last executing test programs: 2.284917564s ago: executing program 2 (id=3979): r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x62) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r4, 0x1, 0x7, &(0x7f0000000080), 0x4) sendmmsg$unix(r4, &(0x7f00000bd000), 0x80, 0xe011) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x90) close(r3) 2.08421851s ago: executing program 2 (id=3983): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1) sendmsg$NLBL_CALIPSO_C_REMOVE(r0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0) setuid(0xee00) bpf$PROG_LOAD(0x5, 0x0, 0x0) 1.999658757s ago: executing program 2 (id=3984): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8}]}], {0x14, 0x10}}, 0x64}}, 0x0) 1.96402913s ago: executing program 2 (id=3985): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x40086602, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) ioctl$TIOCSRS485(r0, 0x542f, &(0x7f0000000440)={0x0, 0x0, 0xf6}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10) fstatfs(0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000021000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x64}]}, 0x18}}, 0x4008001) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f0000000240)={@mcast2}, 0x14) r4 = open(0x0, 0x14927e, 0x0) perf_event_open(&(0x7f00000003c0)={0x0, 0x80, 0x35, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r4, 0x0, 0x0, 0x1000f4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x64, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_to_batadv\x00'}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0x9}]}]}], {0x14, 0x10}}, 0xac}}, 0x0) 1.857066949s ago: executing program 2 (id=3986): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x62) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) r3 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2}, 0x1c) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./bus\x00', 0x400000, &(0x7f0000000500)=ANY=[@ANYBLOB="666c7573682c6e6f646f74732c646973636172642c646d61736b3d30303030303030303030303030303030303030303030322c646d61736b3d30303030303030303030303030303030303030303137372c646f74732c6e6f646f74732c71756965742c646f74732c0023c3cb4d2e3cbf18508098ee0de2af38db67d42d1bc4ab714d52f019082433fc9ca2d7174b2c4e5531c9f4c7a4d53914e100"/167], 0x1, 0x140, &(0x7f0000000000)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=") open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r4, 0x4c12, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, "ee289f413bb90152f7d6d1ce5ca93c0f7c41499dc28ac63a01000000000000004faa2ad9c084a003ea00", "03bdbcef549ba19704007ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c20c62df7a8d5da5c00000000ff030000fff2ff008900"}) 1.187913463s ago: executing program 3 (id=3939): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000008100000086dd"], 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x2}, 0x48) io_submit(0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, 0x0, 0x1) 1.104185s ago: executing program 2 (id=3990): socket$inet(0x2, 0x2, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x4}, 0x1c) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a850000000f000000c50000009e0000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b00)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e20004d13"], 0x0) ppoll(&(0x7f0000000d40)=[{r0}], 0x1, &(0x7f0000000dc0)={0x0, 0x3938700}, 0x0, 0x0) 1.10365614s ago: executing program 3 (id=3991): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@bridge_getvlan={0x50, 0x72, 0x701, 0x0, 0x0, {}, [@BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}]}, 0x50}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000280)={'bridge_slave_0\x00', &(0x7f00000000c0)=@ethtool_eee={0x44, 0x3, 0xffffffff, 0x0, 0xffff, 0x3, 0x7, 0xffffffff, [0x214f, 0xffffffc0]}}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) 1.042024145s ago: executing program 4 (id=3994): r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x0, 0x3c000000}, @NFT_MSG_NEWCHAIN={0x14}], {0x14, 0x10}}, 0x50}}, 0x0) 992.023609ms ago: executing program 3 (id=3995): r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000003200)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec06000000000000002176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f3cc2b0da31fa21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e03564f7f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000020000004015cf05003f6cded6a2f8550b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c10a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d02000000a3ff4f8a4cf796b07a6ff61c5d52417fd703f7f14d8b78ac02ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c9ad943e392955f4f979ea13201bafe4f0f6ea5080000000cdcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12289ee34463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262d0af3246eb4fc4bda345360200000001fbddeacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b0030000000000ea8809820000553d18a6cc50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f55e550fafa4cedd763ada3104f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2a81425ef1b71c1d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e6f523d9c8c21578fe3245097c280abe51427b9f6cd72b51b7689969c72fb632d1c072492d9da6d0252803c66730cd5eac907f09b9695906313f88735fce513974a24eee239baa91322608c6fc01e1b9e16587bb5f721303e6b89000000fa08ad0731c4b839688b22c4da2a6bc4cf45dbeea042f9b33393f85a0417854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296ac2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692baffffffff5c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f507084c8c88e0652decbe579b042d84ea94597dd1059620a050f69ea03b99b4e19d35f4a3b54e96ae2172effecec80f6baa4bf69a6ebf53928867d596987024952b698d4a01c08aca45ea8727be6c8bc8fdcdff1917db98f152625b8465bc46dbe9762d1183ec79f4ab393541a6d9cabc4de71c5a65d228e4cb483cca06858dc6727c7a2322c9580d9afc33f6fcf87518ecca6dd027cb995f1eb4e98e4b500b5843d4ee1d28831707923f0"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) write(r2, &(0x7f0000000000)="fa", 0xfffffdef) (fail_nth: 30) 666.864876ms ago: executing program 0 (id=3998): syz_open_dev$vcsa(&(0x7f0000000040), 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r1 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0xffffff99}], 0x27}) io_uring_enter(r1, 0x567, 0x0, 0x0, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = dup(r4) mount$9p_fd(0x20102200, &(0x7f0000000380)='.