x1b [ 46.249586][ T4203] should_fail_ex+0x263/0x280 [ 46.249614][ T4203] should_failslab+0x8c/0xb0 [ 46.249639][ T4203] kmem_cache_alloc_lru_noprof+0x6c/0x490 [ 46.249682][ T4203] ? __d_alloc+0x37/0x340 [ 46.249740][ T4203] __d_alloc+0x37/0x340 [ 46.249773][ T4203] d_alloc_pseudo+0x1e/0x80 [ 46.249827][ T4203] alloc_file_pseudo+0x91/0x190 [ 46.249865][ T4203] __shmem_file_setup+0x1dd/0x210 [ 46.249898][ T4203] shmem_file_setup+0x3b/0x50 [ 46.249927][ T4203] __se_sys_memfd_create+0x2f6/0x6c0 [ 46.249989][ T4203] __x64_sys_memfd_create+0x31/0x40 [ 46.250028][ T4203] x64_sys_call+0x28cb/0x3000 [ 46.250073][ T4203] do_syscall_64+0xc0/0x2a0 [ 46.250094][ T4203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 46.250115][ T4203] RIP: 0033:0x7f1d9bcbacb9 [ 46.250133][ T4203] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 46.250204][ T4203] RSP: 002b:00007f1d9a716e08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 46.250244][ T4203] RAX: ffffffffffffffda RBX: 00000000000004d4 RCX: 00007f1d9bcbacb9 [ 46.250261][ T4203] RDX: 00007f1d9a716ee0 RSI: 0000000000000000 RDI: 00007f1d9bd2730b [ 46.250278][ T4203] RBP: 0000200000000bc0 R08: 00000000ffffffff R09: 0000000000000000 [ 46.250323][ T4203] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000080 [ 46.250338][ T4203] R13: 00007f1d9a716ee0 R14: 00007f1d9a716ea0 R15: 0000200000000400 [ 46.250363][ T4203] [ 46.252423][ T4196] ext4 filesystem being mounted at /59/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 46.274681][ T4204] syz.3.237: attempt to access beyond end of device [ 46.274681][ T4204] loop3: rw=2049, sector=154, nr_sectors = 8 limit=128 [ 46.463100][ T4210] netlink: 76 bytes leftover after parsing attributes in process `syz.4.239'. [ 46.467421][ T3325] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 46.482469][ T4198] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.506569][ T4204] syz.3.237: attempt to access beyond end of device [ 46.506569][ T4204] loop3: rw=2049, sector=154, nr_sectors = 2 limit=128 [ 46.581965][ T4214] bond1: (slave bond_slave_1): Device is not bonding slave [ 46.589251][ T4214] bond1: option active_slave: invalid value (bond_slave_1) [ 46.602534][ T4219] EXT4-fs: Ignoring removed bh option [ 46.610838][ T4200] syz.3.237: attempt to access beyond end of device [ 46.610838][ T4200] loop3: rw=8390657, sector=154, nr_sectors = 2 limit=128 [ 46.624515][ T4200] Buffer I/O error on dev loop3, logical block 77, lost async page write [ 46.633543][ T4219] EXT4-fs: inline encryption not supported [ 46.642147][ T4214] bond1 (unregistering): Released all slaves [ 46.649083][ T4219] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 46.664506][ T4219] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce028, mo2=0000] [ 46.674303][ T4219] EXT4-fs error (device loop4): ext4_free_blocks:6728: comm syz.4.242: Freeing blocks not in datazone - block = 0, count = 4096 [ 46.689312][ T4219] EXT4-fs (loop4): Remounting filesystem read-only [ 46.696202][ T4219] EXT4-fs (loop4): 1 orphan inode deleted [ 46.702700][ T4219] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.715532][ T410] EXT4-fs (loop4): Quota write (off=2048, len=1024) cancelled because transaction is not started [ 46.726189][ T410] EXT4-fs (loop4): Quota write (off=2048, len=1024) cancelled because transaction is not started [ 46.742158][ T410] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 46.742819][ T3319] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.811513][ T4232] ------------[ cut here ]------------ [ 46.817213][ T4232] verifier bug: REG INVARIANTS VIOLATION (false_reg1): range bounds violation u64=[0x4000000, 0x0] s64=[0x4000000, 0x0] u32=[0x4000000, 0x0] s32=[0x4000000, 0x0] var_off=(0x0, 0x0) [ 46.835193][ T4232] WARNING: kernel/bpf/verifier.c:2748 at reg_bounds_sanity_check+0x15b/0x660, CPU#1: syz.1.245/4232 [ 46.846108][ T4232] Modules linked in: [ 46.847462][ T4234] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4234 comm=syz.3.246 [ 46.850091][ T4232] CPU: 1 UID: 0 PID: 4232 Comm: syz.1.245 Not tainted syzkaller #0 PREEMPT(voluntary) [ 46.872388][ T4232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 46.882589][ T4232] RIP: 0010:reg_bounds_sanity_check+0x27d/0x660 [ 46.888992][ T4232] Code: 24 78 4c 8b 44 24 70 4c 8b 4c 24 60 41 ff 74 24 20 41 55 53 ff 74 24 68 ff 74 24 78 ff b4 24 90 00 00 00 ff b4 24 b0 00 00 00 <67> 48 0f b9 3a 48 83 c4 38 4c 8b ac 24 98 00 00 00 49 8d 85 80 08 [ 46.908785][ T4232] RSP: 0018:ffffc900019cf3a0 EFLAGS: 00010246 [ 46.914936][ T4232] RAX: ffff88811cd63c10 RBX: 0000000000000000 RCX: 0000000004000000 [ 46.923014][ T4232] RDX: ffffffff867fcb34 RSI: ffffffff867d1629 RDI: ffffffff86fb6f20 [ 46.926752][ T4233] team0: Device gtp0 is of different type [ 46.931147][ T4232] RBP: ffff88811cc46ae0 R08: 0000000000000000 R09: 0000000004000000 [ 46.944791][ T4232] R10: 00000000000000d0 R11: 0000000000000002 R12: ffff88811cc46aa0 [ 46.952910][ T4232] R13: 0000000000000000 R14: ffff88811cc46aec R15: ffff88811cc46ad8 [ 46.961010][ T4232] FS: 00007f1d9a7176c0(0000) GS:ffff8882aec79000(0000) knlGS:0000000000000000 [ 46.970026][ T4232] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.976727][ T4232] CR2: 00007f1d9a716ff8 CR3: 000000011c2d6000 CR4: 00000000003506f0 [ 46.984786][ T4232] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 46.992813][ T4232] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 47.000841][ T4232] Call Trace: [ 47.004170][ T4232] [ 47.007261][ T4232] reg_set_min_max+0x21c/0x260 [ 47.012085][ T4232] check_cond_jmp_op+0x1367/0x1a80 [ 47.017285][ T4232] do_check+0x3356/0x8250 [ 47.021712][ T4232] do_check_common+0xccf/0x1300 [ 47.026635][ T4232] bpf_check+0x2f85/0xc890 [ 47.031139][ T4232] ? __alloc_frozen_pages_noprof+0x18a/0x350 [ 47.037345][ T4232] ? __vmap_pages_range_noflush+0xb9c/0xcc0 [ 47.043356][ T4232] ? pcpu_block_refresh_hint+0x10b/0x170 [ 47.049244][ T4232] ? pcpu_block_update_hint_alloc+0x640/0x660 [ 47.055457][ T4232] ? pcpu_block_update_hint_alloc+0x640/0x660 [ 47.061575][ T4232] ? css_rstat_updated+0xbb/0x280 [ 47.066697][ T4232] ? mod_memcg_state+0x182/0x260 [ 47.071733][ T4232] ? __rcu_read_unlock+0x4e/0x70 [ 47.076773][ T4232] ? pcpu_memcg_post_alloc_hook+0xec/0x170 [ 47.082661][ T4232] ? pcpu_alloc_noprof+0xd18/0x1210 [ 47.087976][ T4232] ? should_fail_ex+0x30/0x280 [ 47.092802][ T4232] ? __kmalloc_noprof+0x2a3/0x580 [ 47.097920][ T4232] ? security_bpf_prog_load+0x60/0x140 [ 47.103492][ T4232] ? selinux_bpf_prog_load+0xac/0xd0 [ 47.108947][ T4232] ? security_bpf_prog_load+0x9e/0x140 [ 47.114521][ T4232] bpf_prog_load+0xf76/0x1140 [ 47.119281][ T4232] ? security_bpf+0x2b/0x90 [ 47.123857][ T4232] __sys_bpf+0x469/0x7b0 [ 47.128241][ T4232] __x64_sys_bpf+0x41/0x50 [ 47.132700][ T4232] x64_sys_call+0x28e1/0x3000 [ 47.137589][ T4232] do_syscall_64+0xc0/0x2a0 [ 47.142160][ T4232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.148147][ T4232] RIP: 0033:0x7f1d9bcbacb9 [ 47.152586][ T4232] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 47.172723][ T4232] RSP: 002b:00007f1d9a717028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 47.181537][ T4232] RAX: ffffffffffffffda