last executing test programs: 1.973298518s ago: executing program 3 (id=1186): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x0, 0x2}, {}]}, @union]}}, 0x0, 0x42, 0x0, 0x1}, 0x28) (fail_nth: 8) 1.878013316s ago: executing program 3 (id=1190): r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth1_to_bond\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=@newtfilter={0x3d8, 0x2c, 0xd27, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {}, {0x2, 0xfff1}}, [@filter_kind_options=@f_fw={{0x7}, {0xc0, 0x2, [@TCA_FW_ACT={0xbc, 0x4, [@m_ct={0xb8, 0x1c, 0x0, 0x0, {{0x7}, {0x48, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x5, 0xd181}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_CT_PARMS={0x18, 0x1, {0x1, 0x4, 0x2, 0x9, 0xfffffffd}}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @multicast1}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, {0x49, 0x6, "332e1a24fbd44a62776c42094eb2cb585bd308ad16b4096f552e471b62acc5f78d5ac441fa17a7993b23801fb59dba9a536d85b5fc6f5696861fd437c79ff1ce7eb1b2c2a6"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @filter_kind_options=@f_bpf={{0x8}, {0x2e4, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x3}, {0x1c, 0x5, [{0xfffa, 0x9, 0x7, 0x4}, {0x5, 0x3, 0x6, 0x10001}, {0x3, 0x7, 0x7f, 0x5}]}}, @TCA_BPF_OPS={{0x6, 0x4, 0x4}, {0x24, 0x5, [{0x9, 0x20, 0x3, 0x5}, {0x5, 0x2, 0xff, 0x22a05795}, {0x1, 0x2, 0xf, 0x7fffffff}, {0x1ff, 0x0, 0x3, 0xfffffffb}]}}, @TCA_BPF_FLAGS={0x8, 0x8, 0x1}, @TCA_BPF_ACT={0x288, 0x1, [@m_ife={0x34, 0xa, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x4}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_nat={0x168, 0xf, 0x0, 0x0, {{0x8}, {0xcc, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x9, 0xffffffff, 0x5, 0x401, 0x1}, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x4180fd8c, 0x8, 0x8, 0x340f2fa6, 0x40}, @dev={0xac, 0x14, 0x14, 0x1a}, @remote}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x9, 0x400, 0x0, 0xff, 0xba9c}, @multicast2, @broadcast, 0xff000000, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x0, 0x2, 0x7, 0x3}, @broadcast, @broadcast, 0x0, 0xfffffffd}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x10, 0x8, 0x4, 0x5, 0xfffffff9}, @local, @initdev={0xac, 0x1e, 0x1, 0x0}}}]}, {0x78, 0x6, "878fba3d7ff40b979391e4432634f5638601e9d9f55ae1576b4d284123e5d2ff0c8558438c1a1122024b997afc73e1f54cb18d542c52899968d9825ec2f1ce1fa1128f92071792e0ecc548eb878d1e740e5f049ad82ee06e128734b382480a4668ab16c685a0f16d6b950c16670c445441e0d4fd"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_skbmod={0xe8, 0xf, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @local}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x6, 0x0, 0x5, 0x9}, 0xb}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x4}]}, {0x76, 0x6, "5bc0e989cb2d759ee90c4795ea87619bc20d237232573595c60e6141d75bb4b9e0f1016bddec44775a7a4cd8856d4ccd14f1dfc6b3c68abd1b4786b0600b5d35faeb2ebfc4e6ac7a1554037f504b2ed8bc24e421e0671910bf7c86312a21768780a17908a8a69069a8e90aa7feaf940caa84"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x3d8}, 0x1, 0x0, 0x0, 0xc091}, 0x4000800) 1.870871396s ago: executing program 3 (id=1191): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x20000000, 0x28, 0x28, 0x2, [@func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x0, 0x2}, {}]}, @union]}}, 0x0, 0x42, 0x0, 0x1}, 0x28) 1.82802683s ago: executing program 3 (id=1193): r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) write$P9_RREAD(r0, &(0x7f0000000100)=ANY=[@ANYRESOCT=r0], 0x100b) syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7734, 0x80, 0x0, 0x34f}, 0x0, &(0x7f00000005c0)) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c) r2 = syz_io_uring_setup(0x1ca0, &(0x7f0000000380)={0x0, 0x60d1, 0x400, 0x0, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xfffffe62}], 0x1}) io_uring_enter(r2, 0x47ba, 0x0, 0x28, 0x0, 0x0) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000010000003c000180060001000a000000080005000300e5ff0b00070000000000000000000800090043150000090006006e6f6e6500000000080008"], 0x50}}, 0x0) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) 1.732343339s ago: executing program 2 (id=1197): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'veth0_virt_wifi\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3df], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x404c814}, 0x4000) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000300), 0x40) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r4, 0x54a3) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$IEEE802154_DISASSOCIATE_REQ(r5, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x34, r6, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0xf5}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0102}}]}, 0x34}, 0x1, 0x0, 0x0, 0x84}, 0x80) times(&(0x7f0000000000)) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r9, &(0x7f00000003c0)={0x0, 0x3d, &(0x7f0000000000)={&(0x7f0000000600)={0x58, r7, 0x5eae78d9c54e9d3f, 0x0, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_SEC_KEY={0x3c, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x1c, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x400}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0xfffffffffffffd4f, 0x2, 0x2}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x3}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "9b48bb19b19ed400a415af9a063afce5"}]}]}, 0x58}}, 0x0) r11 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000580), r5) sendmsg$NLBL_CIPSOV4_C_LIST(r9, &(0x7f0000000700)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000005c0)={&(0x7f0000000680)={0x74, r11, 0x100, 0x70bd26, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0xffffffffffffffff}, @NLBL_CIPSOV4_A_TAGLST={0x34, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x7}, {0x5}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}]}, 0x74}, 0x1, 0x0, 0x0, 0x40080c0}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x68, r7, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_PAN_ID={0x6, 0x9, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_PAN_ID={0x6}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}]}, 0xfffffef3}, 0x1, 0x0, 0x0, 0x4004094}, 0x40) request_key(&(0x7f0000000100)='user\x00', &(0x7f0000000280)={'syz', 0x0}, &(0x7f0000000180)='*}$\x00', 0xfffffffffffffffb) socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000011c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz0\x00'}]}}}]}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x24000895}, 0x0) 1.60356675s ago: executing program 2 (id=1201): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2000000400, 0xf6103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x18, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x9, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7"], 0x0, 0xffffffff, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r3) syz_clone(0x29188000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.49515252s ago: executing program 2 (id=1203): r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x5, 0x2000) r1 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_TTY(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, 0x464, 0x100, 0x70bd28, 0x25dfdbfc, "a1a9e9096e673c48e457d9e72f5f299cad2560d1f0e765681f49a453f9b546e01d0a26b08ebd", [""]}, 0x38}, 0x1, 0x0, 0x0, 0x22004805}, 0x4008000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x18}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x24}, 0x94) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$USBDEVFS_GETDRIVER(r0, 0x41045508, &(0x7f00000002c0)={0xe1a, "0c957266190f7006ad6d02104bcdc7267ecdd08802ad32cd65706070cfc56ad90b76cea4c12e2d01a0093c7680a4f972d302c26089e741267edcbe85a1f73051ebd372969c4fd3ab87ea47b889dd13c67df82f40092ebef1985acbfc43292d96ad8a697b1efebeb2ee57cdead6bd1d6f87bbfddd1c5ace53d807671ebb971bf2bfc31fbdc648693eaaf24ac6d18c9b66051170261359abfd6ba79fc08e894cfaabe74bc9bb0ce7dffc835ef52c3bd6af95edddc622f6af7e944ac22244a0296ee8647dab011049dd3eb73d11286bb8a24d9babb194d9decabfcdd8aaa33393734534844efe4727d3ea40e27b6e21107da610bf734ac900a872c1706ae6338828"}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x4}]}]}]}, @NFT_MSG_NEWFLOWTABLE={0x64, 0x16, 0xa, 0x882, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xfffffdb1}, 0x1, 0x0, 0x0, 0x40}, 0x0) 1.3782845s ago: executing program 2 (id=1206): perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0xa8, 0x2, 0x0, 0x0, 0x0, 0x1, 0x400, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x1789, 0x395}, 0x1a2d, 0x0, 0x7fa, 0x7, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000015c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x24128, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0x5}, 0x0, 0x0, 0x0, 0x1, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='oom_score_adj\x00') lseek(r0, 0x0, 0x1) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x4e22, 0x1, @remote, 0x1}, 0x1c) shutdown(r1, 0x1) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f0000000140)={0x0, 0x61, 0x7}, 0x8) syz_read_part_table(0x5e2, &(0x7f0000000600)="$eJzs2z9I22kYB/AnplFrj+vSqVPtcFOXHh2bwZaYXmkh5OpSOlyhpZQGDlIopBAItEProJjBc3QRIYt/JmMGh+NEwVnE4UBwcDp0EVzM4fHLnYfIcZ4eFD4fCA9v3ud9v3mGjG/wReuK39rtdioi2j0nNtP/cPjyUCPXTt8oDBSfRKTiWUT0//z1XPx0+c+Wzq03k/WvyXpqsq/1ee9BprHZu//ND78MdyX7teRzZbo5dC4DcqFmsstXP3ws50cq2dcb+er2p/W1x7O7uWLz0XB97mHm/oukbyWpl5L6NirxPt7E8yhFKV5G+Wzx3Ul+Vyd/orF1+/B6vrHw6u7BYGs0epPGwn8d9BQz2e6/zf+uf+xpvXrv1vy18TuVxdXiTvron/GH2gX9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAztFMdvnqh4/l/Egl+3ojX93+tL72eHY3V2w+Gq7PPczcf5H0rST1UlLfRiXex5t4HqUoxcson3J/+l/mTzS2bh9ezzcWXt09GGyNLn2b9BVOHk2dZd6T+T0R8Vf+u/6xp/XqvVvz18bvVBZXizvJAKWe46cGus8jGwAAAAAAAAAAAAAAAAAAADpyg9/dKAwUn0Sk4llE/PjV0sLR9+3kvXvnkf3NiBg79ph/arKv9XnvQaax+f1+37H7ar0RtYi4Mt0c+j/n4Gx+DwAA//+rd5BM") bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x3, [@func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x0, 0x2}, {0x1, 0x2}]}, @union]}, {0x0, [0x61]}}, 0x0, 0x43, 0x0, 0x1}, 0x28) 1.330601014s ago: executing program 0 (id=1208): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000040)={0x3ff, [0x3, 0xfffffffd], 0x2}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) ioctl$TCFLSH(r1, 0x400455c8, 0x0) 1.269486049s ago: executing program 1 (id=1209): socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$unix(0x1, 0x5, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0x1, 0xfffffffc}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r0}, &(0x7f0000000280), &(0x7f0000000000)=r1}, 0x20) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r2, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x7a, &(0x7f0000000000)={@random="25c3704acacc", @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd308", 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x32}, @local, {[], {{0x0, 0x1, 0x41424344, 0x41424344, 0x0, 0x0, 0x0, 0x10, 0x2}}}}}}}, 0x0) 1.26185902s ago: executing program 1 (id=1211): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) io_setup(0x6, &(0x7f0000001380)) syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') r0 = socket(0x10, 0x803, 0x0) ioctl$XFS_IOC_FD_TO_HANDLE(0xffffffffffffffff, 0xc038586a, &(0x7f0000000240)={0xffffffffffffffff, &(0x7f0000000100)='\'%\x00', 0x80000, &(0x7f0000000140)={@_ha_fsid={[0x7, 0x1]}, {0x1, 0x3, 0xfdfffffe, 0x3ff}}, 0x40, 0x0, &(0x7f0000000200)=0x401}) r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x244}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f0000005080)=[{{&(0x7f0000000880)=@xdp, 0x80, &(0x7f0000000780), 0x0, &(0x7f00000003c0)=""/11, 0xb}, 0x4b}, {{&(0x7f0000000800), 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000c80)=""/181, 0xb5}, 0x2}, {{&(0x7f0000000d40)=@caif, 0x80, &(0x7f0000000dc0)}}, {{&(0x7f0000000e00)=@isdn, 0x80, &(0x7f00000011c0)=[{&(0x7f0000000e80)=""/232, 0xe8}, {&(0x7f0000000f80)=""/158, 0x9e}, {&(0x7f0000001040)=""/141, 0x8d}, {&(0x7f0000001100)=""/5, 0x5}, {&(0x7f0000001140)=""/125, 0x7d}], 0x5}, 0xe1631a6}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001240)=""/213, 0xd5}, {&(0x7f00000013c0)=""/127, 0x7f}, {&(0x7f0000001340)=""/55, 0x37}, {&(0x7f0000000440)=""/110, 0x6e}], 0x4, &(0x7f0000001480)=""/148, 0x94}, 0x3a5}, {{&(0x7f0000001540)=@tipc=@name, 0x80, &(0x7f0000003fc0)=[{&(0x7f0000002fc0)=""/4096, 0x1000}, {&(0x7f00000015c0)=""/132, 0x84}, {&(0x7f0000001680)=""/61, 0x3d}, {&(0x7f00000016c0)=""/21, 0x15}, {&(0x7f0000001700)=""/239, 0xef}, {&(0x7f0000001800)=""/192, 0xc0}, {&(0x7f00000018c0)=""/161, 0xa1}, {&(0x7f0000001980)=""/65, 0x41}, {&(0x7f0000001a00)=""/170, 0xaa}, {&(0x7f0000001ac0)=""/244, 0xf4}], 0xa, &(0x7f0000004080)=""/4096, 0x1000}, 0x8}], 0x6, 0x40010042, 0x0) unshare(0x62040200) r6 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000000)={'security\x00', 0x7003, [0x80002, 0x40007, 0x1, 0x2, 0xa]}, &(0x7f0000000100)=0x54) r7 = socket$inet6(0xa, 0xa, 0xfffd) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000001c00)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x1c0, 0x12, 0x60d, 0x1c0, 0x202, 0x290, 0x2e8, 0x2e8, 0x290, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth1_to_bond\x00', 'geneve1\x00'}, 0x0, 0x190, 0x1c0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "000000000000000617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x2, 0x2}}, @common=@inet=@socket2={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0) write$selinux_attr(r2, 0x0, 0x0) pread64(r2, 0x0, 0x0, 0x7) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x25}, @dev, 0x80, 0x0, 0x1, 0x1}}) syz_clone(0x4244600, &(0x7f0000000900)="21c1bb5c952bd6bba5252f4eec74412af1b38680", 0x14, &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)="fce1c1ae6a1446f1ede3be138783db39263e9478986c22e9c4bb615586dcda9bead2f55a9a459ee8783c4b0653f09c35de3247cdb5c8bad0c58d1b26425fbfedf7c3a68eeac7a838890ba9455d2906ec86e3f5313d6892eb7b5717768f5b3a7722461cc049c20e4adcd64fe83081c443e7745c4f4c8bc4d98864d5d28178a2fdb75e4e4977a98dcbac05268ebb39eb24264890ca475fe6142a53ad29134bfbd920af595f80c40141ca274e55ab3b3761015eb08899358576e5c4cf354749fad5e068741fc0ea1366b9656576") perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0, 0xa}, 0x102260, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x2000000020000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x18, r6}, './file0\x00'}) 1.244250701s ago: executing program 0 (id=1212): perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x45, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0xff, 0x30000000000}, 0x12122, 0x10000, 0xfffffffe, 0x5, 0x8, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x47, 0x1, 0x0, 0x0, 0x0, 0x8000, 0x30040, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x182, 0x6}, 0x6025, 0x4005, 0x4, 0x0, 0x80000000, 0x1, 0xa, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800) 1.092616775s ago: executing program 4 (id=1213): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'dummy0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="600000001000ffff26bd7000fbdbdf", @ANYRES32=0x0, @ANYBLOB="973401002120000008000500", @ANYRES32=r2, @ANYBLOB="3800128009000100766c616e000000002800028006000100010000001c0004800c"], 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x8000002) 1.072112456s ago: executing program 4 (id=1214): perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0x6, 0x4}, 0x102260, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x2000000020000006}, 0x0, 0x7, 0xffffffffffffffff, 0x2) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0xcde, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x2, 0x0, 0x4, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000280)={0x10000000}) writev(r4, &(0x7f0000000200)=[{&(0x7f00000000c0)="d69de5af05cc00c12d79e94a5f1279235758d070664c066bc26e1bdb3fc06e9a8fee0ddec1284e1b68dfdce2fa5785cd458932e1f7bc463b589e0caf59cfff2a923d888d2ca1f31147ca24f6d1aa119f5d2bfa4671310b83a1d9f20079ce92cda13cdcc8df6297c41ea9e8f3d1fb177a9d2ed4feb0937784f2e3bb302e7ff6f5509ba9ae99ccc57339add887e2421fb9a38b75a6c944152d07fc", 0x9a}, {&(0x7f00000001c0)="4da5afb2fe4270287e13e40081744a1794051939aee122ad0b1dc47e6d3f928c1a8283b631f27456e6cc5c37e7a52221dd156cb647443b54578f9e519b426da8", 0x40}], 0x2) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)={0x24, r3, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}]}, 0x24}}, 0x40000) 1.052539918s ago: executing program 0 (id=1215): tkill(0x0, 0x2f) tkill(0x0, 0xe) ptrace$peeksig(0x4209, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000540)='./file1\x00', 0x3010018, &(0x7f0000000040), 0x5, 0x4c3, &(0x7f0000000ac0)="$eJzs3U1oXNUeAPD/nXw0L01f8j54r3SV9wp9fZQmTad5pdAH7apQtGArKOjC0EzStJO2NCmYLMQP0IoK7aYbi6ALBekirlQEkS5ERXDRjaAUVBAbSKtVpAshcu/MxLSZpE1Tc2n8/eBwz7kzc89/5uSeueefSxLAH1ZnROyKiIaI2BIR7dX9hWqJJyslfV6pOHEoLUlMTx+4mkQSEXuLE4dqx0qq29XVA7RExIUPI1ob5/Y7MjZ+pK9cLp2otrtHh493j4yNbx4a7hssDZaOFnu2F4vF3h3F3rv2Xn/45fCZd67vef7sle8//ebi2+eT2BVt1cdmv4+7pTM6Zz6T2RqTiP/f7c5y1pJ3ACza+fvPvJR3DADA8kuv8f8aEf/Orv/boyEqF+uHJx+91h7XBuZ7XcfPr1xezjgBAACAOzcd7bEz3QIAAAArViEi2iIpdFXvBWiLQqGrq3IP79+jtVA+NjK6aeDYyaP9kd0r2xFNhYGhcql2r3BHNCVpuyer/9beelO7GBF/iYhT7X/K2l0Hj5X7805+AAAAwArXFnHpkWfe/efqedb/qS/b844SAAAAWIp0/b/mUmv2p7p+ss4HAACAFSld/1979srHYf0PAAAAK1Zt/T/zf7hUVFRUZip5z1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw1/R0EtMAAADAipZ3/gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHvL3uLEoVpZrj4n9yxXT8xnandEdFTGv1QtlUcaoyXbtkRTRLT+mETjrNclEdGwxL67NkR0xqbPTz/x3VtpierP4RIPyz1i4uu8IyBPzdvyjoA8rXsg7wjI02en8o6APF2cyjsC8rT/QN4RkKd9/8s7AvL08tW8I+CD3RGxpV7+rxBrs20lC3Rz/qchyxAtzSfnIjqj69vZ++bmfwqTS+yGBUztjtgZEaU5+b9C7SkdDdXWmixV2JQMDJVLWyLizxGxMZpWpe2eBfrYu/ZC3UzPi/9Ix//kvlr+Ly1p/7VcYDWOycZVN76uv2+0b6nvm4qppyLWNdYb/2Qm/5vMk/9ddZt9vPfV/uF6+69/lI7/C+8vPP78nqZfjfhP3fM/mXlOWuseHT7ePTI2vnlouG+wNFg6WuzZXiwWe3cUe7uz+aC7NivM9ebTr9f9pv/XwWz+HzP++UnP/9aFxz+b/0fGxo/0lculEyOL7+O5DWfrfoe/cTYd/+YLdzL/NycPZgE2V/c93jc6eqInojm5b+7+rYuPeaWqfR61zysd/43r63//167/KvN/Yc78/7fqtlD5FeK8/vva5br7vzidjn/xIed/ftLx77/F+Z/ccP4vvvLY+v0b6/X9cGTXf+duff5vy4KpHcT1363d7gDlHScAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMz2awAAAP//MEf3BQ==") symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') getresuid(0x0, 0x0, 