\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) 490.49243ms ago: executing program 4 (id=4000): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0xd, 0x10, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000020646c2500000000002020207b1a00fe00000000bda100000000000007010000f8ffffffb702000008000000b7030000000000008500000076000000950000000000000085100000010000001829000000000000000000", @ANYRESHEX=r0, @ANYBLOB="00184b0000000300000000"], &(0x7f0000000180)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) r1 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r1, 0x0, 0x0, 0xc000, 0x0, 0x0) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) syz_io_uring_setup(0x3b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x4}, 0x14}}, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) sendto$packet(r5, &(0x7f0000000080)="18", 0x10, 0x0, &(0x7f00000000c0)={0x11, 0xc, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x200000000000019f, 0x0, 0x0}, 0x90) r8 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x28, 0x52, 0x1, 0xffffffff, 0x0, {0xa}, [@typed={0x14, 0x7, 0x0, 0x0, @ipv6=@mcast1}]}, 0x28}}, 0x0) r9 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r9, 0x6, 0x80000000000002, &(0x7f0000000040)=0x7a, 0x4) sendto$inet(r9, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r9, &(0x7f00000002c0)=ANY=[], 0x40e2) sendmsg$TCPDIAG_GETSOCK(r2, &(0x7f0000002500)={0x0, 0x0, &(0x7f00000024c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001200010a00000000000000000000003f00000000000000000000000000000000000000e0ffffffff454b086007ecaec800000000e0798deb5d64018ebcdfdc8817"], 0x50}}, 0x0) 477.122961ms ago: executing program 0 (id=4001): fallocate(0xffffffffffffffff, 0xc, 0x0, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) utimensat(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$SIOCGSTAMP(0xffffffffffffffff, 0x8906, 0x0) r1 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @private0}, {0xa, 0x0, 0x0, @mcast1}, 0x0, {[0x691, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}}, 0x5c) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000003c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r3, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r5, 0x0) connect$pppl2tp(r2, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x26) r6 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_group_source_req(r6, 0x0, 0x2f, &(0x7f0000001e40)={0x55a21ebd, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108) r7 = socket$kcm(0x10, 0x2, 0x4) close(r7) socket$kcm(0x10, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@user_xattr}, {@nombcache}, {@noblock_validity}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x54d, &(0x7f0000000400)="$eJzs3U1rG0cfAPD/ynLenycOhEB7KIYcmpJGju2+pNBDeixtaKC9p8LemGApCpYcYjfQ5NBceimhUEoDpR+g9x5Dv0A/RaANhBJMe+hFZeWVo8SSrThKrFS/H6w9s7vy7Gj2P57RSCiAkTWZ/ShEvBIR3yQRhzuOFSM/OLl+3trD63PZlkSz+emfSST5vvb5Sf77YDtTjPj1q4iThc3l1ldWF8uVSrqU56ca1StT9ZXVU5eq5YV0Ib08Mzt75u3ZmffefWdgdX3j/N/ff3L3wzNfH1/77uf7R24ncTYO5cc66/EMbnRmJmMyf07G4+wTJ04PoLBhkuz2BbAjY3mcj0fWBxyOsTzqgf++LyOiCYyoRPzDiGqPA9pz+wHNg18aDz5YnwBtrn9x/bWR2NeaGx1YSx6bGWXz3YkBlJ+V8csfd25nWwzudQiAbd24GRGni8XN/V+S9387d7qPc54sQ/8HL87dbPzzZrfxT2Fj/BNdxj8Hu8TuTmwf/4X7Ayimp2z8937X8e/GotXEWJ77X2vMN55cvFRJs77t/xFxIsb3Zvmt1nPOrN1r9jrWOf7Ltqz89lgwv477xb2PP2a+3Cg/S507PbgZ8WrX8W+y0f5Jl/bPno/zfZZxLL3zWq9j29f/+Wr+FPF61/Z/tKKVbL0+OdW6H6bad8Vmf9069luv8ne7/ln7H9i6/hNJ53pt/enL+HHfP2mvYzu9//ckn7XSe/J918qNxtJ0xJ7k4837Zx49tp1vn5/V/8Txrfu/bvf//oj4vM/63zp6q+epw9D+80/V/k+fuPfRFz/0Kr+/9n+rlTqR7+mn/+v3Ap/luQMAAAAAAIBhU4iIQ5EUShvpQqFUWn9/x9E4UKjU6o2TF2vLl+ej9VnZiRgvtFe6D3e8H2I6fz9sOz/zRH42Io5ExLdj+1v50lytMr/blQcAAAAAAAAAAAAAAAAAAIAhcbDH5/8zv4/t9tUBz52v/IbRtW38D+KbnoCh5P8/jC7xD6NL/MPoEv8wusQ/jC7xD6NL/MPoEv8AAAAAAAAAAAAAAAAAAAAAAAAAAAAwUOfPncu25trD63NZfv7qyvJi7eqp+bS+WKouz5XmaktXSgu12kIlLc3Vqtv9vUqtdmV6JpavTTXSemOqvrJ6oVpbvty4cKlaXkgvpOMvpFYAAAAAAAAAAAAAAAAAAADwcqmvrC6WK5V0SUJiR4nicFyGxIATu90zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAj/wYAAP//Gis4ow==") r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(r8, &(0x7f00000003c0)='./bus\x00', 0x0) renameat2(r8, &(0x7f0000000300)='./bus\x00', r8, &(0x7f00000001c0)='./file0\x00', 0x4) sendmsg$inet(r7, &(0x7f0000000040)={0x0, 0x9, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc00800190004000200060007000364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r9 = memfd_secret(0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0xc, 0x12, r9, 0x2e29a000) 423.380645ms ago: executing program 3 (id=4002): r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000002"], 0x110) 422.869426ms ago: executing program 1 (id=4003): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={0x0, 0x44}}, 0x0) 385.703679ms ago: executing program 1 (id=4004): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ppoll(&(0x7f0000000000)=[{r1}, {r2}, {r2, 0x9086}], 0x3, 0x0, 0x0, 0x0) close(r0) 385.258389ms ago: executing program 0 (id=4005): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_sctp(0xa, 0x0, 0x84) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) add_key$keyring(&(0x7f0000000240), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8052, &(0x7f00000005c0)={[{@noauto_da_alloc}, {@errors_remount}, {@dioread_nolock}]}, 0x3, 0x4cf, &(0x7f0000000740)="$eJzs3E9sFNUfAPDvbFta/v3oDxEFUYtobCS2UFA4mBiMJh40MeJBj01bCFKooSURgmZJDB4NiXfj0asHr+qFGE8mXvFoYkiI4QKYGNfM7szudpltabvt2vTzSZZ5b/699+bNm33zXpcANqyh9J+kFr4ZETsiotS6w1Btce/OlYn7d65MRLlSOflnUj3sbhrPZKeJrVlkuBRR+ixpbGgye+ny2fHp6akLWXx07txHo7OXLr945tz46anTU+fHjh8/euTwsZfHXlp6oQrSS8t1d++nM/v2vPnB9bcnevP1A9myuRydMhRDRVmpeq7TiXXZ9qZw0tvFjLAk6f2fVldftf3viJ5QebBRVCqVSn/7zeVKq6sPrAHWrSS6nQOgO/Iv+vT9N/8UdQQ2rU73o+tun6i9AKXlvpd9Ip6urszHQfpa3m87aSgi3i//9VX6iVUahwAAaPbDibwn2NL/G6zNjPx98car6fJ/2RzKYET8PyJ2RsQjEbErIh6NiN0R8VhEPN5y/p6IqCyQ/lBLvJ5+fRKqdKtDRS2U9v9eyea2Gv2/eRkY7Mli2yPyDvPUoeyaDEdf/6kz01OHF0jjx9d//aLdtub+X/pJ08/7glk+bvW2DNBNjs+NL7vALW5fjdjb21r+pDciqc8EJBGxJyL2LuG8g03hMy98s68e6Zu/3+Llr6oUzqN1YKqi8nXE87X6L8e8+m+kmCw8Pzk6ENNTh0bTu+BQYRo//3LtnXbpL1r+735vPeSNY9+fzFrWyqX1v6Xp/o98/rZR/sEkIqnP184uPY1rv33e9p1muff/puS9ajh/L/14fG7uwuGITclbD64faxybx9NllGvlHz5Q3P53ZsekV+KJiEhv4icj4qmovSGmed8fEc9ExIEFyv/Ta89+uPzyr660/JOFz7959d+Yr28XSMq1vQs29Zzdf/N+m4fHw9X/0WpoOFtT/PxL5j0i2uU0/7ZL1/yz0osHAAAA60QpIrY1jSVti1JpZKQ2BrQrtpSmZ2bnDp6auXh+Mt0WMRh9pXykqzYe3Jfk45+DTfGxlviRbNz4y57N1fjIxMz0ZFdLDmyttvmkNFJ/FtTaf+qPzgwxA/9lfvIDG9dC7T/txO++voaZAdbUw3//3/hkVTMCrLmm9l9us0t5GX/3BawD3v+BhnbdgAbPDFj/KtoybGhLav8HF+8bAOtHb7xbD5e6mhNgren/w4a06O/6VxSo9BdvGogHd46BhU/YE8vLxuaCtLoSSHtWXUl983KOyv83hbb7RGlpJ+yPztTpqRVejfKF2dO7O37zV7K/le90DX67Ju20KNCVxxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDH/RsAAP//sp/iug==") r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000005b00)=0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 