RBX: 00007f1d9bf35fa0 RCX: 00007f1d9bcbacb9 [ 47.189604][ T4232] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 47.197640][ T4232] RBP: 00007f1d9bd28bf7 R08: 0000000000000000 R09: 0000000000000000 [ 47.205660][ T4232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 47.213735][ T4232] R13: 00007f1d9bf36038 R14: 00007f1d9bf35fa0 R15: 00007ffdb65c7328 [ 47.221864][ T4232] [ 47.224931][ T4232] ---[ end trace 0000000000000000 ]--- [ 47.242042][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.392801][ T4259] set_capacity_and_notify: 10 callbacks suppressed [ 47.392821][ T4259] loop2: detected capacity change from 0 to 512 [ 47.406281][ T4262] FAULT_INJECTION: forcing a failure. [ 47.406281][ T4262] name failslab, interval 1, probability 0, space 0, times 0 [ 47.418989][ T4262] CPU: 1 UID: 0 PID: 4262 Comm: syz.3.255 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 47.419106][ T4262] Tainted: [W]=WARN [ 47.419114][ T4262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 47.419128][ T4262] Call Trace: [ 47.419137][ T4262] [ 47.419146][ T4262] __dump_stack+0x1d/0x30 [ 47.419174][ T4262] dump_stack_lvl+0x95/0xd0 [ 47.419214][ T4262] dump_stack+0x15/0x1b [ 47.419251][ T4262] should_fail_ex+0x263/0x280 [ 47.419280][ T4262] should_failslab+0x8c/0xb0 [ 47.419306][ T4262] kmem_cache_alloc_noprof+0x68/0x490 [ 47.419332][ T4262] ? skb_clone+0x151/0x1f0 [ 47.419381][ T4262] skb_clone+0x151/0x1f0 [ 47.419418][ T4262] __netlink_deliver_tap+0x2c9/0x500 [ 47.419508][ T4262] netlink_unicast+0x66b/0x690 [ 47.419550][ T4262] netlink_sendmsg+0x5c8/0x6f0 [ 47.419577][ T4262] ? __pfx_netlink_sendmsg+0x10/0x10 [ 47.419672][ T4262] __sock_sendmsg+0x145/0x170 [ 47.419700][ T4262] ____sys_sendmsg+0x31e/0x4a0 [ 47.419778][ T4262] ___sys_sendmsg+0x195/0x1e0 [ 47.419906][ T4262] __x64_sys_sendmsg+0xd4/0x160 [ 47.420058][ T4262] x64_sys_call+0x17ba/0x3000 [ 47.420131][ T4262] do_syscall_64+0xc0/0x2a0 [ 47.420155][ T4262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.420182][ T4262] RIP: 0033:0x7f39f673acb9 [ 47.420202][ T4262] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 47.420301][ T4262] RSP: 002b:00007f39f5197028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 47.420328][ T4262] RAX: ffffffffffffffda RBX: 00007f39f69b5fa0 RCX: 00007f39f673acb9 [ 47.420345][ T4262] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 47.420361][ T4262] RBP: 00007f39f5197090 R08: 0000000000000000 R09: 0000000000000000 [ 47.420376][ T4262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 47.420432][ T4262] R13: 00007f39f69b6038 R14: 00007f39f69b5fa0 R15: 00007ffe15723478 [ 47.420529][ T4262] [ 47.541680][ T29] kauditd_printk_skb: 41 callbacks suppressed [ 47.541728][ T29] audit: type=1400 audit(1768710960.534:583): avc: denied { connect } for pid=4257 comm="syz.4.253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 47.648697][ T29] audit: type=1400 audit(1768710960.534:584): avc: denied { connect } for pid=4257 comm="syz.4.253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 47.668365][ T29] audit: type=1400 audit(1768710960.534:585): avc: denied { ioctl } for pid=4257 comm="syz.4.253" path="socket:[7444]" dev="sockfs" ino=7444 ioctlcmd=0xb100 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 47.725524][ T4259] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.767722][ T4259] FAULT_INJECTION: forcing a failure. [ 47.767722][ T4259] name failslab, interval 1, probability 0, space 0, times 0 [ 47.780422][ T4259] CPU: 0 UID: 0 PID: 4259 Comm: syz.2.254 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 47.780458][ T4259] Tainted: [W]=WARN [ 47.780465][ T4259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 47.780479][ T4259] Call Trace: [ 47.780486][ T4259] [ 47.780494][ T4259] __dump_stack+0x1d/0x30 [ 47.780521][ T4259] dump_stack_lvl+0x95/0xd0 [ 47.780611][ T4259] dump_stack+0x15/0x1b [ 47.780632][ T4259] should_fail_ex+0x263/0x280 [ 47.780708][ T4259] should_failslab+0x8c/0xb0 [ 47.780732][ T4259] kmem_cache_alloc_noprof+0x68/0x490 [ 47.780796][ T4259] ? __es_insert_extent+0x508/0xee0 [ 47.780831][ T4259] __es_insert_extent+0x508/0xee0 [ 47.780926][ T4259] ext4_es_insert_extent+0x467/0x1c70 [ 47.780971][ T4259] ext4_map_blocks+0x941/0xd70 [ 47.781047][ T4259] _ext4_get_block+0x117/0x370 [ 47.781081][ T4259] ext4_get_block+0x39/0x50 [ 47.781131][ T4259] ext4_block_write_begin+0x650/0xcf0 [ 47.781173][ T4259] ? __pfx_ext4_get_block+0x10/0x10 [ 47.781205][ T4259] ? folio_mapping+0xb9/0xe0 [ 47.781292][ T4259] ext4_write_begin+0x636/0xe90 [ 47.781320][ T4259] ext4_da_write_begin+0x1f0/0x6b0 [ 47.781343][ T4259] ? inode_to_bdi+0x47/0xa0 [ 47.781361][ T4259] ? balance_dirty_pages_ratelimited_flags+0x420/0x800 [ 47.781402][ T4259] generic_perform_write+0x183/0x490 [ 47.781441][ T4259] ext4_buffered_write_iter+0x1ee/0x3c0 [ 47.781557][ T4259] ext4_file_write_iter+0x380/0xf70 [ 47.781647][ T4259] ? kstrtouint+0x76/0xc0 [ 47.781729][ T4259] ? kstrtouint_from_user+0xa8/0xf0 [ 47.781755][ T4259] ? avc_policy_seqno+0x15/0x30 [ 47.781776][ T4259] ? selinux_file_permission+0x1e1/0x320 [ 47.781867][ T4259] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 47.781904][ T4259] vfs_write+0x5a6/0x9f0 [ 47.781926][ T4259] ksys_write+0xdc/0x1a0 [ 47.781962][ T4259] __x64_sys_write+0x40/0x50 [ 47.782068][ T4269] loop3: detected capacity change from 0 to 512 [ 47.782073][ T4259] x64_sys_call+0x2847/0x3000 [ 47.782230][ T4259] do_syscall_64+0xc0/0x2a0 [ 47.782333][ T4259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.782474][ T4259] RIP: 0033:0x7f406072acb9 [ 47.782527][ T4259] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 47.782577][ T4259] RSP: 002b:00007f405f187028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 47.782655][ T4259] RAX: ffffffffffffffda RBX: 00007f40609a5fa0 RCX: 00007f406072acb9 [ 47.782698][ T4259] RDX: 000000000208e24b RSI: 0000200000000000 RDI: 0000000000000004 [ 47.782791][ T4259] RBP: 00007f405f187090 R08: 0000000000000000 R09: 0000000000000000 [ 47.782880][ T4259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 47.783094][ T4259] R13: 00007f40609a6038 R14: 00007f40609a5fa0 R15: 00007ffe8ab2e2c8 [ 47.783125][ T4259] [ 48.087378][ T4269] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.104679][ T1711] Bluetooth: hci0: Frame reassembly failed (-84) [ 48.111287][ T1711] Bluetooth: hci0: Frame reassembly failed (-84) [ 48.126369][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.188696][ T29] audit: type=1400 audit(1768710961.174:586): avc: denied { create } for pid=4276 comm="syz.3.257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 48.221384][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.265839][ T4282] loop4: detected capacity change from 0 to 256 [ 48.279987][ T4282] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 48.288793][ T4282] FAT-fs (loop4): Filesystem has been set read-only [ 48.298445][ T4282] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 48.308027][ T4283] tmpfs: Bad value for 'context' [ 48.319318][ T4283] loop1: detected capacity change from 0 to 512 [ 48.326064][ T29] audit: type=1400 audit(1768710961.324:587): avc: denied { mounton } for