0x0) mount$9p_tcp(0x0, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x800004, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3000046, &(0x7f0000000bc0)={[{@dioread_nolock}, {@data_err_abort}, {@inlinecrypt}, {@noauto_da_alloc}, {@data_err_ignore}, {@nojournal_checksum}, {@errors_remount}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@nobarrier}, {@errors_remount}]}, 0x11, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") openat(0xffffffffffffff9c, 0x0, 0x107c42, 0x20) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$UHID_INPUT(r0, 0x0, 0x0) 942.437628ms ago: executing program 4 (id=1216): tkill(0x0, 0x2f) tkill(0x0, 0xe) ptrace$peeksig(0x4209, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000540)='./file1\x00', 0x3010018, &(0x7f0000000040), 0x5, 0x4c3, &(0x7f0000000ac0)="$eJzs3U1oXNUeAPD/nXw0L01f8j54r3SV9wp9fZQmTad5pdAH7apQtGArKOjC0EzStJO2NCmYLMQP0IoK7aYbi6ALBekirlQEkS5ERXDRjaAUVBAbSKtVpAshcu/MxLSZpE1Tc2n8/eBwz7kzc89/5uSeueefSxLAH1ZnROyKiIaI2BIR7dX9hWqJJyslfV6pOHEoLUlMTx+4mkQSEXuLE4dqx0qq29XVA7RExIUPI1ob5/Y7MjZ+pK9cLp2otrtHh493j4yNbx4a7hssDZaOFnu2F4vF3h3F3rv2Xn/45fCZd67vef7sle8//ebi2+eT2BVt1cdmv4+7pTM6Zz6T2RqTiP/f7c5y1pJ3ACza+fvPvJR3DADA8kuv8f8aEf/Orv/boyEqF+uHJx+91h7XBuZ7XcfPr1xezjgBAACAOzcd7bEz3QIAAAArViEi2iIpdFXvBWiLQqGrq3IP79+jtVA+NjK6aeDYyaP9kd0r2xFNhYGhcql2r3BHNCVpuyer/9beelO7GBF/iYhT7X/K2l0Hj5X7805+AAAAwArXFnHpkWfe/efqedb/qS/b844SAAAAWIp0/b/mUmv2p7p+ss4HAACAFSld/1979srHYf0PAAAAK1Zt/T/zf7hUVFRUZip5z1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw1/R0EtMAAADAipZ3/gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHvL3uLEoVpZrj4n9yxXT8xnandEdFTGv1QtlUcaoyXbtkRTRLT+mETjrNclEdGwxL67NkR0xqbPTz/x3VtpierP4RIPyz1i4uu8IyBPzdvyjoA8rXsg7wjI02en8o6APF2cyjsC8rT/QN4RkKd9/8s7AvL08tW8I+CD3RGxpV7+rxBrs20lC3Rz/qchyxAtzSfnIjqj69vZ++bmfwqTS+yGBUztjtgZEaU5+b9C7SkdDdXWmixV2JQMDJVLWyLizxGxMZpWpe2eBfrYu/ZC3UzPi/9Ix//kvlr+Ly1p/7VcYDWOycZVN76uv2+0b6nvm4qppyLWNdYb/2Qm/5vMk/9ddZt9vPfV/uF6+69/lI7/C+8vPP78nqZfjfhP3fM/mXlOWuseHT7ePTI2vnlouG+wNFg6WuzZXiwWe3cUe7uz+aC7NivM9ebTr9f9pv/XwWz+HzP++UnP/9aFxz+b/0fGxo/0lculEyOL7+O5DWfrfoe/cTYd/+YLdzL/NycPZgE2V/c93jc6eqInojm5b+7+rYuPeaWqfR61zysd/43r63//167/KvN/Yc78/7fqtlD5FeK8/vva5br7vzidjn/xIed/ftLx77/F+Z/ccP4vvvLY+v0b6/X9cGTXf+duff5vy4KpHcT1363d7gDlHScAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMz2awAAAP//MEf3BQ==") symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') getresuid(0x0, 0x0, 0x0) mount$9p_tcp(0x0, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x800004, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3000046, &(0x7f0000000bc0)={[{@dioread_nolock}, {@data_err_abort}, {@inlinecrypt}, {@noauto_da_alloc}, {@data_err_ignore}, {@nojournal_checksum}, {@errors_remount}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@nobarrier}, {@errors_remount}]}, 0x11, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") openat(0xffffffffffffff9c, 0x0, 0x107c42, 0x20) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) (fail_nth: 1) write$UHID_INPUT(r0, 0x0, 0x0) 888.857103ms ago: executing program 3 (id=1217): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xe}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) mkdirat(0xffffffffffffff9c, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000002c0)=0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001480)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c383032313100f5"], 0x20}}, 0x0) recvmmsg(r3, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/189, 0xbd}, {&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f0000000480)=""/4096, 0x1000}], 0x3}}], 0x7, 0x0, 0x0) 850.187206ms ago: executing program 0 (id=1218): r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000011c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz0\x00'}]}}}]}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x24000805}, 0x0) 530.446234ms ago: executing program 4 (id=1219): socket$unix(0x1, 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) socket$inet_mptcp(0x2, 0x1, 0x106) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='devices.list\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x1b, 0x0, &(0x7f0000000200)="083972bdb3a605c4c1188e9986dd02ff4284860186ddba71f16b7d", 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30000000}, 0x50) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x1f, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 344.72614ms ago: executing program 0 (id=1220): socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$unix(0x1, 0x5, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0x1, 0xfffffffc}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x7a, &(0x7f0000000000)={@random="25c3704acacc", @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd308", 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x32}, @local, {[], {{0x0, 0x1, 0x41424344, 0x41424344, 0x0, 0x0, 0x0, 0x10, 0x2}}}}}}}, 0x0) 343.65725ms ago: executing program 2 (id=1221): socket$unix(0x1, 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) socket$inet_mptcp(0x2, 0x1, 0x106) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='devices.list\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x1f, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 335.187651ms ago: executing program 4 (id=1222): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000040)={0x3ff, [0x3, 0xfffffffd], 0x2}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) ioctl$TCFLSH(r1, 0x400455c8, 0x0) 250.556568ms ago: executing program 1 (id=1223): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_lsm={0x18, 0x7, &(0x7f0000000040)=ANY=[@ANYBLOB="85100000040000009500800000000000180000000000000000000000000000029500000000000000851000"], &(0x7f00000000c0)='GPL\x00'}, 0x94) close_range(r0, 0xffffffffffffffff, 0x10000000000000) 250.149008ms ago: executing program 4 (id=1224): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000080)={[{@delalloc}, {@nodelalloc}, {@init_itable_val={'init_itable', 0x3d, 0x3}}, {@inlinecrypt}, {@data_err_ignore}, {@nodiscard}, {@nomblk_io_submit}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x5, 0x557, &(0x7f0000000fc0)="$eJzs3c+LG1UcAPDvZHf7W9tCKSoiCz1Yqc12d/1RwUM9ihYLeq9hM13KJk3ZZEt3Ldge7MWLFEHEgnjXu8fiP+BfUdBCkbLowUtkspNt2k266TZttubzgSnvZSZ5852Z7+ubvFkSwMiazP4pRLwcEd8kEfsjIsnXjUe+cnJtu9V7V+ayJYlm89O/ktZ2Wb39We337c0rL0XEb19FHCtsbLe+vLJQqlTSxbw+1ahenKovrxw/Xy3Np/PphZlm8+TbszPvvfvOwGJ948w/339y68OTXx9Z/e6XOwdvJHEq9uXrOuN4Alc7K5MxmR+TiTj10IbTA2hsO0mGvQNsyVie5xOR9QH7YyzPeuD/78uIaAIjKpH/MKLa44D2vf2A7oOfG3c/WLsB2hj/+Np3I7GrdW+0ZzV54M4ou989MID2szZ+/fPmjWyJwX0PAbCpq9ci4sT4+Mb+L8n7v6070cc2D7eh/4Nn51Y2/nmz2/insD7+iS7jn71dcncrNs//wp0BNNNTNv57v+v4d33S6sBYXnuhNeabSM6dr6RZ3/ZiRByNiZ1Z/VHzOSdXbzd7resc/2VL1n57LJjvx53xnQ++p1xqlJ4k5k53r0W80nX8m6yf/6TL+c+Ox5k+2zic3nyt17rN43+6mj9FvN71/N+f0Uq6zk/Ozubzk1Ot62GqfVVs9Pf1w7/3an/Y8Wfnf8+j4z+QdM7X1h+/jR93/Zv2WvdA/NH/9b8j+axV3pG/drnUaCxOR+xIPt74+sz997br7e2z+I8eeXT/1+363x0Rn/cZ//VDP7/aV/xDOv/lxzr/j1+4/dEXP/Rqv7/+761W6Wj+Sj/9X787+CTHDgAAAAAAALabQkTsi6RQXC8XCsXi2vMdh2JPoVKrN46dqy1dKMe1fWvPPxTaM937O56HmM6fh23XZx6qz0bEwYj4dmx3q16cq1XKww4eAAAAAAAAAAAAAAAAAAAAtom9Pf7+P/PH2LD3Dnjq/OQ3jK5N838Qv/QEbEv+/4fRJf9hdMl/GF3yH0aX/IfRJf9hdMl/GF3yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbqzOnT2dJcvXdlLquXLy0vLdQuHS+n9YVidWmuOFdbvFicr9XmK2lxrlbd7PMqtdrF6ZlYujzVSOuNqfryytlqbelC4+z5amk+PZtOPJOoAAAAAAAAAAAAAAAAAAAA4PlSX15ZKFUq6aKCwpYK49tjNxQGXBh2zwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9/0XAAD//zWdOco=") perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x520, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4, @perf_config_ext={0xa98, 0x3}, 0x0, 0x1224, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x2000000020000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0xefff, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x60, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x34, 0x3, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x24, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}]}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe4}}, 0x0) 236.01591ms ago: executing program 1 (id=1225): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'dummy0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="600000001000ffff26bd7000fbdbdf", @ANYRES32=0x0, @ANYBLOB="973401002120000008000500", @ANYRES32=r2, @ANYBLOB="3800128009000100766c616e000000002800028006000100010000001c0004800c"], 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x8000002) 222.751201ms ago: executing program 2 (id=1226): io_setup(0x1, &(0x7f0000000000)=0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)={0x28, 0x13, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x9}]}, 0x28}, 0x1, 0x0, 0x0, 0x58040}, 0x4) write$cgroup_pid(r1, &(0x7f0000000200), 0x12) io_submit(r0, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = syz_open_procfs$pagemap(0x0, &(0x7f0000000140)) ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f00000001c0)={0x60, 0x3, &(0x7f0000391000/0x4000)=nil, &(0x7f0000e18000/0x3000)=nil, 0xffff, 0x0, 0x0, 0x1, 0x20, 0x0, 0x0, 0x18}) sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0x1, 0x20, 0x80001, {}, [{0x58, 0x1, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0xfffff800, 0x40, 0x1, 0x3, 0x4}, 0x1002}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xb1f}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4008044}, 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x100900) write$P9_RREMOVE(r6, &(0x7f0000000080)={0x7, 0x7b, 0x1}, 0x7) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_EPOCH_READ(r7, 0x8008700d, &(0x7f0000000040)) fcntl$setpipe(r5, 0x407, 0xfffffffffffffffa) prctl$PR_MCE_KILL(0x4e, 0x1, 0x1000000) 199.601233ms ago: executing program 0 (id=1227): syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x2000759, &(0x7f0000000580)={[{@jqfmt_vfsold}, {@noblock_validity}, {@nobh}, {@errors_remount}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xff}, 0x0}, {@noauto_da_alloc}, {@max_batch_time={'max_batch_time', 0x3d, 0xc}}, {@jqfmt_vfsv1}, {@nombcache}, {@lazytime}, {@resuid}, {@dax_always}, {@test_dummy_encryption_v1}, {@auto_da_alloc}, {@nodioread_nolock}, {@data_writeback}, {@grpid}], [], 0x2c}, 0x0, 0x51b, &(0x7f0000001300)="$eJzs3E1vFOcdAPD/rtc2LlC79I23lm1pVatVMTavhx4AtRKXSpVaVfS4tQ2iGKiwK4FlFVNVIPXQik/QNrdI+QQ5JZcoiXJIlGtQrlEkFPkCySGaaHZnNrveXXtt1l4Z/37SLs/MPjPz/Gfmwc/Lzgawa5XTt0LEvoj4KCJGa4vNGcq1f56vLE1/vrI0XYgk+f1nhWq+ZytL03nWfLu92cJ4MaL4z0IcaT3s8Py9xRuVubnZO9mKiYVilrpZuTZ7bfbW1Pnzp0+NnDs7daYncaZlenb477ePHrr8p8e/nb7y+M/vvJaWN8k+b4yjZqz6PtT1EQZa1pSj3HwuG/y0+6LvCPsb0oVS+l7sX2HoWnrXppdrsFr/R2OgulQzGr/5R18LB2ypJEmS4Za19b9ly0mjQqG2QZI8SICXQCH6XQKgP/I/9M9W0p7q0nRrP/jl9vRiVHtAadzPs1ftk1K1B1seq/WNBrfo+N+JiCvLX/w3fUXbcQgAgN5642LEo0u1dkf+qn1SjO815PtmNjc0FhHfiogDEfHtrP3y3Yhq3u9HxMGGbfZ3MQtQXrXc2v75YCRLNDZXeyZt//0qm9tqbv/VSz42kC3tr8Y/WLh6fW72ZHZOxmNwOF2ebN11fVjtzV9/+J9Oxy83tP/SV3r8vC2YlePT0qoBupnKQuVF4849fVA9sfdb4y9EqZCnIg5FxOFN7D89Z9d//urRTp83xZ/G2RL/vzvvvLSJAq2S/D/iZ7XrvxzV+POxz1rwQ1lqYuHmXyfm7y3+8nrj/OTkubNTZyb2xNzsyYn8rmj17vsPf5clW7oRzdc/SRquf141tnQiLb3+32h7/9dnLsfSVH2+dn7jx3j45FHHPs1m7/+hwh+q6Xx+9m5lYeHOZMRQYbl1/dTX296tjDTlT+MfP96+/h+I+PJ/2XZHIiK9iX8QET+MiGNZ2X8UET+OiONrxP/2pZ/8pVMXcv34t1Ya/8yGrv+9xZHIEvU1aeLCexHNa/LEwI23Xm858L/KLfEPRqfrf7qaGs/WzFQW9qwXV5sCtk288AkEAACAHeBYROyLQvFENtC0L4rFEyci9tZHUOYXfnH19t9uzdSeERiLwWI+0jXaMB46mY0Np8vpVlMNy+nnp6rjxkmSJCPpctp/nzvY39Bh19vbof6nPml9pAV42WxoHq3TE23AjrS6/j/pesvefyED2F49+B4NsEOp/7B7dV3/t+opOKBv2tX/+xHP+1AUYJu1q/9/bFlzYVvKAmyvdvXf3D/sDpsf//NlANjpjP/DrtTVQ/KbSBy4vEaeQqm7/ZS6fox/vUQx1v4VgLGo/6ZB3qZZe4cfFyN6c8YGenrmR5quabFtnj3Ri2NFcd08pQ38EMP2JoqVubn8AZe+l2c4Ita5e+s32/08sbjVBauem1f69z8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAb3wVAAD//8B9zog=") bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x20, 0x20, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x0, 0x2}]}, @union]}}, 0x0, 0x3a, 0x0, 0x1}, 0x28) 125.26285ms ago: executing program 1 (id=1228): mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) close(r0) timer_create(0xb, &(0x7f0000000ac0)={0x0, 0x25, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000000b00)=0x0) timer_settime(r1, 0x0, &(0x7f0000000b80)={{}, {0x77359400}}, &(0x7f0000000bc0)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000580)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000540)={&(0x7f00000005c0)={0x1f8, r3, 0x300, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0xf0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x40, 0x4, {'gcm(aes)\x00', 0x18, "49881c5e328897e9168804ecfcf1f58244092828f343e665"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x81}, @TIPC_NLA_NODE_ID={0x8f, 0x3, "7c2f4b9bf641310a50575e323264dd8c850fbd347ad5fdc0b920f798754bf48dc00a3fce4a2b59602f2bc2afc9958f46760601192ebf5483313486debfbe25989b3f505b1ff6f64443a5d15b82b54a09ee7e342c47876b321f3d452a638f2ab59f9ef616640bc9a5f0234f89379ad8750dad4e38ccfd399820288addb557ab9fc82415fb8189f40de50d49"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NODE={0x94, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x83, 0x3, "e83227d6863df1980b803380472f541a7ec69cbb3160c539b542da598bde9929840baa8aaf21535a09c59067ea7f32bae1a170dafbd3ff2fb4695ab339e5d1e4b3f3ad0a408a9588f25c4504795126040b3a7bf7321ad13c1baa569bf75615aff42b0fcff640e838d60fa1ef919a2d3eae77a7aec2c61605d2df5a210c8b36"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xe}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x17}]}, @TIPC_NLA_NET={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x100000000}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x10000}]}]}, 0x1f8}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000070000000900010073797a300000000020000000090a01040000000000000000070000000900010073797a3000000000740000000c0a01030000000000000000070000090900020073797a31000000000900010073797a30000000004800038044000080080003400000000238000b80200001800a00010071756f7461000000100002800c0001400000000000000000140001800a0001006c696d697420000004000280140000001000010000000000000000000084000a7b084adde392f007bfaa15f320dcc0ea40931b151bb09004c9f01a82078e308b920505c8ac6e44bb586d494bd9a85981cd57a4ea58bc7c8f1f8d98fbce131ad63bb09f9c2bfd5ed144070bbe283b5b276ea7512e9a5e4feae6325c9539aa7d639479c004e5234cbdbc90299d3c260f13469953afeae83389cc5db7edd8cbe20c987dfbd466f141ebc5edf007303fc3ac8675bae70ab1e30712480aaf90ff574e943221af467bca8213f30b46dbf6f82ed9fa894cbd049f4d472bcdb824981a5fe9e2f477f19abbf8a44cad3dd08c1e387d23dc47bfca7ed3b4abf92f0445759264fa46fd64948fb4fe835365c35f59134a01d78c842efe3652623a2bc5a029b8e67bc57da9ff10db5a8e3a10a9ad8ad868106178dc3e32a4d00e5a2cd38d27ca021d683116e4561dedf40bf6ca2ccb2ad3b3c952975d67e7039326c9c5c2d53fd61fd91234e8b9294059068e9f4fba7ccaf4599569f58fd91f1c8969ee4289d8baf49fb5dbd8c36bb618a6c16a1e810bdf63048c0f08554ec4fa74fb5a6076f15f7beb546b5d50fad3498c350feb2d5f9b2fa608"], 0xdc}}, 0x0) 39.910467ms ago: executing program 1 (id=1229): setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e22, 0x800d, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x6459}}, 0x0, 0x0, 0x33, 0x0, "bb02a3c364ca41d6357e5445084740ffe9000000000010208a0e2f964e0000c534a632cd6193fcf19b2df3eea18afaa4ff1656c54dc46d8b6d2ccd00a0cf0a007bbe00"}, 0xd8) r0 = socket$kcm(0x23, 0x5, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000240)=0x6, 0x4) listen(r0, 0x8) accept4(r0, 0x0, 0x0, 0x80000) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="1c0000f500000000000000862dfdff000000"], 0x78) 0s ago: executing program 3 (id=1230): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500), 0x0, 0x1}}, 0x40) prlimit64(r0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='dctcp', 0x5) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) kernel console output (not intermixed with test programs): : mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.173560][ T5495] netlink: 24 bytes leftover after parsing attributes in process `syz.4.780'. [ 83.891856][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.020523][ T5511] loop1: detected capacity change from 0 to 256 [ 84.039241][ T5512] loop4: detected capacity change from 0 to 1024 [ 84.063290][ T5512] EXT4-fs: inline encryption not supported [ 84.088245][ T5512] EXT4-fs: Ignoring removed nomblk_io_submit option [ 84.104275][ T5512] EXT4-fs: Ignoring removed nobh option [ 84.121454][ T5512] EXT4-fs: Ignoring removed bh option [ 84.170293][ T5512] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.202211][ T5518] netlink: 'syz.1.790': attribute type 15 has an invalid length. [ 84.213850][ T5518] netlink: 666 bytes leftover after parsing attributes in process `syz.1.790'. [ 84.233434][ T5518] netlink: 35284 bytes leftover after parsing attributes in process `syz.1.790'. [ 84.243745][ T5518] netlink: 12 bytes leftover after parsing attributes in process `syz.1.790'. [ 84.305418][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.334533][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.396387][ T5535] loop0: detected capacity change from 0 to 2048 [ 84.498869][ T5535] EXT4-fs: test_dummy_encryption option not supported [ 84.529505][ T5542] loop4: detected capacity change from 0 to 256 [ 84.540293][ T5535] loop0: detected capacity change from 0 to 128 [ 84.603872][ T5535] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 85.131618][ T5535] FAT-fs (loop0): Filesystem has been set read-only [ 85.195117][ T5549] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 85.315061][ T28] audit: type=1400 audit(1771755636.901:316): avc: denied { ioctl } for pid=5548 comm="syz.4.801" path="socket:[12664]" dev="sockfs" ino=12664 ioctlcmd=0x8981 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 85.405608][ T5552] loop2: detected capacity change from 0 to 512 [ 85.560579][ T5552] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.577596][ T5552] ext4 filesystem being mounted at /173/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 86.223754][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.246059][ T5568] FAULT_INJECTION: forcing a failure. [ 86.246059][ T5568] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 86.272064][ T5568] CPU: 0 UID: 0 PID: 5568 Comm: syz.2.805 Not tainted syzkaller #0 PREEMPT(full) [ 86.272155][ T5568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 86.272184][ T5568] Call Trace: [ 86.272191][ T5568] [ 86.272199][ T5568] __dump_stack+0x1d/0x30 [ 86.272229][ T5568] dump_stack_lvl+0x95/0xd0 [ 86.272249][ T5568] dump_stack+0x15/0x1b [ 86.272269][ T5568] should_fail_ex+0x263/0x280 [ 86.272310][ T5568] should_fail+0xb/0x20 [ 86.272327][ T5568] should_fail_usercopy+0x1a/0x20 [ 86.272346][ T5568] _copy_from_user+0x1c/0xb0 [ 86.272368][ T5568] ___sys_sendmsg+0xc1/0x1e0 [ 86.272416][ T5568] __x64_sys_sendmsg+0xd4/0x160 [ 86.272442][ T5568] x64_sys_call+0x194c/0x3020 [ 86.272466][ T5568] do_syscall_64+0x12c/0x370 [ 86.272561][ T5568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.272581][ T5568] RIP: 0033:0x7fa8e1d7c629 [ 86.272595][ T5568] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 86.272662][ T5568] RSP: 002b:00007fa8e07cf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 86.272682][ T5568] RAX: ffffffffffffffda RBX: 00007fa8e1ff5fa0 RCX: 00007fa8e1d7c629 [ 86.272694][ T5568] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 86.272706][ T5568] RBP: 00007fa8e07cf090 R08: 0000000000000000 R09: 0000000000000000 [ 86.272722][ T5568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 86.272733][ T5568] R13: 00007fa8e1ff6038 R14: 00007fa8e1ff5fa0 R15: 00007ffdd3e00428 [ 86.272758][ T5568] [ 86.473123][ T5575] netlink: 24 bytes leftover after parsing attributes in process `syz.2.808'. [ 86.526947][ T5578] netlink: 'syz.2.810': attribute type 25 has an invalid length. [ 86.656770][ T5593] loop2: detected capacity change from 0 to 1024 [ 86.675037][ T5593] EXT4-fs: inline encryption not supported [ 86.686916][ T5593] EXT4-fs: Ignoring removed nomblk_io_submit option [ 86.693917][ T5593] EXT4-fs: Ignoring removed nobh option [ 86.699884][ T5593] EXT4-fs: Ignoring removed bh option [ 86.761808][ T5593] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.816825][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.848582][ T5608] loop2: detected capacity change from 0 to 512 [ 86.893353][ T5611] netlink: 'syz.1.824': attribute type 25 has an invalid length. [ 86.906957][ T5608] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.040178][ T5618] loop1: detected capacity change from 0 to 512 [ 87.052735][ T28] audit: type=1400 audit(1771755638.721:317): avc: denied { module_load } for pid=5621 comm="syz.0.829" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=13526 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=system permissive=1 [ 87.079089][ T28] audit: type=1400 audit(1771755638.721:318): avc: denied { write } for pid=5621 comm="syz.0.829" name="usbmon0" dev="devtmpfs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 87.103413][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.114309][ T28] audit: type=1400 audit(1771755638.721:319): avc: denied { ioctl } for pid=5621 comm="syz.0.829" path="/dev/usbmon0" dev="devtmpfs" ino=141 ioctlcmd=0xf50b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 87.160177][ T5626] loop3: detected capacity change from 0 to 512 [ 87.220703][ T5618] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.223528][ T5626] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -13 [ 87.243508][ T5618] ext4 filesystem being mounted at /160/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 87.268512][ T5628] loop2: detected capacity change from 0 to 512 [ 87.270604][ T5618] FAULT_INJECTION: forcing a failure. [ 87.270604][ T5618] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 87.288758][ T5626] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #13: comm syz.3.831: iget: bad i_size value: 12154757448730 [ 87.288791][ T5626] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 87.289056][ T5626] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.831: couldn't read orphan inode 13 (err -117) [ 87.289173][ T5626] loop3: lost filesystem error report for type 5 error -117 [ 87.289615][ T5626] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.302110][ T5618] CPU: 1 UID: 0 PID: 5618 Comm: syz.1.827 Not tainted syzkaller #0 PREEMPT(full) [ 87.302164][ T5618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 87.302176][ T5618] Call Trace: [ 87.302183][ T5618] [ 87.302190][ T5618] __dump_stack+0x1d/0x30 [ 87.302217][ T5618] dump_stack_lvl+0x95/0xd0 [ 87.302306][ T5618] dump_stack+0x15/0x1b [ 87.302346][ T5618] should_fail_ex+0x263/0x280 [ 87.302368][ T5618] should_fail+0xb/0x20 [ 87.302402][ T5618] should_fail_usercopy+0x1a/0x20 [ 87.302425][ T5618] strncpy_from_user+0x27/0x250 [ 87.302451][ T5618] ? kmem_cache_alloc_noprof+0x18c/0x400 [ 87.302552][ T5618] do_getname+0x59/0x1c0 [ 87.302574][ T5618] getname_flags+0x1d/0x30 [ 87.302593][ T5618] do_sys_openat2+0x60/0x130 [ 87.302619][ T5618] __x64_sys_creat+0x65/0x90 [ 87.302658][ T5618] x64_sys_call+0x2ea0/0x3020 [ 87.302709][ T5618] do_syscall_64+0x12c/0x370 [ 87.302742][ T5618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.302836][ T5618] RIP: 0033:0x7f9111cec629 [ 87.302852][ T5618] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 87.302870][ T5618] RSP: 002b:00007f9110747028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 87.302960][ T5618] RAX: ffffffffffffffda RBX: 00007f9111f65fa0 RCX: 00007f9111cec629 [ 87.302974][ T5618] RDX: 0000000000000000 RSI: 0000000000000090 RDI: 0000200000000080 [ 87.302987][ T5618] RBP: 00007f9110747090 R08: 0000000000000000 R09: 0000000000000000 [ 87.303053][ T5618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 87.303065][ T5618] R13: 00007f9111f66038 R14: 00007f9111f65fa0 R15: 00007ffdc35f8cc8 [ 87.303085][ T5618] [ 87.536379][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.552279][ T5628] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.579482][ T5626] EXT4-fs error (device loop3): ext4_iget_extra_inode:5025: inode #15: comm syz.3.831: corrupted in-inode xattr: overlapping e_value [ 87.643951][ T5628] ext4 filesystem being mounted at /180/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 87.729847][ T5643] tipc: Enabled bearer , priority 0 [ 87.736878][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.760644][ T5643] tipc: Resetting bearer [ 87.779304][ T5642] tipc: Disabling bearer [ 88.020450][ T5629] syz.0.832 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 88.034716][ T5665] loop4: detected capacity change from 0 to 512 [ 88.043139][ T5667] loop3: detected capacity change from 0 to 512 [ 88.052671][ T5660] loop1: detected capacity change from 0 to 8192 [ 88.094753][ T5629] CPU: 0 UID: 0 PID: 5629 Comm: syz.0.832 Not tainted syzkaller #0 PREEMPT(full) [ 88.094858][ T5629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 88.094869][ T5629] Call Trace: [ 88.094877][ T5629] [ 88.094886][ T5629] __dump_stack+0x1d/0x30 [ 88.094914][ T5629] dump_stack_lvl+0x95/0xd0 [ 88.094938][ T5629] dump_stack+0x15/0x1b [ 88.094961][ T5629] dump_header+0x80/0x240 [ 88.095003][ T5629] oom_kill_process+0x295/0x350 [ 88.095022][ T5629] out_of_memory+0x97d/0xb80 [ 88.095040][ T5629] try_charge_memcg+0x62e/0xa10 [ 88.095074][ T5629] mem_cgroup_swapin_charge_folio+0x103/0x1f0 [ 88.095159][ T5629] __swap_cache_prepare_and_add+0x386/0x530 [ 88.095267][ T5629] swap_cache_alloc_folio+0xa2/0x120 [ 88.095330][ T5629] swap_cluster_readahead+0x26e/0x3d0 [ 88.095358][ T5629] swapin_readahead+0xde/0x840 [ 88.095461][ T5629] ? _raw_spin_unlock+0x9/0x30 [ 88.095480][ T5629] ? swap_put_entries_cluster+0x385/0x3a0 [ 88.095623][ T5629] ? swap_put_entries_cluster+0xa1/0x3a0 [ 88.095653][ T5629] ? __rcu_read_unlock+0x4e/0x70 [ 88.095672][ T5629] ? swap_cache_get_folio+0x26f/0x280 [ 88.095742][ T5629] do_swap_page+0x309/0x2210 [ 88.095771][ T5629] ? css_rstat_updated+0xbb/0x280 [ 88.095789][ T5629] ? __rcu_read_lock+0x36/0x50 [ 88.095807][ T5629] ? pte_offset_map_rw_nolock+0x19e/0x200 [ 88.095832][ T5629] handle_mm_fault+0xb40/0x3020 [ 88.095870][ T5629] ? vma_start_read+0x1c7/0x2c0 [ 88.096009][ T5629] do_user_addr_fault+0x62f/0x1050 [ 88.096040][ T5629] ? arch_exit_to_user_mode_prepare+0x26/0x80 [ 88.096070][ T5629] ? trace_page_fault_user+0x1f/0xe0 [ 88.096229][ T5629] exc_page_fault+0x62/0xa0 [ 88.096261][ T5629] asm_exc_page_fault+0x26/0x30 [ 88.096285][ T5629] RIP: 0033:0x7f24b1e5a04c [ 88.096304][ T5629] Code: 4a 31 13 00 eb 24 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 81 c3 f0 00 00 00 48 39 dd 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 f0 00 00 [ 88.096382][ T5629] RSP: 002b:00007fff203a57a0 EFLAGS: 00010202 [ 88.096399][ T5629] RAX: 0000000000000000 RBX: 00007f24b2206090 RCX: 000055558ccdf808 [ 88.096414][ T5629] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 88.096428][ T5629] RBP: 00007f24b2207da0 R08: 0000000000000000 R09: 0000000000000000 [ 88.096442][ T5629] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000157ce [ 88.096472][ T5629] R13: 00007f24b2205fac R14: 00000000000154c6 R15: 00007fff203a58a0 [ 88.096489][ T5629] [ 88.096496][ T5629] memory: usage 307200kB, limit 307200kB, failcnt 224 [ 88.145085][ T5665] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.148652][ T5629] memory+swap: usage 307380kB, limit 9007199254740988kB, failcnt 0 [ 88.169159][ T5667] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -13 [ 88.174224][ T5629] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0 [ 88.239588][ T5665] ext4 filesystem being mounted at /173/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 88.248250][ T5667] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #13: comm syz.3.847: iget: bad i_size value: 12154757448730 [ 88.255467][ T5629] Memory cgroup stats for [ 88.272667][ T5670] netlink: 8 bytes leftover after parsing attributes in process `syz.1.844'. [ 88.292717][ T5629] /syz0: [ 88.424346][ T5629] cache 0 [ 88.430649][ T5629] rss 0 [ 88.433449][ T5629] shmem 0 [ 88.436390][ T5629] mapped_file 0 [ 88.439889][ T5629] dirty 0 [ 88.443134][ T5629] writeback 0 [ 88.446542][ T5629] workingset_refault_anon 847 [ 88.451653][ T5667] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 88.457790][ T28] audit: type=1400 audit(1771755640.121:320): avc: denied { read write } for pid=5655 comm="syz.4.842" name="nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 88.468669][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 88.492286][ T5629] workingset_refault_file 495 [ 88.497579][ C1] EXT4-fs (loop3): initial error at time 1771755640: ext4_orphan_get:1391 [ 88.502205][ T28] audit: type=1400 audit(1771755640.121:321): avc: denied { open } for pid=5655 comm="syz.4.842" path="/dev/nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 88.502287][ C1] : inode 13 [ 88.512795][ T5629] swap 184320 [ 88.535159][ C1] [ 88.540003][ T5629] swapcached 2228224 [ 88.542069][ C1] EXT4-fs (loop3): last error at time 1771755640: ext4_orphan_get:1391 [ 88.544328][ T5629] pgpgin 78423 [ 88.544337][ T5629] pgpgout 78422 [ 88.544345][ T5629] pgfault 81954 [ 88.544352][ T5629] pgmajfault 130 [ 88.544359][ T5629] inactive_anon 4096 [ 88.544367][ T5629] active_anon 0 [ 88.544374][ T5629] inactive_file 0 [ 88.548396][ C1] : inode 13 [ 88.556867][ T5629] active_file 0 [ 88.556930][ T5629] unevictable 0 [ 88.556937][ T5629] hierarchical_memory_limit 314572800 [ 88.556946][ T5629] hierarchical_memsw_limit 9223372036854771712 [ 88.556956][ T5629] total_cache 0 [ 88.556963][ T5629] total_rss 0 [ 88.556970][ T5629] total_shmem 0 [ 88.556978][ T5629] total_mapped_file 0 [ 88.556986][ T5629] total_dirty 0 [ 88.556994][ T5629] total_writeback 0 [ 88.557068][ T5629] total_workingset_refault_anon 847 [ 88.557077][ T5629] total_workingset_refault_file 495 [ 88.557086][ T5629] total_swap 184320 [ 88.557094][ T5629] total_swapcached 2228224 [ 88.557158][ T5629] total_pgpgin 78423 [ 88.557166][ T5629] total_pgpgout 78422 [ 88.557174][ T5629] total_pgfault 81954 [ 88.557182][ T5629] total_pgmajfault 130 [ 88.557191][ T5629] total_inactive_anon 4096 [ 88.560647][ C1] [ 88.564136][ T5629] total_active_anon 0 [ 88.564145][ T5629] total_inactive_file 0 [ 88.564178][ T5629] total_active_file 0 [ 88.564186][ T5629] total_unevictable 0 [ 88.564194][ T5629] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.832,pid=5629,uid=0 [ 88.564307][ T5629] Memory cgroup out of memory: Killed process 5629 (syz.0.832) total-vm:94028kB, anon-rss:1224kB, file-rss:22276kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 88.570123][ T5667] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.847: couldn't read orphan inode 13 (err -117) [ 88.631788][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.633511][ T5667] loop3: lost filesystem error report for type 5 error -117 [ 88.750978][ T5667] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.756393][ T5675] loop2: detected capacity change from 0 to 256 [ 88.774077][ T5667] EXT4-fs error (device loop3): ext4_iget_extra_inode:5025: inode #15: comm syz.3.847: corrupted in-inode xattr: overlapping e_value [ 88.818526][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.830842][ T5675] capability: warning: `syz.2.848' uses 32-bit capabilities (legacy support in use) [ 88.841006][ T5675] program syz.2.848 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 88.853133][ T28] audit: type=1400 audit(1771755640.521:322): avc: denied { read } for pid=5674 comm="syz.2.848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 88.897963][ T5677] tipc: Enabled bearer , priority 0 [ 88.929477][ T5680] loop3: detected capacity change from 0 to 256 [ 88.965519][ T5677] tipc: Resetting bearer [ 88.976627][ T5676] tipc: Disabling bearer [ 89.036866][ T5683] FAULT_INJECTION: forcing a failure. [ 89.036866][ T5683] name failslab, interval 1, probability 0, space 0, times 1 [ 89.062633][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.096908][ T5683] CPU: 1 UID: 0 PID: 5683 Comm: syz.2.851 Not tainted syzkaller #0 PREEMPT(full) [ 89.096938][ T5683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 89.096950][ T5683] Call Trace: [ 89.096958][ T5683] [ 89.096966][ T5683] __dump_stack+0x1d/0x30 [ 89.097051][ T5683] dump_stack_lvl+0x95/0xd0 [ 89.097076][ T5683] dump_stack+0x15/0x1b [ 89.097098][ T5683] should_fail_ex+0x263/0x280 [ 89.097119][ T5683] should_failslab+0x8c/0xb0 [ 89.097160][ T5683] kmem_cache_alloc_noprof+0x66/0x400 [ 89.097183][ T5683] ? do_getname+0x2e/0x1c0 [ 89.097205][ T5683] do_getname+0x2e/0x1c0 [ 89.097260][ T5683] __se_sys_mknod+0x21/0xf0 [ 89.097337][ T5683] __x64_sys_mknod+0x43/0x50 [ 89.097502][ T5683] x64_sys_call+0x2acd/0x3020 [ 89.097552][ T5683] do_syscall_64+0x12c/0x370 [ 89.097587][ T5683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.097610][ T5683] RIP: 0033:0x7fa8e1d7c629 [ 89.097680][ T5683] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.097698][ T5683] RSP: 002b:00007fa8e07cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 89.097718][ T5683] RAX: ffffffffffffffda RBX: 00007fa8e1ff5fa0 RCX: 00007fa8e1d7c629 [ 89.097738][ T5683] RDX: 0000000000000704 RSI: 0000000000008000 RDI: 0000200000000040 [ 89.097764][ T5683] RBP: 00007fa8e07cf090 R08: 0000000000000000 R09: 0000000000000000 [ 89.097778][ T5683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.097789][ T5683] R13: 00007fa8e1ff6038 R14: 00007fa8e1ff5fa0 R15: 00007ffdd3e00428 [ 89.097842][ T5683] [ 89.407427][ T5698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.421356][ T5695] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 89.455989][ T5698] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.479656][ T5695] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.857: Invalid block bitmap block 0 in block_group 0 [ 89.529001][ T5695] loop2: lost filesystem error report for type 5 error -117 [ 89.529156][ T5695] Quota error (device loop2): write_blk: dquota write failed [ 89.545808][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 89.545834][ C0] EXT4-fs (loop2): initial error at time 1771755641: ext4_read_block_bitmap_nowait:483 [ 89.545854][ C0] EXT4-fs (loop2): last error at time 1771755641: ext4_read_block_bitmap_nowait:483 [ 89.580556][ T28] audit: type=1400 audit(1771755641.221:323): avc: denied { read } for pid=5705 comm="syz.0.862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 89.622300][ T5695] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 89.636020][ T5695] EXT4-fs error (device loop2): ext4_acquire_dquot:7001: comm syz.2.857: Failed to acquire dquot type 0 [ 89.650585][ T5695] loop2: lost filesystem error report for type 5 error -117 [ 89.650782][ T5695] EXT4-fs error (device loop2): ext4_free_blocks:6725: comm syz.2.857: Freeing blocks not in datazone - block = 0, count = 4096 [ 89.671981][ T5695] loop2: lost filesystem error report for type 5 error -117 [ 89.672207][ T5695] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.857: Invalid inode bitmap blk 0 in block_group 0 [ 89.693009][ T50] EXT4-fs error (device loop2): ext4_release_dquot:7037: comm kworker/u8:3: Failed to release dquot type 0 [ 89.705475][ T5695] loop2: lost filesystem error report for type 5 error -117 [ 89.705680][ T5695] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem [ 89.722227][ T50] loop2: lost filesystem error report for type 5 error -117 [ 89.722417][ T5695] loop2: lost filesystem error report for type 5 error -117 [ 89.731456][ T5695] EXT4-fs (loop2): 1 orphan inode deleted [ 89.745357][ T5695] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.807301][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.860812][ T5722] FAULT_INJECTION: forcing a failure. [ 89.860812][ T5722] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 89.887093][ T5722] CPU: 0 UID: 0 PID: 5722 Comm: syz.1.867 Not tainted syzkaller #0 PREEMPT(full) [ 89.887120][ T5722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 89.887134][ T5722] Call Trace: [ 89.887141][ T5722] [ 89.887151][ T5722] __dump_stack+0x1d/0x30 [ 89.887178][ T5722] dump_stack_lvl+0x95/0xd0 [ 89.887279][ T5722] dump_stack+0x15/0x1b [ 89.887298][ T5722] should_fail_ex+0x263/0x280 [ 89.887317][ T5722] should_fail+0xb/0x20 [ 89.887337][ T5722] should_fail_usercopy+0x1a/0x20 [ 89.887362][ T5722] _copy_from_user+0x1c/0xb0 [ 89.887477][ T5722] ___sys_sendmsg+0xc1/0x1e0 [ 89.887515][ T5722] __x64_sys_sendmsg+0xd4/0x160 [ 89.887546][ T5722] x64_sys_call+0x194c/0x3020 [ 89.887632][ T5722] do_syscall_64+0x12c/0x370 [ 89.887670][ T5722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.887736][ T5722] RIP: 0033:0x7f9111cec629 [ 89.887751][ T5722] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.887768][ T5722] RSP: 002b:00007f9110747028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 89.887790][ T5722] RAX: ffffffffffffffda RBX: 00007f9111f65fa0 RCX: 00007f9111cec629 [ 89.887804][ T5722] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 89.887815][ T5722] RBP: 00007f9110747090 R08: 0000000000000000 R09: 0000000000000000 [ 89.887826][ T5722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.887910][ T5722] R13: 00007f9111f66038 R14: 00007f9111f65fa0 R15: 00007ffdc35f8cc8 [ 89.887927][ T5722] [ 90.276150][ T5728] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 90.290514][ T5700] syz.3.860 (5700) used greatest stack depth: 6072 bytes left [ 90.372009][ T5736] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 90.438873][ T5741] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 90.459112][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.463073][ T5741] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.875: Invalid block bitmap block 0 in block_group 0 [ 90.483010][ T5741] loop4: lost filesystem error report for type 5 error -117 [ 90.483682][ T5741] __quota_error: 2 callbacks suppressed [ 90.483703][ T5741] Quota error (device loop4): write_blk: dquota write failed [ 90.491477][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 90.491498][ C0] EXT4-fs (loop4): initial error at time 1771755642: ext4_read_block_bitmap_nowait:483 [ 90.491540][ C0] EXT4-fs (loop4): last error at time 1771755642: ext4_read_block_bitmap_nowait:483 [ 90.532579][ T5741] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 90.546011][ T5741] EXT4-fs error (device loop4): ext4_acquire_dquot:7001: comm syz.4.875: Failed to acquire dquot type 0 [ 90.557333][ T5741] loop4: lost filesystem error report for type 5 error -117 [ 90.558827][ T5741] EXT4-fs error (device loop4): ext4_free_blocks:6725: comm syz.4.875: Freeing blocks not in datazone - block = 0, count = 4096 [ 90.579986][ T5741] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.875: Invalid inode bitmap blk 0 in block_group 0 [ 90.587569][ T5744] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 90.606961][ T5741] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 90.617321][ T50] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-7 [ 90.618457][ T5746] EXT4-fs: inline encryption not supported [ 90.641714][ T5741] EXT4-fs (loop4): 1 orphan inode deleted [ 90.647290][ T50] EXT4-fs error (device loop4): ext4_release_dquot:7037: comm kworker/u8:3: Failed to release dquot type 0 [ 90.651499][ T5741] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.672122][ T5746] EXT4-fs: Ignoring removed nomblk_io_submit option [ 90.679069][ T5746] EXT4-fs: Ignoring removed nobh option [ 90.688755][ T5746] EXT4-fs: Ignoring removed bh option [ 90.711215][ T5744] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.876: Invalid block bitmap block 0 in block_group 0 [ 90.726027][ T5744] Quota error (device loop0): write_blk: dquota write failed [ 90.733647][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 90.733672][ C0] EXT4-fs (loop0): initial error at time 1771755642: ext4_read_block_bitmap_nowait:483 [ 90.733716][ C0] EXT4-fs (loop0): last error at time 1771755642: ext4_read_block_bitmap_nowait:483 [ 90.740537][ T5746] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.741602][ T5744] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 90.802324][ T5744] EXT4-fs error (device loop0): ext4_acquire_dquot:7001: comm syz.0.876: Failed to acquire dquot type 0 [ 90.815254][ T5744] EXT4-fs error (device loop0): ext4_free_blocks:6725: comm syz.0.876: Freeing blocks not in datazone - block = 0, count = 4096 [ 90.830912][ T5744] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.876: Invalid inode bitmap blk 0 in block_group 0 [ 90.844861][ T30] Quota error (device loop0): do_check_range: Getting block 0 out of range 1-7 [ 90.854076][ T30] EXT4-fs error (device loop0): ext4_release_dquot:7037: comm kworker/u8:1: Failed to release dquot type 0 [ 90.930224][ T5755] netlink: 16 bytes leftover after parsing attributes in process `syz.2.879'. [ 90.939571][ T5755] netlink: 16 bytes leftover after parsing attributes in process `syz.2.879'. [ 91.028899][ T5744] EXT4-fs error (device loop0) in ext4_free_inode:361: Corrupt filesystem [ 91.038179][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.038974][ T5744] EXT4-fs (loop0): 1 orphan inode deleted [ 91.095019][ T5744] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.452406][ T5766] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -13 [ 91.534665][ T5766] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #13: comm syz.1.884: iget: bad i_size value: 12154757448730 [ 91.549040][ T5766] loop1: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 91.557452][ T5766] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.884: couldn't read orphan inode 13 (err -117) [ 91.566843][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 91.566868][ C1] EXT4-fs (loop1): initial error at time 1771755643: ext4_orphan_get:1391: inode 13 [ 91.566921][ C1] EXT4-fs (loop1): last error at time 1771755643: ext4_orphan_get:1391: inode 13 [ 91.618118][ T5778] EXT4-fs: test_dummy_encryption option not supported [ 91.671860][ T5782] netlink: 4 bytes leftover after parsing attributes in process `syz.2.891'. [ 91.694432][ T5786] FAULT_INJECTION: forcing a failure. [ 91.694432][ T5786] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 91.721992][ T5786] CPU: 0 UID: 0 PID: 5786 Comm: syz.1.890 Not tainted syzkaller #0 PREEMPT(full) [ 91.722017][ T5786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 91.722028][ T5786] Call Trace: [ 91.722035][ T5786] [ 91.722043][ T5786] __dump_stack+0x1d/0x30 [ 91.722069][ T5786] dump_stack_lvl+0x95/0xd0 [ 91.722099][ T5786] dump_stack+0x15/0x1b [ 91.722121][ T5786] should_fail_ex+0x263/0x280 [ 91.722142][ T5786] should_fail+0xb/0x20 [ 91.722159][ T5786] should_fail_usercopy+0x1a/0x20 [ 91.722202][ T5786] _copy_from_iter+0xcf/0xea0 [ 91.722227][ T5786] ? __alloc_skb+0x4f6/0x690 [ 91.722284][ T5786] ? __alloc_skb+0x200/0x690 [ 91.722319][ T5786] netlink_sendmsg+0x4ae/0x6f0 [ 91.722351][ T5786] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.722380][ T5786] ____sys_sendmsg+0x5af/0x600 [ 91.722406][ T5786] ___sys_sendmsg+0x195/0x1e0 [ 91.722523][ T5786] __x64_sys_sendmsg+0xd4/0x160 [ 91.722553][ T5786] x64_sys_call+0x194c/0x3020 [ 91.722591][ T5786] do_syscall_64+0x12c/0x370 [ 91.722673][ T5786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.722696][ T5786] RIP: 0033:0x7f9111cec629 [ 91.722711][ T5786] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 91.722726][ T5786] RSP: 002b:00007f9110747028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.722846][ T5786] RAX: ffffffffffffffda RBX: 00007f9111f65fa0 RCX: 00007f9111cec629 [ 91.722862][ T5786] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 91.722876][ T5786] RBP: 00007f9110747090 R08: 0000000000000000 R09: 0000000000000000 [ 91.722890][ T5786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.722907][ T5786] R13: 00007f9111f66038 R14: 00007f9111f65fa0 R15: 00007ffdc35f8cc8 [ 91.722924][ T5786] [ 91.917948][ T5788] set_capacity_and_notify: 10 callbacks suppressed [ 91.917967][ T5788] loop2: detected capacity change from 0 to 1024 [ 91.931786][ T5788] EXT4-fs: Ignoring removed orlov option [ 92.050305][ T5788] netlink: 32 bytes leftover after parsing attributes in process `syz.2.893'. [ 92.060072][ T5788] netlink: 4 bytes leftover after parsing attributes in process `syz.2.893'. [ 92.077712][ T5760] syz.3.880 (5760) used greatest stack depth: 5880 bytes left [ 92.160986][ T5801] loop3: detected capacity change from 0 to 512 [ 92.163938][ T5799] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 92.175547][ T5804] loop2: detected capacity change from 0 to 1024 [ 92.210776][ T5801] ext4 filesystem being mounted at /185/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.223566][ T5804] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 92.251328][ T5812] netlink: 64 bytes leftover after parsing attributes in process `syz.4.901'. [ 92.262034][ T5806] loop0: detected capacity change from 0 to 512 [ 92.276901][ T5804] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.896: Invalid block bitmap block 0 in block_group 0 [ 92.298860][ T5804] fserror_report: 10 callbacks suppressed [ 92.298873][ T5804] loop2: lost filesystem error report for type 5 error -117 [ 92.304889][ T5804] Quota error (device loop2): write_blk: dquota write failed [ 92.312204][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 92.312225][ C1] EXT4-fs (loop2): initial error at time 1771755643: ext4_read_block_bitmap_nowait:483 [ 92.312247][ C1] EXT4-fs (loop2): last error at time 1771755643: ext4_read_block_bitmap_nowait:483 [ 92.353278][ T5816] loop4: detected capacity change from 0 to 512 [ 92.391376][ T5804] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 92.404849][ T5816] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -13 [ 92.415324][ T5804] EXT4-fs error (device loop2): ext4_acquire_dquot:7001: comm syz.2.896: Failed to acquire dquot type 0 [ 92.417632][ T5820] netlink: 16 bytes leftover after parsing attributes in process `syz.1.900'. [ 92.427048][ T5816] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #13: comm syz.4.902: iget: bad i_size value: 12154757448730 [ 92.484594][ T5806] ext4 filesystem being mounted at /162/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.495354][ T5817] netlink: 16 bytes leftover after parsing attributes in process `syz.1.900'. [ 92.518670][ T5804] loop2: lost filesystem error report for type 5 error -117 [ 92.518878][ T5804] EXT4-fs error (device loop2): ext4_free_blocks:6725: comm syz.2.896: Freeing blocks not in datazone - block = 0, count = 4096 [ 92.543286][ T5816] loop4: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 92.543548][ T5816] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.902: couldn't read orphan inode 13 (err -117) [ 92.549400][ T5804] loop2: lost filesystem error report for type 5 error -117 [ 92.552782][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 92.578189][ C0] EXT4-fs (loop4): initial error at time 1771755644: ext4_orphan_get:1391: inode 13 [ 92.588067][ C0] EXT4-fs (loop4): last error at time 1771755644: ext4_orphan_get:1391: inode 13 [ 92.597993][ T5816] loop4: lost filesystem error report for type 5 error -117 [ 92.598832][ T5804] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.896: Invalid inode bitmap blk 0 in block_group 0 [ 92.620346][ T30] Quota error (device loop2): do_check_range: Getting block 0 out of range 1-7 [ 92.634154][ T30] EXT4-fs error (device loop2): ext4_release_dquot:7037: comm kworker/u8:1: Failed to release dquot type 0 [ 92.645831][ T30] loop2: lost filesystem error report for type 5 error -117 [ 92.656250][ T5804] loop2: lost filesystem error report for type 5 error -117 [ 92.685376][ T5804] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem [ 92.730308][ T5804] loop2: lost filesystem error report for type 5 error -117 [ 92.730625][ T5804] EXT4-fs (loop2): 1 orphan inode deleted [ 92.831128][ T5826] sctp: [Deprecated]: syz.4.904 (pid 5826) Use of int in max_burst socket option. [ 92.831128][ T5826] Use struct sctp_assoc_value instead [ 92.831200][ T28] audit: type=1400 audit(1771755644.501:325): avc: denied { getopt } for pid=5825 comm="syz.4.904" lport=37160 faddr=::ffff:100.1.1.2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 93.203660][ T5831] loop4: detected capacity change from 0 to 1024 [ 93.267644][ T5831] EXT4-fs: inline encryption not supported [ 93.291022][ T5831] EXT4-fs: Ignoring removed nomblk_io_submit option [ 93.314478][ T5831] EXT4-fs: Ignoring removed nobh option [ 93.334864][ T5831] EXT4-fs: Ignoring removed bh option [ 93.483308][ T5840] nftables ruleset with unbound chain [ 93.492498][ T5841] FAULT_INJECTION: forcing a failure. [ 93.492498][ T5841] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 93.530123][ T5841] CPU: 1 UID: 0 PID: 5841 Comm: syz.4.908 Not tainted syzkaller #0 PREEMPT(full) [ 93.530266][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 93.530302][ T5841] Call Trace: [ 93.530312][ T5841] [ 93.530320][ T5841] __dump_stack+0x1d/0x30 [ 93.530347][ T5841] dump_stack_lvl+0x95/0xd0 [ 93.530438][ T5841] dump_stack+0x15/0x1b [ 93.530459][ T5841] should_fail_ex+0x263/0x280 [ 93.530484][ T5841] should_fail+0xb/0x20 [ 93.530503][ T5841] should_fail_usercopy+0x1a/0x20 [ 93.530577][ T5841] _copy_from_user+0x1c/0xb0 [ 93.530617][ T5841] ___sys_sendmsg+0xc1/0x1e0 [ 93.530758][ T5841] __x64_sys_sendmsg+0xd4/0x160 [ 93.530790][ T5841] x64_sys_call+0x194c/0x3020 [ 93.530813][ T5841] do_syscall_64+0x12c/0x370 [ 93.530850][ T5841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.530910][ T5841] RIP: 0033:0x7f892eb5c629 [ 93.530929][ T5841] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 93.530947][ T5841] RSP: 002b:00007f892d5af028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.530999][ T5841] RAX: ffffffffffffffda RBX: 00007f892edd5fa0 RCX: 00007f892eb5c629 [ 93.531018][ T5841] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 93.531032][ T5841] RBP: 00007f892d5af090 R08: 0000000000000000 R09: 0000000000000000 [ 93.531047][ T5841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 93.531061][ T5841] R13: 00007f892edd6038 R14: 00007f892edd5fa0 R15: 00007ffd3cc110d8 [ 93.531106][ T5841] [ 93.878101][ T5867] loop0: detected capacity change from 0 to 1024 [ 93.890489][ T5871] netlink: 'syz.3.922': attribute type 24 has an invalid length. [ 93.900196][ T5867] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 94.032636][ T5867] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.919: Invalid block bitmap block 0 in block_group 0 [ 94.131828][ T5867] loop0: lost filesystem error report for type 5 error -117 [ 94.138639][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 94.152423][ C0] EXT4-fs (loop0): initial error at time 1771755645: ext4_read_block_bitmap_nowait:483 [ 94.162108][ C0] EXT4-fs (loop0): last error at time 1771755645: ext4_read_block_bitmap_nowait:483 [ 94.300663][ T5867] EXT4-fs error (device loop0): ext4_acquire_dquot:7001: comm syz.0.919: Failed to acquire dquot type 0 [ 94.367914][ T5867] loop0: lost filesystem error report for type 5 error -117 [ 94.368460][ T5867] EXT4-fs error (device loop0): ext4_free_blocks:6725: comm syz.0.919: Freeing blocks not in datazone - block = 0, count = 4096 [ 94.657921][ T5867] loop0: lost filesystem error report for type 5 error -117 [ 94.692991][ T5867] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.919: Invalid inode bitmap blk 0 in block_group 0 [ 94.714316][ T5834] EXT4-fs error (device loop0): ext4_release_dquot:7037: comm kworker/u8:8: Failed to release dquot type 0 [ 94.726963][ T5867] EXT4-fs error (device loop0) in ext4_free_inode:361: Corrupt filesystem [ 94.735932][ T5867] EXT4-fs (loop0): 1 orphan inode deleted [ 94.893297][ T5889] loop3: detected capacity change from 0 to 512 [ 94.922758][ T5866] syz.1.920 (5866) used greatest stack depth: 5752 bytes left [ 94.979761][ T5889] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -13 [ 95.013084][ T5892] netlink: 16 bytes leftover after parsing attributes in process `syz.4.926'. [ 95.036145][ T5889] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #13: comm syz.3.927: iget: bad i_size value: 12154757448730 [ 95.069724][ T5896] loop2: detected capacity change from 0 to 512 [ 95.087697][ T5896] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -13 [ 95.099081][ T5889] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 95.108627][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 95.126265][ C1] EXT4-fs (loop3): initial error at time 1771755646: ext4_orphan_get:1391: inode 13 [ 95.141165][ C1] EXT4-fs (loop3): last error at time 1771755646: ext4_orphan_get:1391: inode 13 [ 95.154998][ T5898] netlink: 16 bytes leftover after parsing attributes in process `syz.4.926'. [ 95.155015][ T5889] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.927: couldn't read orphan inode 13 (err -117) [ 95.159245][ T5896] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #13: comm syz.2.929: iget: bad i_size value: 12154757448730 [ 95.201552][ T5896] loop2: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 95.201854][ T5896] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.929: couldn't read orphan inode 13 (err -117) [ 95.211065][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 95.211087][ C0] EXT4-fs (loop2): initial error at time 1771755646: ext4_orphan_get:1391: inode 13 [ 95.211129][ C0] EXT4-fs (loop2): last error at time 1771755646: ext4_orphan_get:1391: inode 13 [ 95.308806][ T5902] loop0: detected capacity change from 0 to 512 [ 95.392375][ T5896] FAULT_INJECTION: forcing a failure. [ 95.392375][ T5896] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 95.419100][ T5896] CPU: 1 UID: 0 PID: 5896 Comm: syz.2.929 Not tainted syzkaller #0 PREEMPT(full) [ 95.419130][ T5896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 95.419141][ T5896] Call Trace: [ 95.419146][ T5896] [ 95.419153][ T5896] __dump_stack+0x1d/0x30 [ 95.419222][ T5896] dump_stack_lvl+0x95/0xd0 [ 95.419244][ T5896] dump_stack+0x15/0x1b [ 95.419267][ T5896] should_fail_ex+0x263/0x280 [ 95.419293][ T5896] should_fail+0xb/0x20 [ 95.419334][ T5896] should_fail_usercopy+0x1a/0x20 [ 95.419354][ T5896] _copy_to_user+0x20/0xa0 [ 95.419443][ T5896] simple_read_from_buffer+0xb5/0x130 [ 95.419502][ T5896] proc_fail_nth_read+0x10e/0x150 [ 95.419527][ T5896] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 95.419599][ T5896] vfs_read+0x1ab/0x7f0 [ 95.419629][ T5896] ? __rcu_read_unlock+0x4e/0x70 [ 95.419654][ T5896] ? __fget_files+0x184/0x1c0 [ 95.419714][ T5896] ? mutex_lock+0x57/0x90 [ 95.419762][ T5896] ksys_read+0xdc/0x1a0 [ 95.419793][ T5896] __x64_sys_read+0x40/0x50 [ 95.419966][ T5896] x64_sys_call+0x2886/0x3020 [ 95.419990][ T5896] do_syscall_64+0x12c/0x370 [ 95.420082][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.420103][ T5896] RIP: 0033:0x7fa8e1d3cece [ 95.420209][ T5896] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 95.420227][ T5896] RSP: 002b:00007fa8e07cefe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 95.420248][ T5896] RAX: ffffffffffffffda RBX: 00007fa8e07cf6c0 RCX: 00007fa8e1d3cece [ 95.420283][ T5896] RDX: 000000000000000f RSI: 00007fa8e07cf0a0 RDI: 0000000000000005 [ 95.420295][ T5896] RBP: 00007fa8e07cf090 R08: 0000000000000000 R09: 0000000000000000 [ 95.420307][ T5896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.420319][ T5896] R13: 00007fa8e1ff6038 R14: 00007fa8e1ff5fa0 R15: 00007ffdd3e00428 [ 95.420339][ T5896] [ 95.444904][ T5902] ext4 filesystem being mounted at /167/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 95.704055][ T5918] FAULT_INJECTION: forcing a failure. [ 95.704055][ T5918] name failslab, interval 1, probability 0, space 0, times 0 [ 95.736547][ T5902] FAULT_INJECTION: forcing a failure. [ 95.736547][ T5902] name failslab, interval 1, probability 0, space 0, times 0 [ 95.748723][ T5918] CPU: 1 UID: 0 PID: 5918 Comm: syz.2.934 Not tainted syzkaller #0 PREEMPT(full) [ 95.748784][ T5918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 95.748797][ T5918] Call Trace: [ 95.748804][ T5918] [ 95.748812][ T5918] __dump_stack+0x1d/0x30 [ 95.748876][ T5918] dump_stack_lvl+0x95/0xd0 [ 95.748900][ T5918] dump_stack+0x15/0x1b [ 95.748921][ T5918] should_fail_ex+0x263/0x280 [ 95.748943][ T5918] should_failslab+0x8c/0xb0 [ 95.749038][ T5918] kmem_cache_alloc_node_noprof+0x6d/0x460 [ 95.749062][ T5918] ? __alloc_skb+0x2d6/0x690 [ 95.749086][ T5918] __alloc_skb+0x2d6/0x690 [ 95.749156][ T5918] ? __alloc_skb+0x200/0x690 [ 95.749190][ T5918] netlink_alloc_large_skb+0xbf/0xf0 [ 95.749216][ T5918] netlink_sendmsg+0x40c/0x6f0 [ 95.749284][ T5918] ? __pfx_netlink_sendmsg+0x10/0x10 [ 95.749417][ T5918] ____sys_sendmsg+0x5af/0x600 [ 95.749447][ T5918] ___sys_sendmsg+0x195/0x1e0 [ 95.749538][ T5918] __x64_sys_sendmsg+0xd4/0x160 [ 95.749568][ T5918] x64_sys_call+0x194c/0x3020 [ 95.749595][ T5918] do_syscall_64+0x12c/0x370 [ 95.749708][ T5918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.749729][ T5918] RIP: 0033:0x7fa8e1d7c629 [ 95.749745][ T5918] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 95.749761][ T5918] RSP: 002b:00007fa8e07cf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 95.749781][ T5918] RAX: ffffffffffffffda RBX: 00007fa8e1ff5fa0 RCX: 00007fa8e1d7c629 [ 95.749794][ T5918] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 95.749862][ T5918] RBP: 00007fa8e07cf090 R08: 0000000000000000 R09: 0000000000000000 [ 95.749875][ T5918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.749949][ T5918] R13: 00007fa8e1ff6038 R14: 00007fa8e1ff5fa0 R15: 00007ffdd3e00428 [ 95.750003][ T5918] [ 95.819239][ T5925] netlink: 'syz.4.941': attribute type 25 has an invalid length. [ 95.826990][ T5902] CPU: 0 UID: 0 PID: 5902 Comm: syz.0.930 Not tainted syzkaller #0 PREEMPT(full) [ 95.827050][ T5902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 95.827063][ T5902] Call Trace: [ 95.827069][ T5902] [ 95.827077][ T5902] __dump_stack+0x1d/0x30 [ 95.827105][ T5902] dump_stack_lvl+0x95/0xd0 [ 95.827129][ T5902] dump_stack+0x15/0x1b [ 95.827151][ T5902] should_fail_ex+0x263/0x280 [ 95.827203][ T5902] should_failslab+0x8c/0xb0 [ 95.827225][ T5902] kmem_cache_alloc_lru_noprof+0x6c/0x410 [ 95.827248][ T5902] ? __d_alloc+0x37/0x340 [ 95.827273][ T5902] ? raw_irqentry_exit_cond_resched+0x3d/0x60 [ 95.827308][ T5902] __d_alloc+0x37/0x340 [ 95.827409][ T5902] d_alloc_parallel+0x54/0xce0 [ 95.827444][ T5902] ? lockref_get_not_dead+0x120/0x1c0 [ 95.827472][ T5902] ? __rcu_read_unlock+0x4e/0x70 [ 95.827517][ T5902] ? try_to_unlazy+0x39d/0x580 [ 95.827545][ T5902] __lookup_slow+0x96/0x260 [ 95.827624][ T5902] lookup_slow+0x3c/0x60 [ 95.827650][ T5902] link_path_walk+0x946/0xe30 [ 95.827680][ T5902] path_openat+0x1c6/0x2050 [ 95.827719][ T5902] do_file_open+0x16c/0x290 [ 95.827886][ T5902] do_sys_openat2+0x94/0x130 [ 95.827914][ T5902] __x64_sys_creat+0x65/0x90 [ 95.827971][ T5902] x64_sys_call+0x2ea0/0x3020 [ 95.827998][ T5902] do_syscall_64+0x12c/0x370 [ 95.828060][ T5902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.828083][ T5902] RIP: 0033:0x7f24b1f8c629 [ 95.828100][ T5902] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 95.828117][ T5902] RSP: 002b:00007f24b09e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 95.828139][ T5902] RAX: ffffffffffffffda RBX: 00007f24b2205fa0 RCX: 00007f24b1f8c629 [ 95.828180][ T5902] RDX: 0000000000000000 RSI: 0000000000000090 RDI: 0000200000000080 [ 95.828194][ T5902] RBP: 00007f24b09e7090 R08: 0000000000000000 R09: 0000000000000000 [ 95.828207][ T5902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.828220][ T5902] R13: 00007f24b2206038 R14: 00007f24b2205fa0 R15: 00007fff203a5638 [ 95.828313][ T5902] [ 95.937163][ T5931] EXT4-fs: Ignoring removed nomblk_io_submit option [ 95.997320][ T5933] netlink: 'syz.2.946': attribute type 25 has an invalid length. [ 96.151280][ T5931] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 96.210495][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 96.210511][ T28] audit: type=1400 audit(1771755647.881:331): avc: denied { append } for pid=5936 comm="syz.1.947" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 96.232261][ T5945] EXT4-fs (loop4): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 96.235090][ T5943] syzkaller1: entered promiscuous mode [ 96.235111][ T5943] syzkaller1: entered allmulticast mode [ 96.240145][ T5945] EXT4-fs error (device loop4): ext4_map_blocks:776: inode #3: block 2: comm syz.4.949: lblock 2 mapped to illegal pblock 2 (length 1) [ 96.240181][ T5945] loop4: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 96.240279][ T5945] Quota error (device loop4): qtree_write_dquot: dquota write failed [ 96.240302][ T5945] EXT4-fs error (device loop4): ext4_map_blocks:776: inode #3: block 48: comm syz.4.949: lblock 0 mapped to illegal pblock 48 (length 1) [ 96.240460][ T5945] loop4: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 96.240648][ T5945] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 96.240669][ T5945] EXT4-fs error (device loop4): ext4_acquire_dquot:7001: comm syz.4.949: Failed to acquire dquot type 0 [ 96.240771][ T5945] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6246: Corrupt filesystem [ 96.240826][ T5945] EXT4-fs error (device loop4): ext4_evict_inode:255: inode #11: comm syz.4.949: mark_inode_dirty error [ 96.240851][ T5945] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 96.240952][ T5945] EXT4-fs warning (device loop4): ext4_evict_inode:258: couldn't mark inode dirty (err -117) [ 96.240988][ T5945] EXT4-fs (loop4): 1 orphan inode deleted [ 96.242431][ T5945] EXT4-fs error (device loop4): ext4_map_blocks:776: inode #3: block 1: comm syz.4.949: lblock 1 mapped to illegal pblock 1 (length 1) [ 96.242560][ T28] audit: type=1400 audit(1771755647.911:332): avc: denied { create } for pid=5941 comm="syz.4.949" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 96.242816][ T5945] Quota error (device loop4): find_tree_dqentry: Can't read quota tree block 1 [ 96.242835][ T5945] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 60929 [ 96.242854][ T5945] EXT4-fs error (device loop4): ext4_acquire_dquot:7001: comm syz.4.949: Failed to acquire dquot type 0 [ 96.319092][ T5948] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -13 [ 96.367022][ T5931] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e054c018, mo2=0002] [ 96.528805][ T5948] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #13: comm syz.2.950: iget: bad i_size value: 12154757448730 [ 96.544288][ T5948] loop2: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 96.544614][ T5948] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.950: couldn't read orphan inode 13 (err -117) [ 96.553912][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 96.553934][ C0] EXT4-fs (loop2): initial error at time 1771755648: ext4_orphan_get:1391: inode 13 [ 96.553958][ C0] EXT4-fs (loop2): last error at time 1771755648: ext4_orphan_get:1391: inode 13 [ 96.605084][ T5931] System zones: 0-1, 3-36 [ 96.635452][ T5953] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 96.658747][ T5953] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 96.708108][ T5953] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 96.724175][ T5834] EXT4-fs error (device loop4): ext4_map_blocks:776: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 96.749026][ T5834] loop4: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 96.758754][ T5953] EXT4-fs (loop0): 1 truncate cleaned up [ 96.758814][ T5834] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 96.782917][ T5931] netlink: 72 bytes leftover after parsing attributes in process `syz.3.942'. [ 96.799868][ T5834] EXT4-fs error (device loop4): ext4_release_dquot:7037: comm kworker/u8:8: Failed to release dquot type 0 [ 96.822872][ T3315] EXT4-fs error (device loop4): __ext4_get_inode_loc:4782: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 96.837313][ T5928] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 96.848714][ T3315] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6246: Corrupt filesystem [ 96.874720][ T5958] EXT4-fs error (device loop2): ext4_iget_extra_inode:5025: inode #15: comm syz.2.953: corrupted in-inode xattr: e_value out of bounds [ 96.888785][ T5958] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 96.889013][ T5958] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.953: couldn't read orphan inode 15 (err -117) [ 96.896283][ T3315] EXT4-fs error (device loop4): ext4_quota_off:7285: inode #3: comm syz-executor: mark_inode_dirty error [ 96.948040][ T3315] loop4: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 96.985113][ T28] audit: type=1400 audit(1771755648.651:333): avc: denied { name_bind } for pid=5964 comm="syz.0.956" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 97.060725][ T5971] netlink: 'syz.3.958': attribute type 25 has an invalid length. [ 97.201208][ T28] audit: type=1400 audit(1771755648.861:334): avc: denied { sqpoll } for pid=5985 comm="syz.3.964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 97.230663][ T5989] sctp: [Deprecated]: syz.3.964 (pid 5989) Use of int in max_burst socket option. [ 97.230663][ T5989] Use struct sctp_assoc_value instead [ 97.268111][ T6000] FAULT_INJECTION: forcing a failure. [ 97.268111][ T6000] name failslab, interval 1, probability 0, space 0, times 0 [ 97.282387][ T28] audit: type=1400 audit(1771755648.901:335): avc: denied { ioctl } for pid=5985 comm="syz.3.964" path="socket:[14505]" dev="sockfs" ino=14505 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 97.306925][ T6000] CPU: 0 UID: 0 PID: 6000 Comm: syz.4.969 Not tainted syzkaller #0 PREEMPT(full) [ 97.307004][ T6000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 97.307015][ T6000] Call Trace: [ 97.307023][ T6000] [ 97.307031][ T6000] __dump_stack+0x1d/0x30 [ 97.307058][ T6000] dump_stack_lvl+0x95/0xd0 [ 97.307081][ T6000] dump_stack+0x15/0x1b [ 97.307102][ T6000] should_fail_ex+0x263/0x280 [ 97.307181][ T6000] should_failslab+0x8c/0xb0 [ 97.307248][ T6000] kmem_cache_alloc_node_noprof+0x6d/0x460 [ 97.307271][ T6000] ? __alloc_skb+0x2d6/0x690 [ 97.307354][ T6000] __alloc_skb+0x2d6/0x690 [ 97.307385][ T6000] ? __alloc_skb+0x200/0x690 [ 97.307406][ T6000] l2tp_nl_cmd_tunnel_delete+0x79/0x130 [ 97.307491][ T6000] genl_family_rcv_msg_doit+0x187/0x1f0 [ 97.307527][ T6000] genl_rcv_msg+0x432/0x470 [ 97.307628][ T6000] ? __pfx_l2tp_nl_cmd_tunnel_delete+0x10/0x10 [ 97.307657][ T6000] netlink_rcv_skb+0x123/0x220 [ 97.307681][ T6000] ? __pfx_genl_rcv_msg+0x10/0x10 [ 97.307818][ T6000] genl_rcv+0x28/0x40 [ 97.307878][ T6000] netlink_unicast+0x5c0/0x690 [ 97.307902][ T6000] netlink_sendmsg+0x5c8/0x6f0 [ 97.307930][ T6000] ? __pfx_netlink_sendmsg+0x10/0x10 [ 97.307956][ T6000] ____sys_sendmsg+0x5af/0x600 [ 97.308015][ T6000] ___sys_sendmsg+0x195/0x1e0 [ 97.308049][ T6000] __x64_sys_sendmsg+0xd4/0x160 [ 97.308078][ T6000] x64_sys_call+0x194c/0x3020 [ 97.308103][ T6000] do_syscall_64+0x12c/0x370 [ 97.308213][ T6000] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.308235][ T6000] RIP: 0033:0x7f892eb5c629 [ 97.308252][ T6000] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 97.308269][ T6000] RSP: 002b:00007f892d5af028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 97.308289][ T6000] RAX: ffffffffffffffda RBX: 00007f892edd5fa0 RCX: 00007f892eb5c629 [ 97.308314][ T6000] RDX: 0000000000000040 RSI: 0000200000000440 RDI: 0000000000000004 [ 97.308327][ T6000] RBP: 00007f892d5af090 R08: 0000000000000000 R09: 0000000000000000 [ 97.308340][ T6000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.308353][ T6000] R13: 00007f892edd6038 R14: 00007f892edd5fa0 R15: 00007ffd3cc110d8 [ 97.308372][ T6000] [ 97.331094][ T5997] set_capacity_and_notify: 5 callbacks suppressed [ 97.331112][ T5997] loop1: detected capacity change from 0 to 2048 [ 97.395958][ T6009] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6009 comm=syz.0.972 [ 97.403850][ T5997] EXT4-fs: test_dummy_encryption option not supported [ 97.523895][ T6012] netlink: 'syz.0.974': attribute type 25 has an invalid length. [ 97.584624][ T5997] loop1: detected capacity change from 0 to 128 [ 97.619789][ T5997] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 97.643095][ T6016] loop2: detected capacity change from 0 to 256 [ 97.644111][ T5997] FAT-fs (loop1): Filesystem has been set read-only [ 97.651972][ T6014] loop4: detected capacity change from 0 to 256 [ 97.682529][ T6016] FAULT_INJECTION: forcing a failure. [ 97.682529][ T6016] name failslab, interval 1, probability 0, space 0, times 0 [ 97.702650][ T6016] CPU: 0 UID: 0 PID: 6016 Comm: syz.2.975 Not tainted syzkaller #0 PREEMPT(full) [ 97.702676][ T6016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 97.702688][ T6016] Call Trace: [ 97.702695][ T6016] [ 97.702703][ T6016] __dump_stack+0x1d/0x30 [ 97.702787][ T6016] dump_stack_lvl+0x95/0xd0 [ 97.702807][ T6016] dump_stack+0x15/0x1b [ 97.702876][ T6016] should_fail_ex+0x263/0x280 [ 97.702897][ T6016] ? vfat_add_entry+0x17e/0x2280 [ 97.702999][ T6016] should_failslab+0x8c/0xb0 [ 97.703016][ T6016] __kmalloc_cache_noprof+0x5f/0x410 [ 97.703039][ T6016] vfat_add_entry+0x17e/0x2280 [ 97.703066][ T6016] ? avc_has_perm_noaudit+0xab/0x130 [ 97.703114][ T6016] vfat_create+0xb2/0x1b0 [ 97.703179][ T6016] vfs_create+0x1f4/0x300 [ 97.703266][ T6016] filename_mknodat+0x296/0x450 [ 97.703293][ T6016] __se_sys_mknod+0x37/0xf0 [ 97.703341][ T6016] __x64_sys_mknod+0x43/0x50 [ 97.703370][ T6016] x64_sys_call+0x2acd/0x3020 [ 97.703452][ T6016] do_syscall_64+0x12c/0x370 [ 97.703487][ T6016] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.703556][ T6016] RIP: 0033:0x7fa8e1d7c629 [ 97.703572][ T6016] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 97.703587][ T6016] RSP: 002b:00007fa8e07cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 97.703674][ T6016] RAX: ffffffffffffffda RBX: 00007fa8e1ff5fa0 RCX: 00007fa8e1d7c629 [ 97.703687][ T6016] RDX: 0000000000000704 RSI: 0000000000008000 RDI: 0000200000000040 [ 97.703700][ T6016] RBP: 00007fa8e07cf090 R08: 0000000000000000 R09: 0000000000000000 [ 97.703711][ T6016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.703723][ T6016] R13: 00007fa8e1ff6038 R14: 00007fa8e1ff5fa0 R15: 00007ffdd3e00428 [ 97.703743][ T6016] [ 98.057825][ T6029] loop1: detected capacity change from 0 to 512 [ 98.093416][ T6027] loop4: detected capacity change from 0 to 512 [ 98.128561][ T6029] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -13 [ 98.138963][ T6035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 98.139052][ T6029] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #13: comm syz.1.978: iget: bad i_size value: 12154757448730 [ 98.164261][ T6029] loop1: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 98.164473][ T6029] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.978: couldn't read orphan inode 13 (err -117) [ 98.173699][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 98.173725][ C0] EXT4-fs (loop1): initial error at time 1771755649: ext4_orphan_get:1391: inode 13 [ 98.173766][ C0] EXT4-fs (loop1): last error at time 1771755649: ext4_orphan_get:1391: inode 13 [ 98.181879][ T6035] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 98.229827][ T6027] ext4 filesystem being mounted at /203/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 98.240645][ T6029] fserror_report: 12 callbacks suppressed [ 98.240677][ T6029] loop1: lost filesystem error report for type 5 error -117 [ 98.289373][ T30] Bluetooth: hci0: Frame reassembly failed (-84) [ 98.373400][ T6047] loop3: detected capacity change from 0 to 2048 [ 98.405453][ T6047] EXT4-fs: test_dummy_encryption option not supported [ 98.410395][ T6050] loop1: detected capacity change from 0 to 1024 [ 98.421459][ T6050] EXT4-fs: inline encryption not supported [ 98.451607][ T6050] EXT4-fs: Ignoring removed nomblk_io_submit option [ 98.459115][ T6050] EXT4-fs: Ignoring removed nobh option [ 98.469681][ T6050] EXT4-fs: Ignoring removed bh option [ 98.553401][ T6060] netlink: 'syz.3.993': attribute type 25 has an invalid length. [ 98.713571][ T6065] loop1: detected capacity change from 0 to 512 [ 98.736838][ T6069] FAULT_INJECTION: forcing a failure. [ 98.736838][ T6069] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 98.781059][ T6065] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 98.797769][ T6069] CPU: 0 UID: 0 PID: 6069 Comm: syz.3.998 Not tainted syzkaller #0 PREEMPT(full) [ 98.797797][ T6069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 98.797807][ T6069] Call Trace: [ 98.797813][ T6069] [ 98.797821][ T6069] __dump_stack+0x1d/0x30 [ 98.797916][ T6069] dump_stack_lvl+0x95/0xd0 [ 98.797941][ T6069] dump_stack+0x15/0x1b [ 98.797963][ T6069] should_fail_ex+0x263/0x280 [ 98.797987][ T6069] should_fail+0xb/0x20 [ 98.798088][ T6069] should_fail_usercopy+0x1a/0x20 [ 98.798112][ T6069] _copy_from_iter+0xcf/0xea0 [ 98.798178][ T6069] ? __alloc_skb+0x4f6/0x690 [ 98.798202][ T6069] ? __alloc_skb+0x200/0x690 [ 98.798226][ T6069] netlink_sendmsg+0x4ae/0x6f0 [ 98.798269][ T6069] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.798298][ T6069] ____sys_sendmsg+0x5af/0x600 [ 98.798329][ T6069] ___sys_sendmsg+0x195/0x1e0 [ 98.798365][ T6069] __x64_sys_sendmsg+0xd4/0x160 [ 98.798495][ T6069] x64_sys_call+0x194c/0x3020 [ 98.798588][ T6069] do_syscall_64+0x12c/0x370 [ 98.798619][ T6069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.798640][ T6069] RIP: 0033:0x7f055fadc629 [ 98.798655][ T6069] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 98.798671][ T6069] RSP: 002b:00007f055e52f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 98.798827][ T6069] RAX: ffffffffffffffda RBX: 00007f055fd55fa0 RCX: 00007f055fadc629 [ 98.798842][ T6069] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 98.798857][ T6069] RBP: 00007f055e52f090 R08: 0000000000000000 R09: 0000000000000000 [ 98.798870][ T6069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 98.798884][ T6069] R13: 00007f055fd56038 R14: 00007f055fd55fa0 R15: 00007ffe372dd498 [ 98.798905][ T6069] [ 99.088136][ T69] kworker/u8:4 invoked oom-killer: gfp_mask=0x100c0a(GFP_NOIO|__GFP_HIGHMEM|__GFP_MOVABLE|__GFP_HARDWALL), order=0, oom_score_adj=0 [ 99.181620][ T69] CPU: 1 UID: 0 PID: 69 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(full) [ 99.181651][ T69] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 99.181665][ T69] Workqueue: loop1 loop_rootcg_workfn [ 99.181691][ T69] Call Trace: [ 99.181696][ T69] [ 99.181702][ T69] __dump_stack+0x1d/0x30 [ 99.181743][ T69] dump_stack_lvl+0x95/0xd0 [ 99.181820][ T69] dump_stack+0x15/0x1b [ 99.181888][ T69] dump_header+0x80/0x240 [ 99.181910][ T69] oom_kill_process+0x295/0x350 [ 99.181930][ T69] out_of_memory+0x97d/0xb80 [ 99.181949][ T69] try_charge_memcg+0x62e/0xa10 [ 99.182031][ T69] mem_cgroup_swapin_charge_folio+0x103/0x1f0 [ 99.182059][ T69] __swap_cache_prepare_and_add+0x386/0x530 [ 99.182131][ T69] swap_cache_alloc_folio+0xa2/0x120 [ 99.182159][ T69] swap_cluster_readahead+0x26e/0x3d0 [ 99.182185][ T69] shmem_swapin_folio+0x951/0x1360 [ 99.182227][ T69] ? __rcu_read_unlock+0x4e/0x70 [ 99.182302][ T69] ? filemap_get_entry+0x392/0x3d0 [ 99.182322][ T69] shmem_get_folio_gfp+0x278/0xd60 [ 99.182353][ T69] shmem_file_read_iter+0x10d/0x540 [ 99.182466][ T69] lo_rw_aio+0x67d/0x730 [ 99.182501][ T69] loop_process_work+0x56c/0xac0 [ 99.182603][ T69] ? __rcu_read_unlock+0x4e/0x70 [ 99.182624][ T69] ? __perf_event_task_sched_in+0xa65/0xad0 [ 99.182646][ T69] ? __list_add_valid_or_report+0x38/0xe0 [ 99.182721][ T69] ? xfd_validate_state+0x45/0xf0 [ 99.182751][ T69] ? save_fpregs_to_fpstate+0x100/0x150 [ 99.182819][ T69] loop_rootcg_workfn+0x22/0x30 [ 99.182840][ T69] process_scheduled_works+0x4de/0x9e0 [ 99.182875][ T69] worker_thread+0x581/0x770 [ 99.182907][ T69] ? __pfx_worker_thread+0x10/0x10 [ 99.182966][ T69] kthread+0x22a/0x280 [ 99.182988][ T69] ? __pfx_kthread+0x10/0x10 [ 99.183008][ T69] ret_from_fork+0x150/0x360 [ 99.183038][ T69] ? __pfx_kthread+0x10/0x10 [ 99.183090][ T69] ret_from_fork_asm+0x1a/0x30 [ 99.183123][ T69] [ 99.183131][ T69] memory: usage 265600kB, limit 307200kB, failcnt 2172 [ 99.195260][ T6083] FAULT_INJECTION: forcing a failure. [ 99.195260][ T6083] name failslab, interval 1, probability 0, space 0, times 0 [ 99.238653][ T69] memory+swap: usage 229116kB, limit 9007199254740988kB, failcnt 0 [ 99.238672][ T69] kmem: usage 219156kB, limit 9007199254740988kB, failcnt 0 [ 99.238683][ T69] Memory cgroup stats for /syz1: [ 99.238990][ T69] cache 536576 [ 99.338957][ T6083] CPU: 0 UID: 0 PID: 6083 Comm: syz.4.1004 Not tainted syzkaller #0 PREEMPT(full) [ 99.338984][ T6083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 99.338996][ T6083] Call Trace: [ 99.339004][ T6083] [ 99.339013][ T6083] __dump_stack+0x1d/0x30 [ 99.339040][ T6083] dump_stack_lvl+0x95/0xd0 [ 99.339073][ T6083] dump_stack+0x15/0x1b [ 99.339094][ T6083] should_fail_ex+0x263/0x280 [ 99.339115][ T6083] ? nfnetlink_rcv+0xa66/0x1720 [ 99.339210][ T6083] should_failslab+0x8c/0xb0 [ 99.339231][ T6083] __kmalloc_cache_noprof+0x5f/0x410 [ 99.339256][ T6083] nfnetlink_rcv+0xa66/0x1720 [ 99.339292][ T6083] netlink_unicast+0x5c0/0x690 [ 99.339316][ T6083] netlink_sendmsg+0x5c8/0x6f0 [ 99.339420][ T6083] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.339449][ T6083] ____sys_sendmsg+0x5af/0x600 [ 99.339478][ T6083] ___sys_sendmsg+0x195/0x1e0 [ 99.339514][ T6083] __x64_sys_sendmsg+0xd4/0x160 [ 99.339576][ T6083] x64_sys_call+0x194c/0x3020 [ 99.339602][ T6083] do_syscall_64+0x12c/0x370 [ 99.339636][ T6083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.339659][ T6083] RIP: 0033:0x7f892eb5c629 [ 99.339706][ T6083] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 99.339724][ T6083] RSP: 002b:00007f892d5af028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.339753][ T6083] RAX: ffffffffffffffda RBX: 00007f892edd5fa0 RCX: 00007f892eb5c629 [ 99.339768][ T6083] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 99.339796][ T6083] RBP: 00007f892d5af090 R08: 0000000000000000 R09: 0000000000000000 [ 99.339809][ T6083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.339822][ T6083] R13: 00007f892edd6038 R14: 00007f892edd5fa0 R15: 00007ffd3cc110d8 [ 99.339841][ T6083] [ 99.614048][ T6079] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.621654][ T6079] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.629910][ T69] rss 32768 [ 99.633130][ T69] shmem 0 [ 99.644986][ T69] mapped_file 65536 [ 99.658412][ T69] dirty 0 [ 99.667105][ T69] writeback 0 [ 99.671113][ T69] workingset_refault_anon 18 [ 99.682360][ T69] workingset_refault_file 448 [ 99.693044][ T69] swap 9506816 [ 99.697990][ T69] swapcached 9580544 [ 99.704534][ T69] pgpgin 113145 [ 99.708381][ T69] pgpgout 112996 [ 99.714232][ T69] pgfault 77135 [ 99.728829][ T69] pgmajfault 15 [ 99.735983][ T69] inactive_anon 40960 [ 99.740474][ T69] active_anon 32768 [ 99.744573][ T69] inactive_file 4096 [ 99.744974][ T6079] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 99.749477][ T69] active_file 532480 [ 99.760526][ T69] unevictable 0 [ 99.762791][ T6079] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 99.764085][ T69] hierarchical_memory_limit 314572800 [ 99.777528][ T69] hierarchical_memsw_limit 9223372036854771712 [ 99.784018][ T69] total_cache 536576 [ 99.788203][ T69] total_rss 32768 [ 99.792193][ T69] total_shmem 0 [ 99.795718][ T69] total_mapped_file 65536 [ 99.801130][ T69] total_dirty 0 [ 99.804707][ T69] total_writeback 0 [ 99.808539][ T69] total_workingset_refault_anon 18 [ 99.813989][ T69] total_workingset_refault_file 448 [ 99.819348][ T69] total_swap 9506816 [ 99.823455][ T69] total_swapcached 9580544 [ 99.828057][ T69] total_pgpgin 113145 [ 99.832342][ T69] total_pgpgout 112996 [ 99.836452][ T69] total_pgfault 77135 [ 99.840579][ T69] total_pgmajfault 15 [ 99.844585][ T69] total_inactive_anon 40960 [ 99.849242][ T69] total_active_anon 32768 [ 99.853663][ T69] total_inactive_file 4096 [ 99.858309][ T69] total_active_file 532480 [ 99.862883][ T69] total_unevictable 0 [ 99.866921][ T69] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.384,pid=4566,uid=0 [ 99.881626][ T69] Memory cgroup out of memory: Killed process 4566 (syz.1.384) total-vm:98528kB, anon-rss:1220kB, file-rss:24896kB, shmem-rss:0kB, UID:0 pgtables:104kB oom_score_adj:1000 [ 99.901326][ T6088] syzkaller1: entered promiscuous mode [ 99.906911][ T6088] syzkaller1: entered allmulticast mode [ 99.916220][ T12] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.930710][ T12] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.942539][ T6065] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.995: invalid indirect mapped block 4294967295 (level 1) [ 99.980410][ T6065] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 99.983694][ T6065] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.995: invalid indirect mapped block 4294967295 (level 1) [ 99.994023][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 99.994082][ C0] EXT4-fs (loop1): initial error at time 1771755651: ext4_free_branches:1023: inode 11 [ 99.994162][ C0] EXT4-fs (loop1): last error at time 1771755651: ext4_free_branches:1023: inode 11 [ 100.036694][ T12] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.040243][ T6065] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 100.049810][ T6065] EXT4-fs (loop1): 2 truncates cleaned up [ 100.056081][ T12] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.080387][ T6100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 100.089510][ T6100] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 100.100295][ T6102] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1007'. [ 100.111729][ T6102] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1007'. [ 100.212413][ T6106] netlink: 'syz.0.1011': attribute type 24 has an invalid length. [ 100.322001][ T6110] loop1: detected capacity change from 0 to 512 [ 100.328943][ T43] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 100.335262][ T3544] Bluetooth: hci0: command 0x1003 tx timeout [ 100.394732][ T6110] ext4 filesystem being mounted at /195/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 100.409689][ T6110] FAULT_INJECTION: forcing a failure. [ 100.409689][ T6110] name failslab, interval 1, probability 0, space 0, times 0 [ 100.423698][ T6110] CPU: 0 UID: 0 PID: 6110 Comm: syz.1.1012 Not tainted syzkaller #0 PREEMPT(full) [ 100.423728][ T6110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 100.423741][ T6110] Call Trace: [ 100.423748][ T6110] [ 100.423756][ T6110] __dump_stack+0x1d/0x30 [ 100.423784][ T6110] dump_stack_lvl+0x95/0xd0 [ 100.423877][ T6110] dump_stack+0x15/0x1b [ 100.423900][ T6110] should_fail_ex+0x263/0x280 [ 100.423975][ T6110] should_failslab+0x8c/0xb0 [ 100.423992][ T6110] kmem_cache_alloc_noprof+0x66/0x400 [ 100.424010][ T6110] ? __es_insert_extent+0x508/0xee0 [ 100.424103][ T6110] __es_insert_extent+0x508/0xee0 [ 100.424130][ T6110] ? irqentry_exit+0x91/0x520 [ 100.424155][ T6110] ? sysvec_apic_timer_interrupt+0x44/0x80 [ 100.424195][ T6110] ext4_es_cache_extent+0x37e/0x5d0 [ 100.424227][ T6110] ext4_find_extent+0x341/0x790 [ 100.424250][ T6110] ext4_ext_map_blocks+0x10d/0x2fb0 [ 100.424338][ T6110] ? perf_cgroup_set_timestamp+0xfe/0x120 [ 100.424368][ T6110] ? irqentry_exit+0x91/0x520 [ 100.424389][ T6110] ? ctx_sched_in+0x3e9/0x410 [ 100.424416][ T6110] ext4_map_query_blocks+0xb2/0x550 [ 100.424447][ T6110] ? ext4_es_lookup_extent+0x3ae/0x570 [ 100.424537][ T6110] ? __get_user_nocheck_8+0x6/0x20 [ 100.424623][ T6110] ext4_map_blocks+0x306/0x970 [ 100.424649][ T6110] ext4_getblk+0x128/0x530 [ 100.424679][ T6110] ext4_bread_batch+0x5c/0x320 [ 100.424726][ T6110] __ext4_find_entry+0x852/0xdf0 [ 100.424753][ T6110] ? kmem_cache_alloc_lru_noprof+0x1eb/0x410 [ 100.424776][ T6110] ? __d_alloc+0x37/0x340 [ 100.424853][ T6110] ? d_alloc_parallel+0xc01/0xce0 [ 100.424947][ T6110] ext4_lookup+0xcd/0x3a0 [ 100.425001][ T6110] __lookup_slow+0x19d/0x260 [ 100.425034][ T6110] lookup_slow+0x3c/0x60 [ 100.425059][ T6110] link_path_walk+0x946/0xe30 [ 100.425109][ T6110] path_openat+0x1c6/0x2050 [ 100.425138][ T6110] ? rb_next+0x5c/0x80 [ 100.425183][ T6110] ? visit_groups_merge+0xf7e/0xfd0 [ 100.425208][ T6110] do_file_open+0x16c/0x290 [ 100.425241][ T6110] do_sys_openat2+0x94/0x130 [ 100.425333][ T6110] __x64_sys_creat+0x65/0x90 [ 100.425360][ T6110] x64_sys_call+0x2ea0/0x3020 [ 100.425384][ T6110] do_syscall_64+0x12c/0x370 [ 100.425411][ T6110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.425433][ T6110] RIP: 0033:0x7f9111cec629 [ 100.425547][ T6110] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 100.425580][ T6110] RSP: 002b:00007f9110747028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 100.425602][ T6110] RAX: ffffffffffffffda RBX: 00007f9111f65fa0 RCX: 00007f9111cec629 [ 100.425653][ T6110] RDX: 0000000000000000 RSI: 0000000000000090 RDI: 0000200000000080 [ 100.425666][ T6110] RBP: 00007f9110747090 R08: 0000000000000000 R09: 0000000000000000 [ 100.425680][ T6110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.425693][ T6110] R13: 00007f9111f66038 R14: 00007f9111f65fa0 R15: 00007ffdc35f8cc8 [ 100.425713][ T6110] [ 100.950437][ T3320] EXT4-fs unmount: 44 callbacks suppressed [ 100.950454][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.966396][ T6123] FAULT_INJECTION: forcing a failure. [ 100.966396][ T6123] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 100.991836][ T6123] CPU: 1 UID: 0 PID: 6123 Comm: syz.4.1017 Not tainted syzkaller #0 PREEMPT(full) [ 100.991931][ T6123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 100.991943][ T6123] Call Trace: [ 100.991950][ T6123] [ 100.991958][ T6123] __dump_stack+0x1d/0x30 [ 100.991984][ T6123] dump_stack_lvl+0x95/0xd0 [ 100.992082][ T6123] dump_stack+0x15/0x1b [ 100.992104][ T6123] should_fail_ex+0x263/0x280 [ 100.992127][ T6123] should_fail+0xb/0x20 [ 100.992143][ T6123] should_fail_usercopy+0x1a/0x20 [ 100.992199][ T6123] _copy_from_user+0x1c/0xb0 [ 100.992224][ T6123] __sys_bpf+0x183/0x7e0 [ 100.992252][ T6123] __x64_sys_bpf+0x41/0x50 [ 100.992285][ T6123] x64_sys_call+0x10cb/0x3020 [ 100.992378][ T6123] do_syscall_64+0x12c/0x370 [ 100.992412][ T6123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.992498][ T6123] RIP: 0033:0x7f892eb5c629 [ 100.992544][ T6123] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 100.992564][ T6123] RSP: 002b:00007f892d5af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 100.992585][ T6123] RAX: ffffffffffffffda RBX: 00007f892edd5fa0 RCX: 00007f892eb5c629 [ 100.992600][ T6123] RDX: 0000000000000028 RSI: 0000200000000000 RDI: 0000000000000012 [ 100.992613][ T6123] RBP: 00007f892d5af090 R08: 0000000000000000 R09: 0000000000000000 [ 100.992627][ T6123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.992701][ T6123] R13: 00007f892edd6038 R14: 00007f892edd5fa0 R15: 00007ffd3cc110d8 [ 100.992721][ T6123] [ 101.207418][ T6127] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.273847][ T6131] EXT4-fs error (device loop3): ext4_iget_extra_inode:5025: inode #15: comm syz.3.1020: corrupted in-inode xattr: e_value out of bounds [ 101.290381][ T6131] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 101.298849][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 101.305031][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.308089][ C1] EXT4-fs (loop3): initial error at time 1771755652: ext4_iget_extra_inode:5025: inode 15 [ 101.308116][ C1] EXT4-fs (loop3): last error at time 1771755652: ext4_iget_extra_inode:5025 [ 101.318315][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.324201][ C1] : inode 15 [ 101.348856][ T6131] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1020: couldn't read orphan inode 15 (err -117) [ 101.372545][ T6131] loop3: lost filesystem error report for type 5 error -117 [ 101.396187][ T6131] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.464403][ T6139] EXT4-fs: test_dummy_encryption option not supported [ 101.509790][ T6147] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 101.524623][ T6150] netlink: 'syz.2.1028': attribute type 24 has an invalid length. [ 101.540211][ T6147] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 101.558777][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 101.558793][ T28] audit: type=1400 audit(1771755653.221:340): avc: denied { map } for pid=6151 comm="syz.4.1029" path="/proc/516/pagemap" dev="proc" ino=14891 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 101.621717][ T6158] netlink: 'syz.4.1031': attribute type 25 has an invalid length. [ 101.630206][ T28] audit: type=1400 audit(1771755653.261:341): avc: denied { create } for pid=6153 comm="syz.1.1030" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 101.699047][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.726253][ T6168] FAULT_INJECTION: forcing a failure. [ 101.726253][ T6168] name failslab, interval 1, probability 0, space 0, times 0 [ 101.739562][ T6168] CPU: 0 UID: 0 PID: 6168 Comm: syz.1.1035 Not tainted syzkaller #0 PREEMPT(full) [ 101.739709][ T6168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 101.739731][ T6168] Call Trace: [ 101.739737][ T6168] [ 101.739747][ T6168] __dump_stack+0x1d/0x30 [ 101.739832][ T6168] dump_stack_lvl+0x95/0xd0 [ 101.739857][ T6168] dump_stack+0x15/0x1b [ 101.739900][ T6168] should_fail_ex+0x263/0x280 [ 101.739959][ T6168] should_failslab+0x8c/0xb0 [ 101.739982][ T6168] kmem_cache_alloc_noprof+0x66/0x400 [ 101.740055][ T6168] ? skb_clone+0x151/0x1f0 [ 101.740129][ T6168] skb_clone+0x151/0x1f0 [ 101.740155][ T6168] nfnetlink_rcv+0x316/0x1720 [ 101.740176][ T6168] ? nlmon_xmit+0x4f/0x60 [ 101.740249][ T6168] ? consume_skb+0x4b/0x160 [ 101.740286][ T6168] ? nlmon_xmit+0x4f/0x60 [ 101.740322][ T6168] ? dev_hard_start_xmit+0x3b9/0x3f0 [ 101.740347][ T6168] ? __dev_queue_xmit+0x1393/0x1f40 [ 101.740394][ T6168] ? __dev_queue_xmit+0x148/0x1f40 [ 101.740459][ T6168] ? ref_tracker_free+0x37d/0x3e0 [ 101.740557][ T6168] netlink_unicast+0x5c0/0x690 [ 101.740648][ T6168] netlink_sendmsg+0x5c8/0x6f0 [ 101.740674][ T6168] ? __pfx_netlink_sendmsg+0x10/0x10 [ 101.740786][ T6168] ____sys_sendmsg+0x5af/0x600 [ 101.740824][ T6168] ___sys_sendmsg+0x195/0x1e0 [ 101.740893][ T6168] __x64_sys_sendmsg+0xd4/0x160 [ 101.740920][ T6168] x64_sys_call+0x194c/0x3020 [ 101.740944][ T6168] do_syscall_64+0x12c/0x370 [ 101.741023][ T6168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.741044][ T6168] RIP: 0033:0x7f9111cec629 [ 101.741061][ T6168] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 101.741081][ T6168] RSP: 002b:00007f9110747028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 101.741146][ T6168] RAX: ffffffffffffffda RBX: 00007f9111f65fa0 RCX: 00007f9111cec629 [ 101.741162][ T6168] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 101.741177][ T6168] RBP: 00007f9110747090 R08: 0000000000000000 R09: 0000000000000000 [ 101.741247][ T6168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 101.741259][ T6168] R13: 00007f9111f66038 R14: 00007f9111f65fa0 R15: 00007ffdc35f8cc8 [ 101.741276][ T6168] [ 101.983607][ T6159] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 101.997135][ T6159] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 102.267139][ T6180] FAULT_INJECTION: forcing a failure. [ 102.267139][ T6180] name failslab, interval 1, probability 0, space 0, times 0 [ 102.574119][ T6186] set_capacity_and_notify: 5 callbacks suppressed [ 102.574140][ T6186] loop1: detected capacity change from 0 to 1024 [ 102.590632][ T6180] CPU: 0 UID: 0 PID: 6180 Comm: syz.3.1039 Not tainted syzkaller #0 PREEMPT(full) [ 102.590657][ T6180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 102.590667][ T6180] Call Trace: [ 102.590696][ T6180] [ 102.590705][ T6180] __dump_stack+0x1d/0x30 [ 102.590811][ T6180] dump_stack_lvl+0x95/0xd0 [ 102.590831][ T6180] dump_stack+0x15/0x1b [ 102.590853][ T6180] should_fail_ex+0x263/0x280 [ 102.590909][ T6180] ? nft_trans_table_add+0x36/0x190 [ 102.590939][ T6180] should_failslab+0x8c/0xb0 [ 102.590961][ T6180] __kmalloc_cache_noprof+0x5f/0x410 [ 102.591030][ T6180] nft_trans_table_add+0x36/0x190 [ 102.591058][ T6180] nf_tables_newtable+0x955/0xea0 [ 102.591088][ T6180] nfnetlink_rcv+0xc1e/0x1720 [ 102.591161][ T6180] netlink_unicast+0x5c0/0x690 [ 102.591188][ T6180] netlink_sendmsg+0x5c8/0x6f0 [ 102.591212][ T6180] ? __pfx_netlink_sendmsg+0x10/0x10 [ 102.591235][ T6180] ____sys_sendmsg+0x5af/0x600 [ 102.591314][ T6180] ___sys_sendmsg+0x195/0x1e0 [ 102.591345][ T6180] __x64_sys_sendmsg+0xd4/0x160 [ 102.591370][ T6180] x64_sys_call+0x194c/0x3020 [ 102.591423][ T6180] do_syscall_64+0x12c/0x370 [ 102.591460][ T6180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.591484][ T6180] RIP: 0033:0x7f055fadc629 [ 102.591501][ T6180] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 102.591574][ T6180] RSP: 002b:00007f055e52f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 102.591594][ T6180] RAX: ffffffffffffffda RBX: 00007f055fd55fa0 RCX: 00007f055fadc629 [ 102.591609][ T6180] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 102.591624][ T6180] RBP: 00007f055e52f090 R08: 0000000000000000 R09: 0000000000000000 [ 102.591638][ T6180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 102.591704][ T6180] R13: 00007f055fd56038 R14: 00007f055fd55fa0 R15: 00007ffe372dd498 [ 102.591724][ T6180] [ 102.651117][ T6189] netlink: 'syz.0.1043': attribute type 25 has an invalid length. [ 102.699914][ T6186] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 102.743103][ T6192] loop4: detected capacity change from 0 to 512 [ 102.839016][ T6198] loop3: detected capacity change from 0 to 512 [ 102.866779][ T6186] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.1041: Invalid block bitmap block 0 in block_group 0 [ 102.908133][ T6192] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.939259][ T6186] loop1: lost filesystem error report for type 5 error -117 [ 102.939478][ T6186] Quota error (device loop1): write_blk: dquota write failed [ 102.954321][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 102.954342][ C0] EXT4-fs (loop1): initial error at time 1771755654: ext4_read_block_bitmap_nowait:483 [ 102.954362][ C0] EXT4-fs (loop1): last error at time 1771755654: ext4_read_block_bitmap_nowait:483 [ 102.996507][ T6192] ext4 filesystem being mounted at /217/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 102.998757][ T6186] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 103.009129][ T6198] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.018476][ T6186] EXT4-fs error (device loop1): ext4_acquire_dquot:7001: comm syz.1.1041: Failed to acquire dquot type 0 [ 103.040659][ T6186] loop1: lost filesystem error report for type 5 error -117 [ 103.042272][ T6186] EXT4-fs error (device loop1): ext4_free_blocks:6725: comm syz.1.1041: Freeing blocks not in datazone - block = 0, count = 4096 [ 103.103443][ T6208] loop0: detected capacity change from 0 to 512 [ 103.113180][ T6208] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 103.120434][ T6186] loop1: lost filesystem error report for type 5 error -117 [ 103.128804][ T6208] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e12c, mo2=0002] [ 103.158902][ T6186] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.1041: Invalid inode bitmap blk 0 in block_group 0 [ 103.178714][ T12] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-7 [ 103.184971][ T6208] System zones: 1-12 [ 103.192159][ T6208] EXT4-fs (loop0): orphan cleanup on readonly fs [ 103.198749][ T28] audit: type=1400 audit(1771755654.841:342): avc: denied { getopt } for pid=6191 comm="syz.4.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 103.218932][ T12] EXT4-fs error (device loop1): ext4_release_dquot:7037: comm kworker/u8:0: Failed to release dquot type 0 [ 103.219479][ T6208] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1050: bg 0: block 361: padding at end of block bitmap is not set [ 103.243058][ T6186] loop1: lost filesystem error report for type 5 error -117 [ 103.244838][ T12] loop1: lost filesystem error report for type 5 error -117 [ 103.246910][ T6208] loop0: lost filesystem error report for type 5 error -117 [ 103.255595][ T6186] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem [ 103.262260][ T6208] EXT4-fs (loop0): Remounting filesystem read-only [ 103.275748][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 103.275774][ C1] EXT4-fs (loop0): initial error at time 1771755654: ext4_validate_block_bitmap:441 [ 103.275795][ C1] EXT4-fs (loop0): last error at time 1771755654: ext4_validate_block_bitmap:441 [ 103.283594][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.289414][ T6208] EXT4-fs (loop0): 1 truncate cleaned up [ 103.304652][ T6186] loop1: lost filesystem error report for type 5 error -117 [ 103.308625][ T6208] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 103.353232][ T6214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 103.358949][ T6186] EXT4-fs (loop1): 1 orphan inode deleted [ 103.366370][ T6214] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.379210][ T6186] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.393359][ T6217] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 103.395230][ T6208] EXT4-fs warning (device loop0): dx_probe:791: inode #2: lblock 0: comm syz.0.1050: error -117 reading directory block [ 103.401846][ T6217] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.431682][ T6208] EXT4-fs warning (device loop0): dx_probe:791: inode #2: lblock 0: comm syz.0.1050: error -117 reading directory block [ 103.460201][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 103.507779][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.544158][ T6221] loop1: detected capacity change from 0 to 2048 [ 103.558267][ T6221] EXT4-fs: test_dummy_encryption option not supported [ 103.964136][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.717811][ T6240] loop3: detected capacity change from 0 to 512 [ 104.751962][ T6240] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.819975][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.164273][ T6249] loop4: detected capacity change from 0 to 512 [ 105.177036][ T6249] loop4: detected capacity change from 0 to 128 [ 105.194705][ T6249] vfat: Unknown parameter '' [ 105.208408][ T28] audit: type=1400 audit(1771755656.871:343): avc: denied { setattr } for pid=6247 comm="syz.4.1057" name="task" dev="proc" ino=15050 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 105.266191][ T6258] netlink: 'syz.3.1069': attribute type 12 has an invalid length. [ 105.277653][ T6258] netlink: 'syz.3.1069': attribute type 29 has an invalid length. [ 105.290006][ T6258] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1069'. [ 105.304771][ T6258] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1069'. [ 105.314097][ T6258] netlink: 'syz.3.1069': attribute type 8 has an invalid length. [ 105.352513][ T6262] loop3: detected capacity change from 0 to 512 [ 105.360520][ T6262] EXT4-fs: Ignoring removed nobh option [ 105.379305][ T6262] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 105.390874][ T6262] EXT4-fs (loop3): 1 truncate cleaned up [ 105.396955][ T6262] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.420070][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.738863][ T6267] syzkaller1: left promiscuous mode [ 105.845464][ T6267] syzkaller1: left allmulticast mode [ 106.095946][ T6277] netlink: 'syz.3.1076': attribute type 25 has an invalid length. [ 106.102145][ T28] audit: type=1400 audit(1771755657.571:344): avc: denied { watch watch_reads } for pid=6265 comm="syz.3.1072" path="/228" dev="tmpfs" ino=1193 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 106.199970][ T6285] loop1: detected capacity change from 0 to 128 [ 106.242436][ T6285] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 106.253058][ T6283] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 106.267545][ T6291] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1083'. [ 106.267798][ T6285] FAT-fs (loop1): Filesystem has been set read-only [ 106.287681][ T6283] EXT4-fs (loop4): 1 truncate cleaned up [ 106.303270][ T6289] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.309420][ T6283] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.316853][ T6289] ext4 filesystem being mounted at /198/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.351667][ T28] audit: type=1400 audit(1771755658.021:345): avc: denied { setattr } for pid=6282 comm="syz.4.1079" path="/222/bus" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 106.376351][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.463885][ T6303] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.501984][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.573514][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.607323][ T6317] netlink: 'syz.0.1092': attribute type 25 has an invalid length. [ 106.657029][ T6323] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1095'. [ 106.673328][ T6325] EXT4-fs: Ignoring removed oldalloc option [ 106.680133][ T6325] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 106.702567][ T6325] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.1096: iget: bogus i_mode (4) [ 106.707227][ T6328] netlink: 'syz.4.1097': attribute type 25 has an invalid length. [ 106.720797][ T6325] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 106.722090][ T43] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 106.723058][ T6325] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.1096: couldn't read orphan inode 15 (err -117) [ 106.731246][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 106.731267][ C1] EXT4-fs (loop1): initial error at time 1771755658: ext4_orphan_get:1391: inode 15 [ 106.731300][ C1] EXT4-fs (loop1): last error at time 1771755658: ext4_orphan_get:1391: inode 15 [ 106.785442][ T6330] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.798950][ T6325] loop1: lost filesystem error report for type 5 error -117 [ 106.801599][ T6325] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.856554][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.869335][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.917331][ T6340] FAULT_INJECTION: forcing a failure. [ 106.917331][ T6340] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 106.948858][ T6346] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1104'. [ 106.961961][ T6340] CPU: 1 UID: 0 PID: 6340 Comm: syz.1.1101 Not tainted syzkaller #0 PREEMPT(full) [ 106.961991][ T6340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 106.962049][ T6340] Call Trace: [ 106.962055][ T6340] [ 106.962063][ T6340] __dump_stack+0x1d/0x30 [ 106.962086][ T6340] dump_stack_lvl+0x95/0xd0 [ 106.962161][ T6340] dump_stack+0x15/0x1b [ 106.962182][ T6340] should_fail_ex+0x263/0x280 [ 106.962202][ T6340] should_fail+0xb/0x20 [ 106.962257][ T6340] should_fail_usercopy+0x1a/0x20 [ 106.962281][ T6340] _copy_to_user+0x20/0xa0 [ 106.962303][ T6340] simple_read_from_buffer+0xb5/0x130 [ 106.962378][ T6340] proc_fail_nth_read+0x10e/0x150 [ 106.962407][ T6340] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 106.962499][ T6340] vfs_read+0x1ab/0x7f0 [ 106.962529][ T6340] ? __rcu_read_unlock+0x4e/0x70 [ 106.962551][ T6340] ? __fget_files+0x184/0x1c0 [ 106.962612][ T6340] ? mutex_lock+0x57/0x90 [ 106.962637][ T6340] ksys_read+0xdc/0x1a0 [ 106.962682][ T6340] __x64_sys_read+0x40/0x50 [ 106.962707][ T6340] x64_sys_call+0x2886/0x3020 [ 106.962766][ T6340] do_syscall_64+0x12c/0x370 [ 106.962804][ T6340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.962823][ T6340] RIP: 0033:0x7f9111cacece [ 106.962840][ T6340] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 106.962920][ T6340] RSP: 002b:00007f9110746fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 106.962938][ T6340] RAX: ffffffffffffffda RBX: 00007f91107476c0 RCX: 00007f9111cacece [ 106.962954][ T6340] RDX: 000000000000000f RSI: 00007f91107470a0 RDI: 0000000000000007 [ 106.962967][ T6340] RBP: 00007f9110747090 R08: 0000000000000000 R09: 0000000000000000 [ 106.962981][ T6340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 106.962994][ T6340] R13: 00007f9111f66038 R14: 00007f9111f65fa0 R15: 00007ffdc35f8cc8 [ 106.963082][ T6340] [ 107.208072][ T6356] netlink: 'syz.0.1107': attribute type 25 has an invalid length. [ 107.248666][ T6358] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 107.285554][ T6358] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.1108: Invalid block bitmap block 0 in block_group 0 [ 107.307811][ T6358] loop1: lost filesystem error report for type 5 error -117 [ 107.307991][ T6358] Quota error (device loop1): write_blk: dquota write failed [ 107.315368][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 107.315395][ C0] EXT4-fs (loop1): initial error at time 1771755658: ext4_read_block_bitmap_nowait:483 [ 107.315436][ C0] EXT4-fs (loop1): last error at time 1771755658: ext4_read_block_bitmap_nowait:483 [ 107.348756][ T6358] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 107.367255][ T6358] EXT4-fs error (device loop1): ext4_acquire_dquot:7001: comm syz.1.1108: Failed to acquire dquot type 0 [ 107.389940][ T6358] loop1: lost filesystem error report for type 5 error -117 [ 107.390201][ T6358] EXT4-fs error (device loop1): ext4_free_blocks:6725: comm syz.1.1108: Freeing blocks not in datazone - block = 0, count = 4096 [ 107.390449][ T6367] program syz.2.1112 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 107.397643][ T6358] loop1: lost filesystem error report for type 5 error -117 [ 107.419976][ T6358] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.1108: Invalid inode bitmap blk 0 in block_group 0 [ 107.443916][ T5834] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-7 [ 107.451156][ T6358] loop1: lost filesystem error report for type 5 error -117 [ 107.453158][ T6358] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem [ 107.453372][ T5834] EXT4-fs error (device loop1): ext4_release_dquot:7037: comm kworker/u8:8: Failed to release dquot type 0 [ 107.460773][ T6358] loop1: lost filesystem error report for type 5 error -117 [ 107.476314][ T28] audit: type=1400 audit(1771755659.141:346): avc: denied { associate } for pid=6366 comm="syz.2.1112" name="cgroup.controllers" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 107.496086][ T6358] EXT4-fs (loop1): 1 orphan inode deleted [ 107.511312][ T28] audit: type=1400 audit(1771755659.151:347): avc: denied { connect } for pid=6369 comm="syz.3.1113" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 107.525649][ T6358] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.564626][ T6372] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.595713][ T28] audit: type=1400 audit(1771755659.151:348): avc: denied { setopt } for pid=6369 comm="syz.3.1113" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 107.616994][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.645728][ T28] audit: type=1326 audit(1771755659.301:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6332 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f892eb5c629 code=0x7fc00000 [ 107.695214][ T28] audit: type=1326 audit(1771755659.301:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6332 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f892eb5c629 code=0x7fc00000 [ 107.721759][ T28] audit: type=1326 audit(1771755659.301:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6332 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f892eb5c629 code=0x7fc00000 [ 107.738399][ T6377] set_capacity_and_notify: 7 callbacks suppressed [ 107.738420][ T6377] loop2: detected capacity change from 0 to 512 [ 107.749407][ T28] audit: type=1326 audit(1771755659.301:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6332 comm="syz.4.1099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f892eb5c629 code=0x7fc00000 [ 107.753244][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.800631][ T6377] EXT4-fs error (device loop2): ext4_iget_extra_inode:5025: inode #15: comm syz.2.1117: corrupted in-inode xattr: e_value out of bounds [ 107.835616][ T6377] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 107.835830][ T6377] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1117: couldn't read orphan inode 15 (err -117) [ 107.838642][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 107.865091][ C0] EXT4-fs (loop2): initial error at time 1771755659: ext4_iget_extra_inode:5025: inode 15 [ 107.875619][ C0] EXT4-fs (loop2): last error at time 1771755659: ext4_orphan_get:1396 [ 107.899462][ T6377] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.963883][ T6394] netlink: 'syz.1.1121': attribute type 25 has an invalid length. [ 108.018868][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.062243][ T6401] team0: entered promiscuous mode [ 108.072708][ T6401] team_slave_0: entered promiscuous mode [ 108.078867][ T6401] team_slave_1: entered promiscuous mode [ 108.104281][ T6401] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 108.116371][ T6401] team0: Device macvlan2 is already an upper device of the team interface [ 108.133950][ T6401] team0: left promiscuous mode [ 108.139852][ T6401] team_slave_0: left promiscuous mode [ 108.145846][ T6401] team_slave_1: left promiscuous mode [ 108.197208][ T6414] loop3: detected capacity change from 0 