383.599509ms ago: executing program 4 (id=4006): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@bridge_getvlan={0x50, 0x72, 0x701, 0x0, 0x0, {}, [@BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}]}, 0x50}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000280)={'bridge_slave_0\x00', &(0x7f00000000c0)=@ethtool_eee={0x44, 0x3, 0xffffffff, 0x0, 0xffff, 0x3, 0x7, 0xffffffff, [0x214f, 0xffffffc0]}}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) 324.601454ms ago: executing program 4 (id=4007): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1) sendmsg$NLBL_CALIPSO_C_REMOVE(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0) setuid(0xee00) bpf$PROG_LOAD(0x5, 0x0, 0x0) 271.412448ms ago: executing program 3 (id=4008): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r1 = syz_io_uring_setup(0xd7c, &(0x7f00000035c0)={0x0, 0x0, 0x10100}, &(0x7f0000000a00)=0x0, &(0x7f0000000a40)=0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000300)=@in={0x2, 0x0, @local}}) io_uring_enter(r1, 0x291c, 0x0, 0xfeffffffffffffff, 0x0, 0x0) 247.43097ms ago: executing program 1 (id=4009): sched_setscheduler(0x0, 0x5, &(0x7f000000d380)) ioprio_set$pid(0x1, 0x0, 0x0) open(&(0x7f0000000040)='./cgroup.cpu/cpuset.cpus\x00', 0x0, 0x0) r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_SIGNAL_INFO(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x33fe0}, 0x33fe0}}, 0x0) sendmsg$AUDIT_SIGNAL_INFO(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x10}, 0x10}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x340, 0xffffffff, 0xd0, 0xd0, 0x1a0, 0xffffffff, 0xffffffff, 0x3e0, 0x3e0, 0x3e0, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@local, @empty, [], [], 'tunl0\x00', 'vlan1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffd}}, {{@ipv6={@dev, @private1, [], [], 'veth0\x00', 'geneve1\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'team_slave_1\x00', 'bond_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3f}}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) acct(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00') acct(0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000005c0)={0x5, &(0x7f0000000100)=[{0x101, 0x9, 0x4, 0x4}, {0x8000, 0x5, 0x7, 0x1}, {0xf, 0x8, 0x6, 0x3}, {0x4, 0x9, 0x94, 0x8}, {0x8, 0x9, 0x4, 0x2}]}) 214.638892ms ago: executing program 1 (id=4010): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000040), 0xffffff94) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}}, 0x9c) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00') bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) epoll_create1(0x0) socket$nl_generic(0x10, 0x3, 0x10) creat(&(0x7f0000000080)='./file0\x00', 0x0) syncfs(0xffffffffffffffff) r1 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x1000, 0x40000}, 0x0, 0x0, 0xffffffffffffffff, 0xb) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec06000000000000002176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f3cc2b0da31fa21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bca84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e03564f7f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000020000004015cf05003f6cded6a2f8550b973b818184ebad0485fbaa816e3b26199d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2cc5e46ac1c10a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d02000000a3ff4f8a4cf796b07a6ff61c5d52417fd703f7f14d8b78ac02ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c9ad943e392955f4f979ea13201bafe4f0f6ea5080000000cdcd2063d11dd665647223c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb5567e54d3504723177d356c4604b7a492ecec37e83efceefd7ca2533659edc8be05cc85451c6a14507434eb54b6f43caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffca9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a294351c5356c1d06c92cf8ce3c7c56cd31121624d74517fd3666277f670e812b28e2f30d035cee5d0e77a3c7220000000000000005a474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f034b8d3ebce68663ef5af469abe75b314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041e12289ee34463aaf28345bd168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262d0af3246eb4fc4bda345360200000001fbddeacd3adaa4d2ee6fe0d072ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d401adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb40f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b0030000000000ea8809820000553d18a6cc50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5631820420bf5b6522c0e21c882c66f55e550fafa4cedd763ada3104f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe527340935aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2a81425ef1b71c1d2a0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efc794874eac73381e6f523d9c8c21578fe3245097c280abe51427b9f6cd72b51b7689969c72fb632d1c072492d9da6d0252803c66730cd5eac907f09b9695906313f88735fce513974a24eee239baa91322608c6fc01e1b9e16587bb5f721303e6b89000000fa08ad0731c4b839688b22c4da2a74c4cf45dbeea042f9b33393f85a0417854d221a2d5f96bc64647f15daa2ba79cd0f4254ed55217912ef84bd2927df82fc061aef2920c49b2a90886da75561173fa186cb7ee86dd4285c4721eb428c953296ac2f5d825da54dbef07c1b349b4901e093d13e6b9a0000009b5b22e887bc061d40bcaf0aa18623fd9b7179ccc692baffffffff5c4decf9d080a8ac7e82d4cde1267aa64b2a94fd87a009e6742c2ddc3a9d7eccbb1831b1fa218277c2814a91cab7cb59c697166d6f1bb1a360470000000000000000000000000000000000000000000000000000f9f9b4ce7e871f507084c8c88e0652decbe579b042d84ea94597dd1059620a050f69ea03b99b4e19d35f4a3b54e96ae2172effecec80f6baa4bf69a6ebf53928867d596987024952b698d4a01c08aca45ea8727be6c8bc8fdcdff1917db98f152625b8465bc46dbe9762d1183ec79f4ab393541a6d9cabc4de71c5a65d228e4cb483cca06858dc6727c7a2322c9580d9afc33f6fcf87518ecca6dd027cb995f1eb4e98e4b500b5843d4ee19210490639d0f4893d7d2c79c2d5cec4ebf2e04aeb1e36e370645e52e1328e70f011a950f8ae1dfa42b14ea99ffe35186534534630ad8a4881ff625e1b389cedc085acdba51308f2c4ab4b781e3756adbe6d012874666b157d1f077614a1e7c90180694efeb4094dc87f969af3e0a4ecdae32a091fd3ca0b86d732d130b983602ff21887eb1692e622d880a8378b129731c379bdcc7db13d2ab8b189ff83ca71d967fd7e1c46def217e7a9d0ac26bb6f65bbe904e3"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfdcd}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) socket$inet6_udp(0xa, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x99, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@o_path={0x0}, 0x18) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="74000000000201040000000000000000020000002400028014000180080001000000000008000200ac1414bb0c00028004000100000000002400038014000180403ae1a30000000008000200000000000c0002800500010000000000180001801400018008000100ac1414bb08000200ac141400"], 