pid=4280 comm="syz.1.259" path="/41/file0" dev="tmpfs" ino=241 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 48.351132][ T4283] EXT4-fs error (device loop1): ext4_iget_extra_inode:5073: inode #15: comm syz.1.259: corrupted in-inode xattr: overlapping e_value [ 48.365281][ T4282] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 48.375202][ T4288] __nla_validate_parse: 2 callbacks suppressed [ 48.375238][ T4288] netlink: 40 bytes leftover after parsing attributes in process `syz.2.258'. [ 48.378997][ T4283] EXT4-fs (loop1): Remounting filesystem read-only [ 48.382828][ T4288] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4288 comm=syz.2.258 [ 48.404320][ T29] audit: type=1400 audit(1768710961.394:588): avc: denied { bind } for pid=4281 comm="syz.4.260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 48.410778][ T4282] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 48.428701][ T29] audit: type=1400 audit(1768710961.394:589): avc: denied { name_bind } for pid=4281 comm="syz.4.260" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 48.437410][ T4282] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 48.458134][ T29] audit: type=1400 audit(1768710961.394:590): avc: denied { node_bind } for pid=4281 comm="syz.4.260" saddr=224.0.0.2 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 48.467016][ T4282] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 48.499241][ T4282] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 48.508515][ T4282] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 48.517672][ T4282] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 48.527175][ T4282] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 48.555879][ T4283] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.576885][ T4283] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.596657][ T4291] netlink: 'syz.2.261': attribute type 39 has an invalid length. [ 48.674014][ T29] audit: type=1400 audit(1768710961.664:591): avc: denied { accept } for pid=4290 comm="syz.2.261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 49.041373][ T4295] loop3: detected capacity change from 0 to 164 [ 49.070057][ T4295] ISOFS: unable to read i-node block [ 49.076255][ T4295] isofs_fill_super: get root inode failed [ 49.136391][ T4297] loop3: detected capacity change from 0 to 128 [ 49.174862][ T4297] FAT-fs (loop3): bogus logical sector size 2134 [ 49.181420][ T4297] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 49.190839][ T4297] FAT-fs (loop3): Can't find a valid FAT filesystem [ 49.287048][ T29] audit: type=1400 audit(1768710962.284:592): avc: denied { ioctl } for pid=4309 comm="syz.3.269" path="socket:[7521]" dev="sockfs" ino=7521 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 49.352097][ T4317] netlink: 4 bytes leftover after parsing attributes in process `syz.4.271'. [ 49.416745][ T4317] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.424099][ T4317] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.512312][ T4317] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 49.522574][ T4317] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 49.564721][ T2029] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.584157][ T2029] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.603911][ T2029] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.612490][ T2029] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.633589][ T4329] netlink: 'syz.2.273': attribute type 1 has an invalid length. [ 49.682578][ T4332] netlink: 64 bytes leftover after parsing attributes in process `syz.2.274'. [ 49.701088][ T4332] loop2: detected capacity change from 0 to 512 [ 49.713414][ T4332] msdos: Unknown parameter 'dosB' [ 49.786045][ T4336] netlink: 488 bytes leftover after parsing attributes in process `syz.2.276'. [ 49.795082][ T4336] netlink: 488 bytes leftover after parsing attributes in process `syz.2.276'. [ 49.938515][ T4345] FAULT_INJECTION: forcing a failure. [ 49.938515][ T4345] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 49.951983][ T4345] CPU: 0 UID: 0 PID: 4345 Comm: syz.4.278 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 49.952025][ T4345] Tainted: [W]=WARN [ 49.952034][ T4345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 49.952050][ T4345] Call Trace: [ 49.952058][ T4345] [ 49.952128][ T4345] __dump_stack+0x1d/0x30 [ 49.952208][ T4345] dump_stack_lvl+0x95/0xd0 [ 49.952235][ T4345] dump_stack+0x15/0x1b [ 49.952259][ T4345] should_fail_ex+0x263/0x280 [ 49.952290][ T4345] should_fail+0xb/0x20 [ 49.952338][ T4345] should_fail_usercopy+0x1a/0x20 [ 49.952363][ T4345] _copy_to_user+0x20/0xa0 [ 49.952395][ T4345] simple_read_from_buffer+0xb5/0x130 [ 49.952515][ T4345] proc_fail_nth_read+0x10e/0x150 [ 49.952550][ T4345] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 49.952581][ T4345] vfs_read+0x1ab/0x7f0 [ 49.952629][ T4345] ? exit_sem+0xc9f/0xd20 [ 49.952650][ T4345] ? _raw_spin_unlock+0x26/0x50 [ 49.952675][ T4345] ? dup_fd+0x3d3/0x510 [ 49.952697][ T4345] ? mutex_lock+0x57/0x90 [ 49.952763][ T4345] ksys_read+0xdc/0x1a0 [ 49.952785][ T4345] __x64_sys_read+0x40/0x50 [ 49.952803][ T4345] x64_sys_call+0x2889/0x3000 [ 49.952827][ T4345] do_syscall_64+0xc0/0x2a0 [ 49.952853][ T4345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 49.952928][ T4345] RIP: 0033:0x7f62407ab58e [ 49.952946][ T4345] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 49.952963][ T4345] RSP: 002b:00007f623f204fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 49.952983][ T4345] RAX: ffffffffffffffda RBX: 00007f623f2056c0 RCX: 00007f62407ab58e [ 49.953002][ T4345] RDX: 000000000000000f RSI: 00007f623f2050a0 RDI: 0000000000000003 [ 49.953077][ T4345] RBP: 00007f623f205090 R08: 0000000000000000 R09: 0000000000000000 [ 49.953092][ T4345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 49.953107][ T4345] R13: 00007f6240a66218 R14: 00007f6240a66180 R15: 00007ffe7ef9eb28 [ 49.953165][ T4345] [ 50.157887][ T3774] Bluetooth: hci0: command 0x1003 tx timeout [ 50.164033][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 50.260188][ T4361] loop1: detected capacity change from 0 to 2048 [ 50.278546][ T4361] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.327474][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.422534][ T4372] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 50.826338][ T4381] loop0: detected capacity change from 0 to 128 [ 50.833181][ T4381] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 50.956008][ T4384] netlink: 68 bytes leftover after parsing attributes in process `syz.3.291'. [ 50.965958][ T4381] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 51.089522][ T2029] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 51.190248][ T4397] netlink: 24 bytes leftover after parsing attributes in process `syz.0.295'. [ 51.258392][ T4397] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4397 comm=syz.0.295 [ 51.320411][ T4405] loop0: detected capacity change from 0 to 512 [ 51.348478][ T4405] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.580618][ T4405] ext4 filesystem being mounted at /47/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 51.708665][ T4418] netlink: 24 bytes leftover after parsing attributes in process `syz.4.301'. [ 51.896321][ T4428] netlink: 'syz.1.304': attribute type 4 has an invalid length. [ 52.117952][ T4433] lo speed is unknown, defaulting to 1000 [ 52.123775][ T4433] lo speed is unknown, defaulting to 1000 [ 52.129975][ T4433] lo speed is unknown, defaulting to 1000 [ 52.136661][ T4433] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 52.144478][ T4433] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 52.196581][ T4433] lo speed is unknown, defaulting to 1000 [ 52.203073][ T4433] lo speed is unknown, defaulting to 1000 [ 52.209274][ T4433] lo speed is unknown, defaulting to 1000 [ 52.215595][ T4433] lo speed is unknown, defaulting to 1000 [ 52.221925][ T4433] lo speed is unknown, defaulting to 1000 [ 52.324073][ T4436] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 52.392181][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.458395][ T4436] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.522584][ T4444] netlink: 24 bytes leftover after parsing attributes in process `syz.3.309'. [ 52.549824][ T4436] ext4 filesystem being mounted at /73/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 52.582161][ T4444] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4444 comm=syz.3.309 [ 52.624047][ T29] kauditd_printk_skb: 46 callbacks suppressed [ 52.624066][ T29] audit: type=1400 audit(1768710965.614:637): avc: denied { bind } for pid=4447 comm="syz.3.310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 52.649462][ T29] audit: type=1400 audit(1768710965.614:638): avc: denied { name_bind } for pid=4447 comm="syz.3.310" src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 52.670133][ T29] audit: type=1400 audit(1768710965.614:639): avc: denied { node_bind } for pid=4447 comm="syz.3.310" src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 52.694587][ T29] audit: type=1400 audit(1768710965.684:640): avc: denied { getopt } for pid=4447 comm="syz.3.310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 52.745766][ T4450] EXT4-fs error (device loop2): ext4_lookup:1785: inode #12: comm syz.2.306: iget: bad i_size value: 2533274857506816 [ 52.763653][ T4452] netlink: 'syz.0.311': attribute type 3 has an invalid length. [ 52.918847][ T4454] EXT4-fs error (device loop2): ext4_lookup:1785: inode #12: comm syz.2.306: iget: bad i_size value: 2533274857506816 [ 52.926456][ T4458] set_capacity_and_notify: 1 callbacks suppressed [ 52.926506][ T4458] loop1: detected capacity change from 0 to 512 [ 52.947066][ T4458] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 52.976456][ T4458] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.312: bg 0: block 255: padding at end of block bitmap is not set [ 52.990968][ T4458] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 53.000342][ T4458] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.312: invalid indirect mapped block 1 (level 1) [ 53.015545][ T4458] EXT4-fs (loop1): 1 truncate cleaned up [ 53.021717][ T4458] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.036680][ T4458] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 53.036885][ T4463] EXT4-fs error (device loop2): ext4_lookup:1785: inode #12: comm syz.2.306: iget: bad i_size value: 2533274857506816 [ 53.071440][ T4465] netlink: 4 bytes leftover after parsing attributes in process `syz.0.311'. [ 53.092060][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.157438][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.370332][ T29] audit: type=1400 audit(1768710966.354:641): avc: denied { bind } for pid=4474 comm="syz.2.317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 53.423856][ T4477] loop2: detected capacity change from 0 to 512 [ 53.468599][ T4477] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.561280][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.638936][ T29] audit: type=1400 audit(1768710966.634:642): avc: denied { map } for pid=4481 comm="syz.2.319" path="socket:[8015]" dev="sockfs" ino=8015 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 53.686782][ T4485] __nla_validate_parse: 1 callbacks suppressed [ 53.686878][ T4485] netlink: 24 bytes leftover after parsing attributes in process `syz.0.320'. [ 53.741893][ T4485] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4485 comm=syz.0.320 [ 53.837392][ T4503] netdevsim netdevsim2: Direct firmware load for / [ 53.837392][ T4503] failed with error -2 [ 53.868394][ T29] audit: type=1400 audit(1768710966.864:643): avc: denied { load_policy } for pid=4495 comm="syz.0.324" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 53.888856][ T4496] SELinux: failed to load policy [ 53.939260][ T4508] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 53.942508][ T29] audit: type=1400 audit(1768710966.894:644): avc: denied { ioctl } for pid=4494 comm="syz.3.326" path="socket:[8456]" dev="sockfs" ino=8456 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 53.972171][ T29] audit: type=1400 audit(1768710966.894:645): avc: denied { write } for pid=4494 comm="syz.3.326" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 53.988989][ T4508] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 53.991561][ T29] audit: type=1400 audit(1768710966.904:646): avc: denied { getopt } for pid=4505 comm="syz.1.328" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 54.073990][ T4513] IPv6: addrconf: prefix option has invalid lifetime [ 54.183178][ T4519] netlink: 24 bytes leftover after parsing attributes in process `syz.1.333'. [ 54.213558][ T4519] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4519 comm=syz.1.333 [ 54.554900][ T4555] process 'syz.4.344' launched './file0' with NULL argv: empty string added [ 54.565276][ T4555] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4555 comm=syz.4.344 [ 54.577998][ T4555] netlink: 'syz.4.344': attribute type 12 has an invalid length. [ 54.585896][ T4555] netlink: 'syz.4.344': attribute type 29 has an invalid length. [ 54.593863][ T4555] netlink: 148 bytes leftover after parsing attributes in process `syz.4.344'. [ 54.603022][ T4555] netlink: 59 bytes leftover after parsing attributes in process `syz.4.344'. [ 54.653788][ T4560] netlink: 24 bytes leftover after parsing attributes in process `syz.4.346'. [ 54.700912][ T4557] lo speed is unknown, defaulting to 1000 [ 54.708325][ T4560] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4560 comm=syz.4.346 [ 54.725602][ T4563] loop3: detected capacity change from 0 to 2048 [ 54.794618][ T4563] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.869580][ T4563] xt_hashlimit: max too large, truncated to 1048576 [ 54.877312][ T4563] EXT4-fs error (device loop3): ext4_find_extent:903: inode #2: comm syz.3.347: inode has invalid extent depth: 9 [ 54.892304][ T4563] EXT4-fs (loop3): Remounting filesystem read-only [ 54.916723][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.930788][ T4583] loop0: detected capacity change from 0 to 128 [ 54.981916][ T4583] FAT-fs (loop0): Directory bread(block 32) failed [ 54.988981][ T4583] FAT-fs (loop0): Directory bread(block 33) failed [ 54.992520][ T4587] vlan2: entered allmulticast mode [ 54.996743][ T4583] FAT-fs (loop0): Directory bread(block 34) failed [ 55.008532][ T4583] FAT-fs (loop0): Directory bread(block 35) failed [ 55.015095][ T4583] FAT-fs (loop0): Directory bread(block 36) failed [ 55.037709][ T4583] FAT-fs (loop0): Directory bread(block 37) failed [ 55.040694][ T4587] sctp: [Deprecated]: syz.3.355 (pid 4587) Use of int in max_burst socket option. [ 55.040694][ T4587] Use struct sctp_assoc_value instead [ 55.046250][ T4583] FAT-fs (loop0): Directory bread(block 38) failed [ 55.099555][ T4583] FAT-fs (loop0): Directory bread(block 39) failed [ 55.107357][ T4583] FAT-fs (loop0): Directory bread(block 40) failed [ 55.114061][ T4583] FAT-fs (loop0): Directory bread(block 41) failed [ 55.178132][ T4596] netlink: 24 bytes leftover after parsing attributes in process `syz.4.359'. [ 55.207977][ T4600] netlink: 92 bytes leftover after parsing attributes in process `syz.1.362'. [ 55.228762][ T4602] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4602 comm=syz.4.359 [ 55.327310][ T4610] loop2: detected capacity change from 0 to 512 [ 55.354843][ T4610] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.367834][ T4610] ext4 filesystem being mounted at /84/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 55.483639][ T4625] loop3: detected capacity change from 0 to 128 [ 55.500878][ T4625] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 55.501132][ T4625] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.549012][ T3315] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 55.610177][ T3325] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 55.610216][ T3325] CPU: 0 UID: 0 PID: 3325 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 55.610252][ T3325] Tainted: [W]=WARN [ 55.610260][ T3325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 55.610291][ T3325] Call Trace: [ 55.610299][ T3325] [ 55.610308][ T3325] __dump_stack+0x1d/0x30 [ 55.610343][ T3325] dump_stack_lvl+0x95/0xd0 [ 55.610367][ T3325] dump_stack+0x15/0x1b [ 55.610488][ T3325] dump_header+0x80/0x240 [ 55.610511][ T3325] oom_kill_process+0x295/0x350 [ 55.610538][ T3325] out_of_memory+0x97d/0xb80 [ 55.610565][ T3325] try_charge_memcg+0x62e/0xa10 [ 55.610661][ T3325] charge_memcg+0x51/0xc0 [ 55.610716][ T3325] mem_cgroup_swapin_charge_folio+0xcc/0x150 [ 55.610840][ T3325] __read_swap_cache_async+0x17b/0x2d0 [ 55.610921][ T3325] swap_cluster_readahead+0x262/0x3c0 [ 55.610964][ T3325] swapin_readahead+0xde/0x840 [ 55.611004][ T3325] ? __perf_event_task_sched_in+0xa65/0xad0 [ 55.611093][ T3325] ? __rcu_read_unlock+0x4e/0x70 [ 55.611124][ T3325] ? swap_cache_get_folio+0x26f/0x280 [ 55.611183][ T3325] do_swap_page+0x2f4/0x2140 [ 55.611330][ T3325] ? _raw_spin_unlock+0x26/0x50 [ 55.611362][ T3325] ? finish_task_switch+0x79/0x280 [ 55.611398][ T3325] ? __schedule+0x82d/0xc90 [ 55.611450][ T3325] ? __pfx_default_wake_function+0x10/0x10 [ 55.611556][ T3325] handle_mm_fault+0xb40/0x3030 [ 55.611666][ T3325] ? vma_start_read+0x1c7/0x2c0 [ 55.611697][ T3325] do_user_addr_fault+0x62f/0x1050 [ 55.611757][ T3325] exc_page_fault+0x62/0xa0 [ 55.611795][ T3325] asm_exc_page_fault+0x26/0x30 [ 55.611839][ T3325] RIP: 0033:0x7f40606e5ed7 [ 55.611858][ T3325] Code: 48 89 fa 4c 89 df e8 a8 56 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 55.611875][ T3325] RSP: 002b:00007ffe8ab2e5c0 EFLAGS: 00010202 [ 55.611915][ T3325] RAX: 0000000000000000 RBX: 000055558f6e7500 RCX: 00007f40606e5ed7 [ 55.611932][ T3325] RDX: 00007ffe8ab2e600 RSI: 0000000000000000 RDI: 0000000000000000 [ 55.611949][ T3325] RBP: 00007ffe8ab2e66c R08: 0000000000000000 R09: 0000000000000000 [ 55.611995][ T3325] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388 [ 55.612011][ T3325] R13: 00000000000927c0 R14: 000000000000d874 R15: 00007ffe8ab2e6c0 [ 55.612034][ T3325] [ 55.612208][ T3325] memory: usage 307200kB, limit 307200kB, failcnt 674 [ 55.612227][ T3325] memory+swap: usage 307820kB, limit 9007199254740988kB, failcnt 0 [ 55.612471][ T3325] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0 [ 55.612509][ T3325] Memory cgroup stats for /syz2: [ 55.615001][ T3325] cache 8192 [ 55.615010][ T3325] rss 0 [ 55.615033][ T3325] shmem 0 [ 55.615038][ T3325] mapped_file 0 [ 55.615045][ T3325] dirty 0 [ 55.615053][ T3325] writeback 0 [ 55.615060][ T3325] workingset_refault_anon 1 [ 55.615069][ T3325] workingset_refault_file 0 [ 55.615077][ T3325] swap 634880 [ 55.615085][ T3325] swapcached 4096 [ 55.615094][ T3325] pgpgin 17818 [ 55.615102][ T3325] pgpgout 17815 [ 55.615110][ T3325] pgfault 17961 [ 55.615209][ T3325] pgmajfault 53 [ 55.615216][ T3325] inactive_anon 4096 [ 55.615224][ T3325] active_anon 0 [ 55.615233][ T3325] inactive_file 0 [ 55.615240][ T3325] active_file 8192 [ 55.615311][ T3325] unevictable 0 [ 55.615320][ T3325] hierarchical_memory_limit 314572800 [ 55.615330][ T3325] hierarchical_memsw_limit 9223372036854771712 [ 55.615341][ T3325] total_cache 8192 [ 55.615349][ T3325] total_rss 0 [ 55.615355][ T3325] total_shmem 0 [ 55.615362][ T3325] total_mapped_file 0 [ 55.615370][ T3325] total_dirty 0 [ 55.615398][ T3325] total_writeback 0 [ 55.615407][ T3325] total_workingset_refault_anon 1 [ 55.615422][ T3325] total_workingset_refault_file 0 [ 55.615432][ T3325] total_swap 634880 [ 55.615441][ T3325] total_swapcached 4096 [ 55.615450][ T3325] total_pgpgin 17818 [ 55.615460][ T3325] total_pgpgout 17815 [ 55.615469][ T3325] total_pgfault 17961 [ 55.615486][ T3325] total_pgmajfault 53 [ 55.615492][ T3325] total_inactive_anon 4096 [ 55.615498][ T3325] total_active_anon 0 [ 55.615505][ T3325] total_inactive_file 0 [ 55.615511][ T3325] total_active_file 8192 [ 55.615517][ T3325] total_unevictable 0 [ 55.615524][ T3325] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.365,pid=4608,uid=0 [ 55.615634][ T3325] Memory cgroup out of memory: Killed process 4608 (syz.2.365) total-vm:94000kB, anon-rss:1204kB, file-rss:22308kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 55.643998][ T4632] netlink: 4 bytes leftover after parsing attributes in process `syz.3.371'. [ 55.809456][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.252235][ T4639] siw: device registration error -23 [ 56.386615][ T4645] loop0: detected capacity change from 0 to 1024 [ 56.393975][ T4645] EXT4-fs: Ignoring removed mblk_io_submit option [ 56.428590][ T4643] new mount options do not match the existing superblock, will be ignored [ 56.441048][ T4649] FAULT_INJECTION: forcing a failure. [ 56.441048][ T4649] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 56.454278][ T4649] CPU: 1 UID: 0 PID: 4649 Comm: syz.2.373 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 56.454360][ T4649] Tainted: [W]=WARN [ 56.454367][ T4649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 56.454381][ T4649] Call Trace: [ 56.454387][ T4649] [ 56.454394][ T4649] __dump_stack+0x1d/0x30 [ 56.454419][ T4649] dump_stack_lvl+0x95/0xd0 [ 56.454441][ T4649] dump_stack+0x15/0x1b [ 56.454522][ T4649] should_fail_ex+0x263/0x280 [ 56.454594][ T4649] should_fail+0xb/0x20 [ 56.454616][ T4649] should_fail_usercopy+0x1a/0x20 [ 56.454676][ T4649] _copy_from_user+0x1c/0xb0 [ 56.454783][ T4649] ip_tunnel_parm_from_user+0x4c/0x260 [ 56.454811][ T4649] ip_tunnel_siocdevprivate+0x45/0xe0 [ 56.454839][ T4649] ipip6_tunnel_siocdevprivate+0x1da/0xe20 [ 56.454906][ T4649] ? full_name_hash+0x92/0xe0 [ 56.454934][ T4649] ? strcmp+0x22/0x50 [ 56.454952][ T4649] ? netdev_name_node_lookup+0xa4/0xd0 [ 56.455036][ T4649] dev_ifsioc+0x8f8/0xaa0 [ 56.455060][ T4649] dev_ioctl+0x78c/0x960 [ 56.455077][ T4649] sock_ioctl+0x593/0x610 [ 56.455192][ T4649] ? __pfx_sock_ioctl+0x10/0x10 [ 56.455284][ T4649] __se_sys_ioctl+0xce/0x140 [ 56.455316][ T4649] __x64_sys_ioctl+0x43/0x50 [ 56.455348][ T4649] x64_sys_call+0x14b0/0x3000 [ 56.455421][ T4649] do_syscall_64+0xc0/0x2a0 [ 56.455464][ T4649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.455489][ T4649] RIP: 0033:0x7f406072acb9 [ 56.455505][ T4649] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 56.455520][ T4649] RSP: 002b:00007f405f187028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 56.455538][ T4649] RAX: ffffffffffffffda RBX: 00007f40609a5fa0 RCX: 00007f406072acb9 [ 56.455560][ T4649] RDX: 0000200000000000 RSI: 00000000000089f2 RDI: 0000000000000003 [ 56.455574][ T4649] RBP: 00007f405f187090 R08: 0000000000000000 R09: 0000000000000000 [ 56.455633][ T4649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 56.455643][ T4649] R13: 00007f40609a6038 R14: 00007f40609a5fa0 R15: 00007ffe8ab2e2c8 [ 56.455659][ T4649] [ 56.844404][ T4653] loop3: detected capacity change from 0 to 764 [ 56.867464][ T4645] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.916517][ T4645] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.938135][ T4654] loop1: detected capacity change from 0 to 8192 [ 56.977435][ T4654] syz.1.377: attempt to access beyond end of device [ 56.977435][ T4654] loop1: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 56.991365][ T4654] Buffer I/O error on dev loop1, logical block 57847, async page read [ 57.007375][ T4662] netlink: 112 bytes leftover after parsing attributes in process `syz.0.382'. [ 57.018870][ T4654] syz.1.377: attempt to access beyond end of device [ 57.018870][ T4654] loop1: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 57.032775][ T4654] Buffer I/O error on dev loop1, logical block 57847, async page read [ 57.042087][ T4654] syz.1.377: attempt to access beyond end of device [ 57.042087][ T4654] loop1: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 57.056135][ T4654] Buffer I/O error on dev loop1, logical block 57847, async page read [ 57.068667][ T4654] syz.1.377: attempt to access beyond end of device [ 57.068667][ T4654] loop1: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 57.071370][ T4666] loop2: detected capacity change from 0 to 512 [ 57.082565][ T4654] Buffer I/O error on dev loop1, logical block 57847, async page read [ 57.104714][ T4670] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000e1b1) [ 57.112664][ T4670] FAT-fs (loop1): Filesystem has been set read-only [ 57.290673][ T4689] 9p: Bad value for 'wfdno' [ 57.408718][ T4700] FAULT_INJECTION: forcing a failure. [ 57.408718][ T4700] name failslab, interval 1, probability 0, space 0, times 0 [ 57.421447][ T4700] CPU: 1 UID: 0 PID: 4700 Comm: syz.0.394 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 57.421486][ T4700] Tainted: [W]=WARN [ 57.421560][ T4700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 57.421573][ T4700] Call Trace: [ 57.421579][ T4700] [ 57.421589][ T4700] __dump_stack+0x1d/0x30 [ 57.421619][ T4700] dump_stack_lvl+0x95/0xd0 [ 57.421646][ T4700] dump_stack+0x15/0x1b [ 57.421705][ T4700] should_fail_ex+0x263/0x280 [ 57.421736][ T4700] should_failslab+0x8c/0xb0 [ 57.421763][ T4700] kmem_cache_alloc_node_noprof+0x6a/0x4a0 [ 57.421793][ T4700] ? __alloc_skb+0x2f0/0x4b0 [ 57.421907][ T4700] __alloc_skb+0x2f0/0x4b0 [ 57.421938][ T4700] ? __alloc_skb+0x219/0x4b0 [ 57.421972][ T4700] alloc_skb_with_frags+0x7d/0x470 [ 57.422055][ T4700] ? fib6_select_path+0x2ad/0x400 [ 57.422092][ T4700] ? __rcu_read_unlock+0x33/0x70 [ 57.422118][ T4700] sock_alloc_send_pskb+0x44d/0x500 [ 57.422187][ T4700] ? __ipv6_dev_get_saddr+0x246/0x270 [ 57.422216][ T4700] __ip6_append_data+0x18b5/0x22e0 [ 57.422291][ T4700] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 57.422330][ T4700] ? __rcu_read_unlock+0x4e/0x70 [ 57.422354][ T4700] ? __pfx_ip6_mtu+0x10/0x10 [ 57.422408][ T4700] ? ip6_mtu+0xf5/0x120 [ 57.422497][ T4700] ip6_append_data+0x137/0x240 [ 57.422528][ T4700] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 57.422565][ T4700] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 57.422601][ T4700] udpv6_sendmsg+0x8dd/0x17b0 [ 57.422719][ T4700] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 57.422757][ T4700] ? _raw_spin_unlock_bh+0x36/0x40 [ 57.422795][ T4700] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 57.422927][ T4700] inet6_sendmsg+0xac/0xd0 [ 57.422969][ T4700] __sock_sendmsg+0x8b/0x170 [ 57.422996][ T4700] ____sys_sendmsg+0x31e/0x4a0 [ 57.423036][ T4700] ___sys_sendmsg+0x195/0x1e0 [ 57.423087][ T4700] __x64_sys_sendmsg+0xd4/0x160 [ 57.423131][ T4700] x64_sys_call+0x17ba/0x3000 [ 57.423169][ T4700] do_syscall_64+0xc0/0x2a0 [ 57.423193][ T4700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.423215][ T4700] RIP: 0033:0x7ff09952acb9 [ 57.423232][ T4700] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 57.423252][ T4700] RSP: 002b:00007ff097f87028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 57.423277][ T4700] RAX: ffffffffffffffda RBX: 00007ff0997a5fa0 RCX: 00007ff09952acb9 [ 57.423302][ T4700] RDX: 000000000000ff00 RSI: 0000200000000780 RDI: 0000000000000003 [ 57.423335][ T4700] RBP: 00007ff097f87090 R08: 0000000000000000 R09: 0000000000000000 [ 57.423351][ T4700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 57.423367][ T4700] R13: 00007ff0997a6038 R14: 00007ff0997a5fa0 R15: 00007fffb59bed68 [ 57.423392][ T4700] [ 57.737601][ T29] kauditd_printk_skb: 46 callbacks suppressed [ 57.737618][ T29] audit: type=1400 audit(1768710970.734:693): avc: denied { ioctl } for pid=4703 comm="syz.0.397" path="socket:[9390]" dev="sockfs" ino=9390 ioctlcmd=0x5410 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 57.773135][ T4702] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 57.782275][ T4702] EXT4-fs (loop1): invalid journal inode [ 57.788278][ T4702] EXT4-fs (loop1): can't get journal size [ 57.807464][ T4702] EXT4-fs (loop1): 1 truncate cleaned up [ 57.816067][ T29] audit: type=1400 audit(1768710970.814:694): avc: denied { getopt } for pid=4701 comm="syz.1.396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 57.817937][ T4702] netlink: 12 bytes leftover after parsing attributes in process `syz.1.396'. [ 57.942589][ T4722] set_capacity_and_notify: 1 callbacks suppressed [ 57.942606][ T4722] loop0: detected capacity change from 0 to 128 [ 57.956329][ T4722] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 57.968824][ T4722] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 58.005687][ T29] audit: type=1400 audit(1768710971.004:695): avc: denied { setcheckreqprot } for pid=4713 comm="syz.1.401" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 58.140107][ T4730] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4730 comm=syz.4.408 [ 58.241543][ T29] audit: type=1400 audit(1768710971.234:696): avc: denied { write } for pid=4732 comm="syz.2.409" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 58.306036][ T29] audit: type=1326 audit(1768710971.264:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4735 comm="syz.0.411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09952acb9 code=0x7ffc0000 [ 58.329559][ T29] audit: type=1326 audit(1768710971.264:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4735 comm="syz.0.411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09952acb9 code=0x7ffc0000 [ 58.352994][ T29] audit: type=1326 audit(1768710971.264:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4735 comm="syz.0.411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09952acb9 code=0x7ffc0000 [ 58.376435][ T29] audit: type=1326 audit(1768710971.264:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4735 comm="syz.0.411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09952acb9 code=0x7ffc0000 [ 58.399898][ T29] audit: type=1326 audit(1768710971.264:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4735 comm="syz.0.411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7ff09952acb9 code=0x7ffc0000 [ 58.490233][ T29] audit: type=1400 audit(1768710971.314:702): avc: denied { create } for pid=4744 comm="syz.4.414" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 58.568131][ T4760] Set syz1 is full, maxelem 2 reached [ 58.573921][ T4758] loop2: detected capacity change from 0 to 4096 [ 58.633650][ T4766] vlan2: entered allmulticast mode [ 58.638885][ T4766] gretap0: entered allmulticast mode [ 58.759378][ T4774] loop1: detected capacity change from 0 to 1024 [ 58.769428][ T4774] EXT4-fs: Ignoring removed nobh option [ 58.775055][ T4774] EXT4-fs: inline encryption not supported [ 58.792531][ T4782] __nla_validate_parse: 3 callbacks suppressed [ 58.792546][ T4782] netlink: 16 bytes leftover after parsing attributes in process `syz.4.428'. [ 58.818240][ T4782] netlink: 252 bytes leftover after parsing attributes in process `syz.4.428'. [ 58.856008][ T4782] netlink: 76 bytes leftover after parsing attributes in process `syz.4.428'. [ 58.863266][ T4774] netlink: 12 bytes leftover after parsing attributes in process `syz.1.425'. [ 58.881831][ T4774] 8021q: VLANs not supported on caif0 [ 59.010758][ T4796] netlink: 148 bytes leftover after parsing attributes in process `syz.1.434'. [ 59.056144][ T4801] netlink: 16 bytes leftover after parsing attributes in process `syz.4.437'. [ 59.089915][ T4801] netlink: 252 bytes leftover after parsing attributes in process `syz.4.437'. [ 59.132636][ T4801] netlink: 76 bytes leftover after parsing attributes in process `syz.4.437'. [ 59.620405][ T4818] netlink: 16 bytes leftover after parsing attributes in process `syz.4.442'. [ 59.645499][ T4818] netlink: 252 bytes leftover after parsing attributes in process `syz.4.442'. [ 59.932658][ T4836] loop1: detected capacity change from 0 to 128 [ 59.945085][ T4836] FAT-fs (loop1): bogus logical sector size 2134 [ 59.951528][ T4836] FAT-fs (loop1): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 59.960887][ T4836] FAT-fs (loop1): Can't find a valid FAT filesystem [ 59.960932][ T4837] loop0: detected capacity change from 0 to 128 [ 60.039745][ T4837] FAT-fs (loop0): bogus logical sector size 2134 [ 60.046240][ T4837] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 60.055629][ T4837] FAT-fs (loop0): Can't find a valid FAT filesystem [ 60.154110][ T4845] loop2: detected capacity change from 0 to 128 [ 60.176194][ T4845] FAT-fs (loop2): bogus logical sector size 2134 [ 60.182596][ T4845] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 60.192283][ T4845] FAT-fs (loop2): Can't find a valid FAT filesystem [ 60.278690][ T4851] loop2: detected capacity change from 0 to 512 [ 60.321738][ T4853] loop1: detected capacity change from 0 to 4096 [ 60.329512][ T4851] EXT4-fs (loop2): orphan cleanup on readonly fs [ 60.336504][ T4848] veth0_macvtap: entered allmulticast mode [ 60.342957][ T4851] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.456: bad orphan inode 13 [ 60.353279][ T4851] ext4_test_bit(bit=12, block=18) = 1 [ 60.358722][ T4851] is_bad_inode(inode)=0 [ 60.362897][ T4851] NEXT_ORPHAN(inode)=2130706432 [ 60.367797][ T4851] max_ino=32 [ 60.371042][ T4851] i_nlink=1 [ 60.376528][ T4851] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 60.402936][ T4853] EXT4-fs (loop1): shut down requested (2) [ 60.403057][ T4851] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 60.425409][ T4853] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 60.435407][ T4853] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 60.501430][ T4853] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=15 [ 60.594931][ T4866] loop2: detected capacity change from 0 to 2048 [ 60.907124][ T4802] loop3: detected capacity change from 0 to 512 [ 60.918191][ T4802] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 60.933558][ T4803] SELinux: Context unconfined is not valid (left unmapped). [ 73.392048][ T4882] __nla_validate_parse: 15 callbacks suppressed [ 73.392066][ T4882] netlink: 8 bytes leftover after parsing attributes in process `syz.4.466'. [ 73.407373][ T4882] netlink: 4 bytes leftover after parsing attributes in process `syz.4.466'. [ 73.431112][ T4879] x_tables: ip_tables: osf match: only valid for protocol 6 [ 73.440071][ T4886] netlink: 8752 bytes leftover after parsing attributes in process `syz.1.463'. [ 73.470383][ T4888] netlink: 16 bytes leftover after parsing attributes in process `syz.0.468'. [ 73.483472][ T4891] netlink: 16 bytes leftover after parsing attributes in process `syz.3.467'. [ 73.499769][ T4888] netlink: 252 bytes leftover after parsing attributes in process `syz.0.468'. [ 73.513837][ T4891] netlink: 252 bytes leftover after parsing attributes in process `syz.3.467'. [ 73.522942][ T4888] loop0: detected capacity change from 0 to 128 [ 73.537160][ T4891] loop3: detected capacity change from 0 to 128 [ 73.546391][ T4888] FAT-fs (loop0): bogus logical sector size 2134 [ 73.552796][ T4888] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 73.562165][ T4888] FAT-fs (loop0): Can't find a valid FAT filesystem [ 73.566152][ T4891] FAT-fs (loop3): bogus logical sector size 2134 [ 73.575186][ T4891] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 73.584502][ T4891] FAT-fs (loop3): Can't find a valid FAT filesystem [ 73.589147][ T4888] netlink: 76 bytes leftover after parsing attributes in process `syz.0.468'. [ 73.630562][ T4891] netlink: 76 bytes leftover after parsing attributes in process `syz.3.467'. [ 73.641202][ T4898] netlink: 'syz.2.471': attribute type 21 has an invalid length. [ 73.649012][ T4898] netlink: 4 bytes leftover after parsing attributes in process `syz.2.471'. [ 73.668801][ T4898] netlink: 'syz.2.471': attribute type 21 has an invalid length. [ 73.677132][ T410] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 73.686292][ T410] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 73.700751][ T410] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 73.717963][ T410] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 