to 512 [ 108.226120][ T6414] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.277589][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.375483][ T6422] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6422 comm=syz.3.1129 [ 108.391135][ T6422] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=5127 sclass=netlink_tcpdiag_socket pid=6422 comm=syz.3.1129 [ 108.587189][ T6428] syzkaller1: entered promiscuous mode [ 108.592939][ T6428] syzkaller1: entered allmulticast mode [ 108.661495][ T6430] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 108.670037][ T6430] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 108.705418][ T6433] netlink: 'syz.4.1133': attribute type 25 has an invalid length. [ 108.750846][ T6437] FAULT_INJECTION: forcing a failure. [ 108.750846][ T6437] name failslab, interval 1, probability 0, space 0, times 0 [ 108.764136][ T6437] CPU: 1 UID: 0 PID: 6437 Comm: syz.4.1135 Not tainted syzkaller #0 PREEMPT(full) [ 108.764204][ T6437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 108.764214][ T6437] Call Trace: [ 108.764222][ T6437] [ 108.764229][ T6437] __dump_stack+0x1d/0x30 [ 108.764257][ T6437] dump_stack_lvl+0x95/0xd0 [ 108.764390][ T6437] dump_stack+0x15/0x1b [ 108.764446][ T6437] should_fail_ex+0x263/0x280 [ 108.764460][ T6437] ? nft_trans_table_add+0x36/0x190 [ 108.764479][ T6437] should_failslab+0x8c/0xb0 [ 108.764493][ T6437] __kmalloc_cache_noprof+0x5f/0x410 [ 108.764545][ T6437] nft_trans_table_add+0x36/0x190 [ 108.764605][ T6437] nf_tables_newtable+0x955/0xea0 [ 108.764623][ T6437] nfnetlink_rcv+0xc1e/0x1720 [ 108.764649][ T6437] netlink_unicast+0x5c0/0x690 [ 108.764664][ T6437] netlink_sendmsg+0x5c8/0x6f0 [ 108.764698][ T6437] ? __pfx_netlink_sendmsg+0x10/0x10 [ 108.764727][ T6437] ____sys_sendmsg+0x5af/0x600 [ 108.764746][ T6437] ___sys_sendmsg+0x195/0x1e0 [ 108.764824][ T6437] __x64_sys_sendmsg+0xd4/0x160 [ 108.764841][ T6437] x64_sys_call+0x194c/0x3020 [ 108.764898][ T6437] do_syscall_64+0x12c/0x370 [ 108.765017][ T6437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.765031][ T6437] RIP: 0033:0x7f892eb5c629 [ 108.765048][ T6437] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 108.765060][ T6437] RSP: 002b:00007f892d5af028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 108.765073][ T6437] RAX: ffffffffffffffda RBX: 00007f892edd5fa0 RCX: 00007f892eb5c629 [ 108.765118][ T6437] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 108.765126][ T6437] RBP: 00007f892d5af090 R08: 0000000000000000 R09: 0000000000000000 [ 108.765133][ T6437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 108.765141][ T6437] R13: 00007f892edd6038 R14: 00007f892edd5fa0 R15: 00007ffd3cc110d8 [ 108.765152][ T6437] [ 108.986879][ T6441] loop1: detected capacity change from 0 to 512 [ 108.998018][ T6441] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.047603][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.200910][ T6454] FAULT_INJECTION: forcing a failure. [ 109.200910][ T6454] name failslab, interval 1, probability 0, space 0, times 0 [ 109.214554][ T6454] CPU: 0 UID: 0 PID: 6454 Comm: syz.2.1141 Not tainted syzkaller #0 PREEMPT(full) [ 109.214580][ T6454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 109.214592][ T6454] Call Trace: [ 109.214608][ T6454] [ 109.214617][ T6454] __dump_stack+0x1d/0x30 [ 109.214642][ T6454] dump_stack_lvl+0x95/0xd0 [ 109.214663][ T6454] dump_stack+0x15/0x1b [ 109.214683][ T6454] should_fail_ex+0x263/0x280 [ 109.214785][ T6454] ? nf_tables_newtable+0x375/0xea0 [ 109.214813][ T6454] should_failslab+0x8c/0xb0 [ 109.214872][ T6454] __kmalloc_cache_noprof+0x5f/0x410 [ 109.214938][ T6454] ? __nla_validate_parse+0x1650/0x1cf0 [ 109.214961][ T6454] nf_tables_newtable+0x375/0xea0 [ 109.215064][ T6454] nfnetlink_rcv+0xc1e/0x1720 [ 109.215103][ T6454] netlink_unicast+0x5c0/0x690 [ 109.215132][ T6454] netlink_sendmsg+0x5c8/0x6f0 [ 109.215239][ T6454] ? __pfx_netlink_sendmsg+0x10/0x10 [ 109.215277][ T6454] ____sys_sendmsg+0x5af/0x600 [ 109.215306][ T6454] ___sys_sendmsg+0x195/0x1e0 [ 109.215340][ T6454] __x64_sys_sendmsg+0xd4/0x160 [ 109.215452][ T6454] x64_sys_call+0x194c/0x3020 [ 109.215480][ T6454] do_syscall_64+0x12c/0x370 [ 109.215510][ T6454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.215610][ T6454] RIP: 0033:0x7fa8e1d7c629 [ 109.215629][ T6454] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 109.215648][ T6454] RSP: 002b:00007fa8e07cf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 109.215671][ T6454] RAX: ffffffffffffffda RBX: 00007fa8e1ff5fa0 RCX: 00007fa8e1d7c629 [ 109.215785][ T6454] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 109.215800][ T6454] RBP: 00007fa8e07cf090 R08: 0000000000000000 R09: 0000000000000000 [ 109.215814][ T6454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.215828][ T6454] R13: 00007fa8e1ff6038 R14: 00007fa8e1ff5fa0 R15: 00007ffdd3e00428 [ 109.215845][ T6454] [ 109.433483][ T6457] syzkaller1: entered promiscuous mode [ 109.439590][ T6457] syzkaller1: entered allmulticast mode [ 109.551430][ T6474] loop3: detected capacity change from 0 to 512 [ 109.570413][ T6470] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1149'. [ 109.578409][ T6474] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.594391][ T6474] ext4 filesystem being mounted at /245/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 109.872633][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.890574][ T6477] loop0: detected capacity change from 0 to 512 [ 110.038554][ T6493] loop4: detected capacity change from 0 to 512 [ 110.041960][ T6477] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.052358][ T6490] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.063112][ T6477] ext4 filesystem being mounted at /209/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.075898][ T6493] ext4: Unknown parameter 'bsdgroups.obj_role' [ 110.094791][ T6490] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 110.102426][ T6477] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.134261][ T6493] loop4: detected capacity change from 0 to 256 [ 110.141066][ T6493] vfat: Unknown parameter '搩( [ 111.152208][ T6544] __dump_stack+0x1d/0x30 [ 111.152235][ T6544] dump_stack_lvl+0x95/0xd0 [ 111.152258][ T6544] dump_stack+0x15/0x1b [ 111.152310][ T6544] should_fail_ex+0x263/0x280 [ 111.152332][ T6544] should_fail+0xb/0x20 [ 111.152403][ T6544] should_fail_usercopy+0x1a/0x20 [ 111.152425][ T6544] _copy_from_user+0x1c/0xb0 [ 111.152477][ T6544] __sys_bpf+0x183/0x7e0 [ 111.152502][ T6544] __x64_sys_bpf+0x41/0x50 [ 111.152531][ T6544] x64_sys_call+0x10cb/0x3020 [ 111.152571][ T6544] do_syscall_64+0x12c/0x370 [ 111.152601][ T6544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.152626][ T6544] RIP: 0033:0x7f9111cec629 [ 111.152696][ T6544] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 111.152713][ T6544] RSP: 002b:00007f9110747028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 111.152835][ T6544] RAX: ffffffffffffffda RBX: 00007f9111f65fa0 RCX: 00007f9111cec629 [ 111.152848][ T6544] RDX: 0000000000000028 RSI: 0000200000000000 RDI: 0000000000000012 [ 111.152860][ T6544] RBP: 00007f9110747090 R08: 0000000000000000 R09: 0000000000000000 [ 111.152872][ T6544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.152884][ T6544] R13: 00007f9111f66038 R14: 00007f9111f65fa0 R15: 00007ffdc35f8cc8 [ 111.152958][ T6544] [ 111.355763][ T6550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.369409][ T6550] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.398105][ T6556] loop1: detected capacity change from 0 to 1024 [ 111.422874][ T6556] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.459414][ T6556] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.469946][ T6558] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.488416][ T6566] delete_channel: no stack [ 111.501056][ T6566] delete_channel: no stack [ 111.508822][ T6558] ext4 filesystem being mounted at /238/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 111.689340][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.700754][ T6555] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.715084][ T6582] EXT4-fs: Ignoring removed oldalloc option [ 111.764325][ T6582] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: comm syz.4.1188: Parent and EA inode have the same ino 15 [ 111.807925][ T6582] loop4: lost filesystem error report for type 5 error -117 [ 111.808639][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 111.822582][ C0] EXT4-fs (loop4): initial error at time 1771755663: ext4_xattr_inode_iget:437 [ 111.831558][ C0] EXT4-fs (loop4): last error at time 1771755663: ext4_xattr_inode_iget:437 [ 111.846639][ T6593] netlink: 'syz.2.1192': attribute type 25 has an invalid length. [ 111.871986][ T6582] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: comm syz.4.1188: Parent and EA inode have the same ino 15 [ 111.884481][ T6582] loop4: lost filesystem error report for type 5 error -117 [ 111.884874][ T6582] EXT4-fs (loop4): 1 orphan inode deleted [ 111.901295][ T6582] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.926037][ T6582] EXT4-fs error (device loop4): ext4_find_dest_de:2050: inode #2: block 13: comm syz.4.1188: bad entry in directory: directory entry overrun - offset=76, inode=0, rec_len=1024, size=1024 fake=0 [ 111.949245][ T6582] EXT4-fs error (device loop4): ext4_find_dest_de:2050: inode #2: block 13: comm syz.4.1188: bad entry in directory: directory entry overrun - offset=76, inode=0, rec_len=1024, size=1024 fake=0 [ 111.972555][ T6603] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1197'. [ 111.974903][ T6582] EXT4-fs error (device loop4): ext4_lookup:1785: inode #15: comm syz.4.1188: unexpected EA_INODE flag [ 112.033294][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.070130][ T6605] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.083809][ T6605] ext4 filesystem being mounted at /220/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.096965][ T6613] EXT4-fs: inline encryption not supported [ 112.103226][ T6613] EXT4-fs: Ignoring removed nomblk_io_submit option [ 112.110216][ T6613] EXT4-fs: Ignoring removed nobh option [ 112.116370][ T6613] EXT4-fs: Ignoring removed bh option [ 112.208171][ T6613] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.302436][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.320496][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.538904][ T6647] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1213'. [ 112.608726][ T28] kauditd_printk_skb: 205 callbacks suppressed [ 112.608754][ T28] audit: type=1400 audit(1771755664.271:551): avc: denied { read } for pid=6641 comm="syz.1.1211" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 112.666514][ T6650] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.674019][ T28] audit: type=1400 audit(1771755664.271:552): avc: denied { open } for pid=6641 comm="syz.1.1211" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 112.731622][ T6655] set_capacity_and_notify: 5 callbacks suppressed [ 112.731640][ T6655] loop4: detected capacity change from 0 to 512 [ 112.790532][ T6628] loop2: detected capacity change from 0 to 2048 [ 112.800017][ T6655] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.826039][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.838569][ T6655] FAULT_INJECTION: forcing a failure. [ 112.838569][ T6655] name failslab, interval 1, probability 0, space 0, times 0 [ 112.851623][ T6655] CPU: 0 UID: 0 PID: 6655 Comm: syz.4.1216 Not tainted syzkaller #0 PREEMPT(full) [ 112.851653][ T6655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 112.851666][ T6655] Call Trace: [ 112.851674][ T6655] [ 112.851683][ T6655] __dump_stack+0x1d/0x30 [ 112.851725][ T6655] dump_stack_lvl+0x95/0xd0 [ 112.851747][ T6655] dump_stack+0x15/0x1b [ 112.851841][ T6655] should_fail_ex+0x263/0x280 [ 112.851860][ T6655] should_failslab+0x8c/0xb0 [ 112.851878][ T6655] kmem_cache_alloc_noprof+0x66/0x400 [ 112.851966][ T6655] ? do_getname+0x2e/0x1c0 [ 112.851984][ T6655] do_getname+0x2e/0x1c0 [ 112.852002][ T6655] getname_flags+0x1d/0x30 [ 112.852022][ T6655] do_sys_openat2+0x60/0x130 [ 112.852049][ T6655] __x64_sys_openat+0xf2/0x120 [ 112.852104][ T6655] x64_sys_call+0x1e39/0x3020 [ 112.852159][ T6655] do_syscall_64+0x12c/0x370 [ 112.852192][ T6655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.852235][ T6655] RIP: 0033:0x7f892eb5c629 [ 112.852250][ T6655] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 112.852362][ T6655] RSP: 002b:00007f892d5af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 112.852381][ T6655] RAX: ffffffffffffffda RBX: 00007f892edd5fa0 RCX: 00007f892eb5c629 [ 112.852393][ T6655] RDX: 000000000000275a RSI: 0000200000000040 RDI: ffffffffffffff9c [ 112.852408][ T6655] RBP: 00007f892d5af090 R08: 0000000000000000 R09: 0000000000000000 [ 112.852421][ T6655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.852435][ T6655] R13: 00007f892edd6038 R14: 00007f892edd5fa0 R15: 00007ffd3cc110d8 [ 112.852513][ T6655] [ 113.097324][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.258722][ T6663] netlink: 'syz.4.1219': attribute type 24 has an invalid length. [ 113.363567][ T6668] netlink: 'syz.2.1221': attribute type 25 has an invalid length. [ 113.435049][ T6674] loop4: detected capacity change from 0 to 1024 [ 113.439104][ T6678] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1225'. [ 113.468732][ T6680] loop0: detected capacity change from 0 to 512 [ 113.476282][ T28] audit: type=1400 audit(1771755665.141:553): avc: denied { setcheckreqprot } for pid=6675 comm="syz.2.1226" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 113.499175][ T6680] EXT4-fs: Ignoring removed nobh option [ 113.499191][ T6674] EXT4-fs: inline encryption not supported [ 113.515119][ T6680] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 113.534444][ T6674] EXT4-fs: Ignoring removed nomblk_io_submit option [ 113.542831][ T6680] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842e02c, mo2=0002] [ 113.552002][ T6680] EXT4-fs (loop0): orphan cleanup on readonly fs [ 113.561451][ T6674] EXT4-fs: Ignoring removed nobh option [ 113.567396][ T6680] EXT4-fs error (device loop0): ext4_clear_blocks:876: inode #11: comm syz.0.1227: attempt to clear invalid blocks 1024 len 1 [ 113.588717][ T6680] loop0: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 113.589113][ T6680] EXT4-fs (loop0): Remounting filesystem read-only [ 113.601075][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 113.601098][ C1] EXT4-fs (loop0): initial error at time 1771755665: ext4_clear_blocks:876: inode 11 [ 113.601133][ C1] EXT4-fs (loop0): last error at time 1771755665: ext4_clear_blocks:876: inode 11 [ 113.700543][ T6674] EXT4-fs: Ignoring removed bh option [ 113.706779][ T6680] EXT4-fs (loop0): 1 truncate cleaned up [ 113.713891][ T6680] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 113.728039][ T6674] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.775457][ T6676] ================================================================== [ 113.783606][ T6676] BUG: KCSAN: data-race in __filemap_remove_folio / folio_mapping [ 113.791612][ T6676] [ 113.793942][ T6676] write to 0xffffea0004837898 of 8 bytes by task 6616 on cpu 1: [ 113.801855][ T6676] __filemap_remove_folio+0x201/0x310 [ 113.807546][ T6676] filemap_remove_folio+0x6d/0x1d0 [ 113.812865][ T6676] truncate_inode_folio+0x42/0x50 [ 113.818697][ T6676] shmem_undo_range+0x26d/0xb10 [ 113.823696][ T6676] shmem_evict_inode+0x12e/0x510 [ 113.828661][ T6676] evict+0x2af/0x510 [ 113.831123][ T6691] syzkaller1: left promiscuous mode [ 113.832659][ T6676] iput+0x41a/0x580 [ 113.838075][ T6691] syzkaller1: left allmulticast mode [ 113.841765][ T6676] dentry_unlink_inode+0x24f/0x260 [ 113.841802][ T6676] __dentry_kill+0x13f/0x460 [ 113.841831][ T6676] finish_dput+0x2b/0x200 [ 113.841851][ T6676] dput+0x52/0x60 [ 113.864953][ T6676] __fput+0x444/0x650 [ 113.868953][ T6676] ____fput+0x1c/0x30 [ 113.873369][ T6676] task_work_run+0x130/0x1a0 [ 113.877964][ T6676] do_exit+0x466/0x15a0 [ 113.882208][ T6676] do_group_exit+0xfe/0x140 [ 113.887087][ T6676] get_signal+0xe54/0xf60 [ 113.891423][ T6676] arch_do_signal_or_restart+0x96/0x450 [ 113.896978][ T6676] irqentry_exit+0xf7/0x520 [ 113.901492][ T6676] asm_exc_page_fault+0x26/0x30 [ 113.906351][ T6676] [ 113.908671][ T6676] read to 0xffffea0004837898 of 8 bytes by task 6676 on cpu 0: [ 113.917337][ T6676] folio_mapping+0xa1/0xe0 [ 113.921839][ T6676] evict_folios+0x2b79/0x35c0 [ 113.926636][ T6676] try_to_shrink_lruvec+0x81b/0xbf0 [ 113.931846][ T6676] shrink_lruvec+0x255/0x1c60 [ 113.936882][ T6676] shrink_node+0x67a/0x2130 [ 113.942009][ T6676] do_try_to_free_pages+0x408/0xc80 [ 113.947261][ T6676] try_to_free_mem_cgroup_pages+0x1f5/0x470 [ 113.953275][ T6676] try_charge_memcg+0x37e/0xa10 [ 113.958314][ T6676] obj_cgroup_charge_pages+0x23/0xc0 [ 113.963617][ T6676] __memcg_kmem_charge_page+0x9e/0x170 [ 113.969355][ T6676] __alloc_frozen_pages_noprof+0x18a/0x360 [ 113.975360][ T6676] alloc_pages_mpol+0xb3/0x260 [ 113.980315][ T6676] alloc_pages_noprof+0x8f/0x130 [ 113.987224][ T6676] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 113.994106][ T6676] __kvmalloc_node_noprof+0x3d4/0x650 [ 114.000025][ T6676] futex_hash_allocate+0x190/0x9d0 [ 114.005325][ T6676] futex_hash_prctl+0xd8/0xf0 [ 114.010016][ T6676] __se_sys_prctl+0xa3d/0x13f0 [ 114.014797][ T6676] __x64_sys_prctl+0x67/0x80 [ 114.019567][ T6676] x64_sys_call+0x2533/0x3020 [ 114.024439][ T6676] do_syscall_64+0x12c/0x370 [ 114.029134][ T6676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.035734][ T6676] [ 114.038071][ T6676] value changed: 0xffff8881261a1c18 -> 0x0000000000000000 [ 114.045342][ T6676] [ 114.047766][ T6676] Reported by Kernel Concurrency Sanitizer on: [ 114.054088][ T6676] CPU: 0 UID: 0 PID: 6676 Comm: syz.2.1226 Not tainted syzkaller #0 PREEMPT(full) [ 114.063807][ T6676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 114.074829][ T6676] ================================================================== [ 114.086508][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 114.391340][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.