0x74}}, 0x0) r6 = socket(0x15, 0x5, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8740, 0xffffffffffffffe0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$binfmt_script(r8, &(0x7f0000000200), 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0) getsockopt$inet6_int(r6, 0x29, 0x12, &(0x7f0000000100), &(0x7f0000000180)=0x4) getsockopt(r6, 0x200000000114, 0x271e, 0x0, &(0x7f0000000000)) 168.091127ms ago: executing program 3 (id=4011): r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000f3"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'hsr0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x44}}, 0x0) 167.616267ms ago: executing program 4 (id=4012): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x40086602, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) ioctl$TIOCSRS485(r0, 0x542f, &(0x7f0000000440)={0x0, 0x0, 0xf6}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10) fstatfs(0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000021000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x64}]}, 0x18}}, 0x4008001) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f0000000240)={@mcast2}, 0x14) r4 = open(0x0, 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, r4, 0x0) fallocate(r4, 0x0, 0x0, 0x1000f4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x64, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_to_batadv\x00'}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0x9}]}]}], {0x14, 0x10}}, 0xac}}, 0x0) 166.941736ms ago: executing program 0 (id=4013): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) r1 = io_uring_setup(0x6f6, &(0x7f0000005100)) io_uring_register$IORING_REGISTER_BUFFERS2(r1, 0xf, &(0x7f0000005500)={0x3, 0x0, 0x0, &(0x7f0000005480)=[{0x0}, {0x0}, {&(0x7f0000005380)=""/255, 0xff}], 0x0}, 0x20) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f0000007cc0)={0x2, 0x20, &(0x7f0000007c40)=[{0x0}], 0x0, 0x1}, 0x20) 112.091371ms ago: executing program 0 (id=4014): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1], 0x44}}, 0x0) 97.154602ms ago: executing program 0 (id=4015): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x90) pipe2$9p(&(0x7f0000000140), 0x0) (async) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) (async) write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xaffffff7ffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x208000, 0x1, 0x1}, 0x48) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x208000, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x15, &(0x7f0000002bc0)={{r4}, &(0x7f0000002b40), 0x0}, 0x20) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x5452, &(0x7f0000000780)='\x02;\xe5\b\x00\x1c\x9c\x00\x00\x00\x00\x00\x00\x91\xecB\xdcZ\xe5\xbd$\x05\x90\xa9\xf3\xc7\xcb\xb7\xf0\xa1;#\x989\xe9\x12\xdf^6\xfc\xf3\x01\x02\xbc\xbf\xc0\xf0\x10\xee\xd3\\yy\xa4\xf9\xe8\x00\xdd\xe97 0_\xe4]W\xf7~\xacVK\xc9t\x9e+:\x85\xef\x94\x0e\x19\x9cV[N.\xeb\x9fJ>\xd9\x99\x88\xd8\xdd\xb8Y\xc3$\xc6\x93\v\x04REY\xf4\xea\xf2\xcd\xcd.\x16\x861\xa1\v\x8d\x8e\x84R\xa6\x83\x84\xc0\x01e\xc3\xc8\xcc?\xc8?\x19\xb2\xa2\xe1\xac<\xe9f\x11\xff3\xc7S\x03U\xe0\xd8t\xe3%96\x00'/168) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000200)=0x7fff) (async) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000200)=0x7fff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00'}, 0x90) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0}, 0x20) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) perf_event_open$cgroup(&(0x7f0000000100)={0x6, 0x80, 0x20, 0x9c, 0x1, 0x3f, 0x0, 0x1, 0x2bf284ac81b4994e, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x100000000, 0x45}, 0x0, 0x10000, 0xfffffffe, 0x6, 0x7, 0x80, 0x2, 0x0, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) perf_event_open$cgroup(&(0x7f0000000100)={0x6, 0x80, 0x20, 0x9c, 0x1, 0x3f, 0x0, 0x1, 0x2bf284ac81b4994e, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x100000000, 0x45}, 0x0, 0x10000, 0xfffffffe, 0x6, 0x7, 0x80, 0x2, 0x0, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000000c0)="e02742e8680d85ff9782762f0800", 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x5, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) (async) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x30) write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="7f450700000053c407cd"], 0x7c8) (async) write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="7f450700000053c407cd"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB="17b5b7b1895e972cdebe850da9a54a1fd0effc2296a22859108f591ea944070db3abfdb8413184710f3679a35990d385cbc7d44191922c84a77269a686d5a3aba214f13503825d96768e4f0c674a93057432cea38ad47088631af52ae5ed92feea9bb5b891bf3cff54da085568604b952c70863ac08d2f9f62df510248f9bf31d36a26f4f33b64bb0b72a52b155aaff11c53b9152ab46df4f19c6ff70e526d1e40ceb653e9518e859752f9063943c678ef0cd5e4e1c9b5b0c1ce72"]) 86.082153ms ago: executing program 1 (id=4016): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) getsockopt$WPAN_SECURITY(r0, 0x0, 0x1, 0x0, &(0x7f0000000040)) syz_emit_ethernet(0x7a, &(0x7f0000000180)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x6c, 0x58, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0x14, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @broadcast=0xac14140a, @broadcast=0xac1414bb, {[@timestamp_addr={0x44, 0x1c, 0x0, 0x1, 0x0, [{@local}, {@loopback}, {@dev}]}, @cipso={0x86, 0x1d, 0x0, [{0x0, 0xe, "e02f39d6d0b9b47f6b961e3e"}, {0x0, 0x9, "4ef661e96b4014"}]}]}}}}}}}, 0x0) 53.984526ms ago: executing program 4 (id=4017): perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14"], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000001140), 0x700, 0x0, 0x0) 0s ago: executing program 1 (id=4018): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="480140ffd79a9128b3f4495d0b113deee437d73473000001000000000064aac9d51b867dea6bc4e9de910251d1b9ec75abdcffeec5cc7700040000b01e5739204109b401fb80010353e2af00000000000000000099e6b8035bd173b2be19e78e6da329d6ba2de5f6e1983bb3cf125078881bc5a2535918f8791b6ddfc891684ee557606a5eaf1d3b9e0f8deb3163eea1f7e95b2a307f5687a2d23c32d05ba2c6", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000100030000002400048005000300010000000500030000000000050003008000000005000300800000000800020003000000"], 0x48}}, 0x0) perf_event_open(&(0x7f0000002100)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='flush,nocase,discard,dots,fmask=00000000000000000000177,dots,nodots,nodots,dots,\x00', @ANYRESOCT], 0x1, 0x140, &(0x7f0000000000)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=") setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000000)=0x7, 