73.728959][ T29] kauditd_printk_skb: 103 callbacks suppressed [ 73.728974][ T29] audit: type=1326 audit(1768710986.724:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4903 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39f673acb9 code=0x7ffc0000 [ 73.736253][ T4906] netlink: 'syz.3.472': attribute type 10 has an invalid length. [ 73.771557][ T4906] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.779920][ T4906] bond0: (slave team0): Enslaving as an active interface with an up link [ 73.789010][ T29] audit: type=1326 audit(1768710986.724:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4903 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7f39f673acb9 code=0x7ffc0000 [ 73.812496][ T29] audit: type=1326 audit(1768710986.724:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4903 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39f673acb9 code=0x7ffc0000 [ 73.835905][ T29] audit: type=1326 audit(1768710986.724:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4903 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39f673acb9 code=0x7ffc0000 [ 73.859332][ T29] audit: type=1326 audit(1768710986.724:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4903 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39f673acb9 code=0x7ffc0000 [ 73.882617][ T29] audit: type=1326 audit(1768710986.724:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4903 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39f673acb9 code=0x7ffc0000 [ 73.905918][ T29] audit: type=1326 audit(1768710986.724:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4903 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39f673acb9 code=0x7ffc0000 [ 73.929136][ T29] audit: type=1326 audit(1768710986.724:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4903 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f39f673acb9 code=0x7ffc0000 [ 73.952301][ T29] audit: type=1326 audit(1768710986.724:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4903 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39f673acb9 code=0x7ffc0000 [ 73.975620][ T29] audit: type=1326 audit(1768710986.724:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4903 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39f673acb9 code=0x7ffc0000 [ 74.050545][ T4917] loop3: detected capacity change from 0 to 2048 [ 74.077257][ T4917] EXT4-fs mount: 14 callbacks suppressed [ 74.077271][ T4917] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.113177][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.165868][ T4932] loop3: detected capacity change from 0 to 128 [ 74.230735][ T4935] syz.3.481: attempt to access beyond end of device [ 74.230735][ T4935] loop3: rw=2049, sector=154, nr_sectors = 8 limit=128 [ 74.244593][ T4935] syz.3.481: attempt to access beyond end of device [ 74.244593][ T4935] loop3: rw=8390657, sector=160, nr_sectors = 2 limit=128 [ 74.258340][ T4935] Buffer I/O error on dev loop3, logical block 80, lost async page write [ 74.268289][ T4935] syz.3.481: attempt to access beyond end of device [ 74.268289][ T4935] loop3: rw=2049, sector=162, nr_sectors = 8 limit=128 [ 74.283898][ T4935] syz.3.481: attempt to access beyond end of device [ 74.283898][ T4935] loop3: rw=8390657, sector=168, nr_sectors = 2 limit=128 [ 74.297576][ T4935] Buffer I/O error on dev loop3, logical block 84, lost async page write [ 74.351347][ T4932] syz.3.481: attempt to access beyond end of device [ 74.351347][ T4932] loop3: rw=2049, sector=154, nr_sectors = 2 limit=128 [ 74.381081][ T4943] SELinux: policydb magic number 0x2c does not match expected magic number 0xf97cff8c [ 74.390893][ T4943] SELinux: failed to load policy [ 74.493945][ T4952] bridge0: entered allmulticast mode [ 74.839291][ T4969] loop3: detected capacity change from 0 to 128 [ 74.913542][ T4977] syz.3.496: attempt to access beyond end of device [ 74.913542][ T4977] loop3: rw=2049, sector=154, nr_sectors = 8 limit=128 [ 74.938314][ T4977] syz.3.496: attempt to access beyond end of device [ 74.938314][ T4977] loop3: rw=8390657, sector=160, nr_sectors = 2 limit=128 [ 74.951970][ T4977] Buffer I/O error on dev loop3, logical block 80, lost async page write [ 74.970538][ T4977] syz.3.496: attempt to access beyond end of device [ 74.970538][ T4977] loop3: rw=2049, sector=162, nr_sectors = 8 limit=128 [ 74.987608][ T4977] syz.3.496: attempt to access beyond end of device [ 74.987608][ T4977] loop3: rw=8390657, sector=168, nr_sectors = 2 limit=128 [ 75.001291][ T4977] Buffer I/O error on dev loop3, logical block 84, lost async page write [ 75.010632][ T4977] syz.3.496: attempt to access beyond end of device [ 75.010632][ T4977] loop3: rw=2049, sector=186, nr_sectors = 8 limit=128 [ 75.024661][ T4977] Buffer I/O error on dev loop3, logical block 96, lost async page write [ 75.034788][ T4977] Buffer I/O error on dev loop3, logical block 100, lost async page write [ 75.064897][ T4977] Buffer I/O error on dev loop3, logical block 112, lost async page write [ 75.076112][ T4977] Buffer I/O error on dev loop3, logical block 116, lost async page write [ 75.098368][ T4977] Buffer I/O error on dev loop3, logical block 88, lost async page write [ 75.112196][ T4985] loop2: detected capacity change from 0 to 1024 [ 75.120404][ T4977] Buffer I/O error on dev loop3, logical block 92, lost async page write [ 75.137725][ T4985] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.166023][ T4985] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 75.208325][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.228767][ T3005] ================================================================== [ 75.236930][ T3005] BUG: KCSAN: data-race in __dentry_kill / fast_dput [ 75.243658][ T3005] [ 75.246001][ T3005] write to 0xffff88811b0100d0 of 8 bytes by task 4874 on cpu 0: [ 75.253733][ T3005] __dentry_kill+0x142/0x4b0 [ 75.258352][ T3005] finish_dput+0x2b/0x200 [ 75.262694][ T3005] dput+0x52/0x60 [ 75.266343][ T3005] lookup_one_qstr_excl+0x15a/0x250 [ 75.271557][ T3005] do_unlinkat+0x149/0x4b0 [ 75.275985][ T3005] __x64_sys_unlink+0x2e/0x40 [ 75.280669][ T3005] x64_sys_call+0x2f48/0x3000 [ 75.285366][ T3005] do_syscall_64+0xc0/0x2a0 [ 75.289883][ T3005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.295816][ T3005] [ 75.298154][ T3005] read to 0xffff88811b0100d0 of 8 bytes by task 3005 on cpu 1: [ 75.305710][ T3005] fast_dput+0x5f/0x2c0 [ 75.309884][ T3005] dput+0x24/0x60 [ 75.313541][ T3005] do_unlinkat+0x217/0x4b0 [ 75.317973][ T3005] __x64_sys_unlink+0x2e/0x40 [ 75.322659][ T3005] x64_sys_call+0x2f48/0x3000 [ 75.327359][ T3005] do_syscall_64+0xc0/0x2a0 [ 75.331871][ T3005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.337776][ T3005] [ 75.340155][ T3005] value changed: 0xffff888237768920 -> 0x0000000000000000 [ 75.347288][ T3005] [ 75.349630][ T3005] Reported by Kernel Concurrency Sanitizer on: [ 75.355790][ T3005] CPU: 1 UID: 0 PID: 3005 Comm: udevd Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 75.366652][ T3005] Tainted: [W]=WARN [ 75.370473][ T3005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 75.380544][ T3005] ==================================================================