0x4) r4 = syz_open_dev$usbfs(&(0x7f0000000040), 0x80000000003, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r4, 0x802c550a, &(0x7f0000000080)=ANY=[@ANYBLOB="0200a006002a17006000000002000020"]) recvmmsg(r1, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/155, 0x9b}, {&(0x7f00000004c0)=""/253, 0xfd}], 0x2, &(0x7f00000005c0)=""/236, 0xec}, 0x7fff}], 0x1, 0x2000, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) ioctl$USBDEVFS_REAPURBNDELAY(r4, 0x4008550c, 0x0) r5 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000005400e501000000000000000007000000", @ANYRES32=r6, @ANYBLOB="20000100", @ANYRES32=r8, @ANYBLOB="01000300ffffffff00000000000000000000000000000020"], 0x38}}, 0x0) getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x7, 0x0, &(0x7f0000000000)) kernel console output (not intermixed with test programs): truncate cleaned up [ 221.787828][T14271] loop4: detected capacity change from 0 to 512 [ 221.794426][T14271] EXT4-fs: Ignoring removed nomblk_io_submit option [ 221.802595][T14271] EXT4-fs: Ignoring removed orlov option [ 221.809546][T14271] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 221.817534][T14271] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=842c01c, mo2=0002] [ 221.825617][T14271] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (80) [ 221.835262][T14271] EXT4-fs (loop4): Skipping orphan cleanup due to unknown ROCOMPAT features [ 221.885109][ T7456] kernel write not supported for file /sg0 (pid: 7456 comm: kworker/0:6) [ 221.949492][T14284] netlink: 9 bytes leftover after parsing attributes in process `syz.0.3376'. [ 221.959216][T14284] gretap0: entered promiscuous mode [ 221.980618][T14284] 0猉功D: renamed from gretap0 [ 221.987440][T14284] 0猉功D: left promiscuous mode [ 221.992400][T14284] 0猉功D: entered allmulticast mode [ 222.040730][T14292] loop3: detected capacity change from 0 to 512 [ 222.085971][T14296] loop2: detected capacity change from 0 to 1024 [ 222.097575][T14296] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 222.126690][ T922] kernel write not supported for file /sg0 (pid: 922 comm: kworker/1:2) [ 222.137053][T14296] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 222.154653][T14296] EXT4-fs (loop2): orphan cleanup on readonly fs [ 222.165956][T14296] EXT4-fs error (device loop2): __ext4_get_inode_loc:4357: comm syz.2.3382: Invalid inode table block 0 in block_group 0 [ 222.179051][T14296] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 222.188573][T14296] EXT4-fs error (device loop2): ext4_quota_write:7232: inode #3: comm syz.2.3382: mark_inode_dirty error [ 222.200226][T14296] Quota error (device loop2): write_blk: dquota write failed [ 222.207688][T14296] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 222.217656][T14296] EXT4-fs error (device loop2): ext4_acquire_dquot:6860: comm syz.2.3382: Failed to acquire dquot type 0 [ 222.230464][T14296] EXT4-fs error (device loop2): __ext4_get_inode_loc:4357: comm syz.2.3382: Invalid inode table block 0 in block_group 0 [ 222.232543][T14310] loop4: detected capacity change from 0 to 512 [ 222.243359][T14296] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 222.251745][T14310] EXT4-fs: Ignoring removed nomblk_io_submit option [ 222.260791][T14296] EXT4-fs error (device loop2): ext4_ext_truncate:4432: inode #15: comm syz.2.3382: mark_inode_dirty error [ 222.265726][T14310] EXT4-fs: Ignoring removed orlov option [ 222.279010][T14296] EXT4-fs error (device loop2): __ext4_get_inode_loc:4357: comm syz.2.3382: Invalid inode table block 0 in block_group 0 [ 222.284097][T14310] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 222.295359][T14296] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 222.303195][T14310] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=842c01c, mo2=0002] [ 222.303434][T14310] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (80) [ 222.314520][T14296] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 222.320521][T14310] EXT4-fs (loop4): Skipping orphan cleanup due to unknown ROCOMPAT features [ 222.333227][T14296] EXT4-fs error (device loop2): __ext4_get_inode_loc:4357: comm syz.2.3382: Invalid inode table block 0 in block_group 0 [ 222.361124][T14296] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 222.370765][T14296] EXT4-fs error (device loop2): ext4_truncate:4162: inode #15: comm syz.2.3382: mark_inode_dirty error [ 222.382064][T14296] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 222.391091][T14296] EXT4-fs (loop2): 1 truncate cleaned up [ 222.440512][T14314] loop4: detected capacity change from 0 to 128 [ 222.496919][T14317] 0猉功D: entered promiscuous mode [ 222.502156][T14317] 0猉功D: left allmulticast mode [ 222.518357][T14317] 1猉功D: renamed from 30猉功D [ 222.527792][T14317] 1猉功D: left promiscuous mode [ 222.532743][T14317] 1猉功D: entered allmulticast mode [ 222.539630][T14317] net_ratelimit: 8 callbacks suppressed [ 222.539646][T14317] A link change request failed with some changes committed already. Interface 31猉功D may have been left with an inconsistent configuration, please check. [ 222.619217][ T922] kernel write not supported for file /sg0 (pid: 922 comm: kworker/1:2) [ 222.709957][T14339] loop2: detected capacity change from 0 to 1024 [ 222.717205][T14339] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 222.728333][T14339] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 222.738012][T14339] EXT4-fs (loop2): orphan cleanup on readonly fs [ 222.744964][T14339] EXT4-fs error (device loop2): __ext4_get_inode_loc:4357: comm syz.2.3397: Invalid inode table block 0 in block_group 0 [ 222.762287][ T3162] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 222.762412][T14339] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 222.781067][T14339] EXT4-fs error (device loop2): ext4_quota_write:7232: inode #3: comm syz.2.3397: mark_inode_dirty error [ 222.793291][T14339] Quota error (device loop2): write_blk: dquota write failed [ 222.800771][T14339] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 222.810753][T14339] EXT4-fs error (device loop2): ext4_acquire_dquot:6860: comm syz.2.3397: Failed to acquire dquot type 0 [ 222.822132][T14339] EXT4-fs error (device loop2): __ext4_get_inode_loc:4357: comm syz.2.3397: Invalid inode table block 0 in block_group 0 [ 222.835223][T14339] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 222.847960][T14339] EXT4-fs error (device loop2): ext4_ext_truncate:4432: inode #15: comm syz.2.3397: mark_inode_dirty error [ 222.859555][T14339] EXT4-fs error (device loop2): __ext4_get_inode_loc:4357: comm syz.2.3397: Invalid inode table block 0 in block_group 0 [ 222.873063][T14339] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 222.883738][T14339] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 222.892956][T14339] EXT4-fs error (device loop2): __ext4_get_inode_loc:4357: comm syz.2.3397: Invalid inode table block 0 in block_group 0 [ 222.906816][T14339] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 222.916938][T14339] EXT4-fs error (device loop2): ext4_truncate:4162: inode #15: comm syz.2.3397: mark_inode_dirty error [ 222.929513][T14339] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 222.938604][T14339] EXT4-fs (loop2): 1 truncate cleaned up [ 223.077963][T14349] netlink: 'syz.2.3399': attribute type 4 has an invalid length. [ 223.113646][T14351] loop2: detected capacity change from 0 to 512 [ 223.124795][T14353] loop3: detected capacity change from 0 to 164 [ 223.142240][T14351] ext4 filesystem being mounted at /210/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 223.195654][T14359] 0猉功D: entered promiscuous mode [ 223.200904][T14359] 0猉功D: left allmulticast mode [ 223.220416][T14359] 1猉功D: renamed from 30猉功D [ 223.229901][T14359] 1猉功D: left promiscuous mode [ 223.234927][T14359] 1猉功D: entered allmulticast mode [ 223.242500][T14359] A link change request failed with some changes committed already. Interface 31猉功D may have been left with an inconsistent configuration, please check. [ 223.287118][T11053] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 223.308834][T11053] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 223.322212][T11053] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 223.349447][T11053] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 223.362946][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 223.371890][T11053] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 223.388274][T11053] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 223.404773][T11053] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 223.418493][T11053] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 223.436111][T11053] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 223.450771][T11053] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 223.762422][ T8912] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.905567][ T8912] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.978410][ T8912] team0: Port device netdevsim1 removed [ 223.994654][ T8912] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.063160][ T8912] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.165192][T14383] chnl_net:caif_netlink_parms(): no params data found [ 224.176632][ T8912] bridge_slave_1: left allmulticast mode [ 224.182365][ T8912] bridge_slave_1: left promiscuous mode [ 224.188118][ T8912] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.198675][ T8912] bridge_slave_0: left allmulticast mode [ 224.204452][ T8912] bridge_slave_0: left promiscuous mode [ 224.210130][ T8912] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.531771][ T8912] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 224.542923][ T8912] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 224.555796][ T8912] bond0 (unregistering): Released all slaves [ 224.621768][T14427] FAULT_INJECTION: forcing a failure. [ 224.621768][T14427] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.635001][T14427] CPU: 1 PID: 14427 Comm: syz.1.3427 Tainted: G W 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 224.646726][T14427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 224.656838][T14427] Call Trace: [ 224.660128][T14427] [ 224.663081][T14427] dump_stack_lvl+0xf2/0x150 [ 224.667723][T14427] dump_stack+0x15/0x20 [ 224.671975][T14427] should_fail_ex+0x229/0x230 [ 224.676707][T14427] should_fail+0xb/0x10 [ 224.680940][T14427] should_fail_usercopy+0x1a/0x20 [ 224.685995][T14427] _copy_to_user+0x1e/0xa0 [ 224.686035][T14427] simple_read_from_buffer+0xa0/0x110 [ 224.686072][T14427] proc_fail_nth_read+0xfc/0x140 [ 224.700813][T14427] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 224.706443][T14427] vfs_read+0x1a2/0x6e0 [ 224.710615][T14427] ? __rcu_read_unlock+0x4e/0x70 [ 224.715589][T14427] ? __fget_files+0x1da/0x210 [ 224.720408][T14427] ksys_read+0xeb/0x1b0 [ 224.724638][T14427] __x64_sys_read+0x42/0x50 [ 224.729180][T14427] x64_sys_call+0x27e5/0x2d70 [ 224.733890][T14427] do_syscall_64+0xc9/0x1c0 [ 224.738513][T14427] ? clear_bhb_loop+0x55/0xb0 [ 224.743211][T14427] ? clear_bhb_loop+0x55/0xb0 [ 224.747907][T14427] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.753839][T14427] RIP: 0033:0x7f3f695426bc [ 224.758269][T14427] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 224.778086][T14427] RSP: 002b:00007f3f687c5040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 224.786515][T14427] RAX: ffffffffffffffda RBX: 00007f3f696d1f60 RCX: 00007f3f695426bc [ 224.794534][T14427] RDX: 000000000000000f RSI: 00007f3f687c50b0 RDI: 0000000000000005 [ 224.802579][T14427] RBP: 00007f3f687c50a0 R08: 0000000000000000 R09: 0000000000000000 [ 224.810566][T14427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 224.818552][T14427] R13: 000000000000000b R14: 00007f3f696d1f60 R15: 00007fffcb8ec458 [ 224.826562][T14427] [ 224.844704][T14383] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.851818][T14383] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.859406][T14383] bridge_slave_0: entered allmulticast mode [ 224.924930][T14383] bridge_slave_0: entered promiscuous mode [ 224.965704][ T8912] hsr_slave_0: left promiscuous mode [ 224.971630][ T8912] hsr_slave_1: left promiscuous mode [ 224.977375][ T8912] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 224.984873][ T8912] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 225.011065][ T8912] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 225.018533][ T8912] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 225.038646][ T8912] veth1_macvtap: left promiscuous mode [ 225.044152][ T8912] veth0_macvtap: left promiscuous mode [ 225.049743][ T8912] veth1_vlan: left promiscuous mode [ 225.054971][ T8912] veth0_vlan: left promiscuous mode [ 225.228244][ T8912] team0 (unregistering): Port device team_slave_1 removed [ 225.249115][ T8912] team0 (unregistering): Port device team_slave_0 removed [ 225.334791][T14383] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.342057][T14383] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.349192][T14383] bridge_slave_1: entered allmulticast mode [ 225.355739][T14383] bridge_slave_1: entered promiscuous mode [ 225.368811][T14443] __nla_validate_parse: 10 callbacks suppressed [ 225.368849][T14443] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3433'. [ 225.421014][T14446] netlink: 'syz.1.3435': attribute type 8 has an invalid length. [ 225.463440][T14383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 225.493932][T14383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.521966][T14383] team0: Port device team_slave_0 added [ 225.532150][T14383] team0: Port device team_slave_1 added [ 225.538257][T14450] atomic_op ffff888101f4a928 conn xmit_atomic 0000000000000000 [ 225.554926][T14383] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 225.562466][T14383] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 225.588517][T14383] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 225.601152][T14383] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 225.608109][T14383] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 225.634822][T14383] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 225.674507][T14383] hsr_slave_0: entered promiscuous mode [ 225.772655][T14458] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3438'. [ 225.783767][T14383] hsr_slave_1: entered promiscuous mode [ 225.809675][T14458] bond_slave_0: entered promiscuous mode [ 225.815383][T14458] bond_slave_1: entered promiscuous mode [ 225.837901][T14455] bond_slave_0: left promiscuous mode [ 225.843372][T14455] bond_slave_1: left promiscuous mode [ 225.991643][T14466] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3441'. [ 226.092540][T14383] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 226.103816][T14383] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 226.112734][T14383] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 226.124149][T14383] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 226.176402][T14383] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.192204][T14383] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.216723][ T922] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.223882][ T922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.252735][ T3162] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.259919][ T3162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.345210][T14383] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.420636][T14482] sg_write: data in/out 768/17 bytes for SCSI command 0x15-- guessing data in; [ 226.420636][T14482] program syz.3.3445 not setting count and/or reply_len properly [ 226.484880][T14383] veth0_vlan: entered promiscuous mode [ 226.505447][T14383] veth1_vlan: entered promiscuous mode [ 226.513143][T14489] FAULT_INJECTION: forcing a failure. [ 226.513143][T14489] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 226.526367][T14489] CPU: 1 PID: 14489 Comm: syz.3.3446 Tainted: G W 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 226.538011][T14489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 226.548095][T14489] Call Trace: [ 226.551387][T14489] [ 226.554338][T14489] dump_stack_lvl+0xf2/0x150 [ 226.558971][T14489] dump_stack+0x15/0x20 [ 226.563165][T14489] should_fail_ex+0x229/0x230 [ 226.567955][T14489] should_fail+0xb/0x10 [ 226.572164][T14489] should_fail_usercopy+0x1a/0x20 [ 226.577200][T14489] _copy_from_user+0x1e/0xd0 [ 226.581950][T14489] sg_write+0x1fe/0x710 [ 226.586140][T14489] ? terminate_walk+0x260/0x280 [ 226.591060][T14489] vfs_writev+0x402/0x880 [ 226.595417][T14489] ? __pfx_sg_write+0x10/0x10 [ 226.600128][T14489] do_writev+0xf8/0x220 [ 226.604401][T14489] __x64_sys_writev+0x45/0x50 [ 226.609138][T14489] x64_sys_call+0x1ee2/0x2d70 [ 226.613846][T14489] do_syscall_64+0xc9/0x1c0 [ 226.618435][T14489] ? clear_bhb_loop+0x55/0xb0 [ 226.623136][T14489] ? clear_bhb_loop+0x55/0xb0 [ 226.627953][T14489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.633876][T14489] RIP: 0033:0x7fb4df102bd9 [ 226.638317][T14489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.658080][T14489] RSP: 002b:00007fb4de384048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 226.666532][T14489] RAX: ffffffffffffffda RBX: 00007fb4df290f60 RCX: 00007fb4df102bd9 [ 226.674528][T14489] RDX: 0000000000000001 RSI: 0000000020000400 RDI: 0000000000000004 [ 226.682524][T14489] RBP: 00007fb4de3840a0 R08: 0000000000000000 R09: 0000000000000000 [ 226.690516][T14489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.698590][T14489] R13: 000000000000000b R14: 00007fb4df290f60 R15: 00007ffc6f082be8 [ 226.706631][T14489] [ 226.719025][T14383] veth0_macvtap: entered promiscuous mode [ 226.726627][T14383] veth1_macvtap: entered promiscuous mode [ 226.736695][T14383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 226.747247][T14383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.757073][T14383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 226.767789][T14383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.777693][T14383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 226.788225][T14383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.798073][T14383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 226.808522][T14383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.818344][T14383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 226.828835][T14383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.930791][T14383] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 226.945528][T14493] bond_slave_0: entered promiscuous mode [ 226.951229][T14493] bond_slave_1: entered promiscuous mode [ 226.963596][T14493] bond_slave_0: left promiscuous mode [ 226.969143][T14493] bond_slave_1: left promiscuous mode [ 227.017567][T14493] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 227.038348][T14493] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 227.055824][T14493] bond0 (unregistering): Released all slaves [ 227.076279][ T29] audit: type=1326 audit(1720045069.031:33748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14495 comm="syz.1.3449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f69543bd9 code=0x7ffc0000 [ 227.104045][T14383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.105632][ T29] audit: type=1326 audit(1720045069.050:33749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14495 comm="syz.1.3449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3f69543bd9 code=0x7ffc0000 [ 227.114538][T14383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.138086][ T29] audit: type=1326 audit(1720045069.050:33750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14495 comm="syz.1.3449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f69543bd9 code=0x7ffc0000 [ 227.147946][T14383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.171493][ T29] audit: type=1326 audit(1720045069.050:33751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14495 comm="syz.1.3449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f69543bd9 code=0x7ffc0000 [ 227.181890][T14383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.205425][ T29] audit: type=1326 audit(1720045069.050:33752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14495 comm="syz.1.3449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3f69543bd9 code=0x7ffc0000 [ 227.215246][T14383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.238797][ T29] audit: type=1326 audit(1720045069.050:33753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14495 comm="syz.1.3449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f69543bd9 code=0x7ffc0000 [ 227.249159][T14383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.249181][T14383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.272734][ T29] audit: type=1326 audit(1720045069.050:33754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14495 comm="syz.1.3449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f3f69543bd9 code=0x7ffc0000 [ 227.282511][T14383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.282536][T14383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.292925][ T29] audit: type=1326 audit(1720045069.050:33755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14495 comm="syz.1.3449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f69543bd9 code=0x7ffc0000 [ 227.316429][T14383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.326412][ T29] audit: type=1326 audit(1720045069.050:33756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14495 comm="syz.1.3449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3f69543bd9 code=0x7ffc0000 [ 227.394328][ T29] audit: type=1326 audit(1720045069.050:33757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14495 comm="syz.1.3449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f69543bd9 code=0x7ffc0000 [ 227.420508][T14383] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 227.429452][T14383] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.438305][T14383] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.447117][T14383] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.455864][T14383] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.506123][T14498] loop1: detected capacity change from 0 to 512 [ 227.530216][T14500] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3451'. [ 227.545780][T14498] ext4 filesystem being mounted at /120/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 227.680476][T14511] loop1: detected capacity change from 0 to 1024 [ 227.688450][T14511] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 227.704174][T14511] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 227.722492][T14511] EXT4-fs (loop1): orphan cleanup on readonly fs [ 227.738529][T14511] EXT4-fs error (device loop1): __ext4_get_inode_loc:4357: comm syz.1.3453: Invalid inode table block 0 in block_group 0 [ 227.751763][T14511] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 227.763510][T14511] EXT4-fs error (device loop1): ext4_quota_write:7232: inode #3: comm syz.1.3453: mark_inode_dirty error [ 227.776633][T14511] EXT4-fs error (device loop1): ext4_acquire_dquot:6860: comm syz.1.3453: Failed to acquire dquot type 0 [ 227.788817][T14511] EXT4-fs error (device loop1): __ext4_get_inode_loc:4357: comm syz.1.3453: Invalid inode table block 0 in block_group 0 [ 227.802693][T14511] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 227.813793][T14511] EXT4-fs error (device loop1): ext4_ext_truncate:4432: inode #15: comm syz.1.3453: mark_inode_dirty error [ 227.831330][T14511] EXT4-fs error (device loop1): __ext4_get_inode_loc:4357: comm syz.1.3453: Invalid inode table block 0 in block_group 0 [ 227.844944][T14511] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 227.925309][T14511] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 227.941125][T14511] EXT4-fs error (device loop1): __ext4_get_inode_loc:4357: comm syz.1.3453: Invalid inode table block 0 in block_group 0 [ 227.957958][T14511] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 227.968054][T14511] EXT4-fs error (device loop1): ext4_truncate:4162: inode #15: comm syz.1.3453: mark_inode_dirty error [ 227.993563][T14511] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 228.011636][T14511] EXT4-fs (loop1): 1 truncate cleaned up [ 228.213829][T14538] loop1: detected capacity change from 0 to 512 [ 228.238122][T14538] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #15: comm syz.1.3463: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964) [ 228.283304][T14538] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.3463: couldn't read orphan inode 15 (err -117) [ 228.447661][T14547] loop3: detected capacity change from 0 to 128 [ 228.457681][T14545] loop1: detected capacity change from 0 to 1024 [ 228.513764][T14531] loop0: detected capacity change from 0 to 512 [ 228.523122][T14531] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 228.534566][T14531] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended [ 228.543853][T14531] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002] [ 228.563247][T14531] System zones: 0-2, 18-18, 34-34 [ 228.569802][T14531] EXT4-fs error (device loop0): ext4_orphan_get:1420: comm syz.0.3461: bad orphan inode 15 [ 228.581443][T14531] ext4_test_bit(bit=14, block=18) = 1 [ 228.586857][T14531] is_bad_inode(inode)=0 [ 228.591164][T14531] NEXT_ORPHAN(inode)=2264924160 [ 228.596068][T14531] max_ino=32 [ 228.599453][T14531] i_nlink=0 [ 228.604648][T14531] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 228.619444][T14531] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.3461: bg 0: block 80: padding at end of block bitmap is not set [ 228.637465][T14531] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 228.799184][T14564] loop1: detected capacity change from 0 to 1024 [ 228.832370][T14564] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 228.877654][T14564] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 228.907549][T14564] EXT4-fs (loop1): orphan cleanup on readonly fs [ 228.940752][T14564] EXT4-fs error (device loop1): __ext4_get_inode_loc:4357: comm syz.1.3472: Invalid inode table block 0 in block_group 0 [ 228.994634][T14564] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 229.023483][T14564] EXT4-fs error (device loop1): ext4_quota_write:7232: inode #3: comm syz.1.3472: mark_inode_dirty error [ 229.056320][T14564] EXT4-fs error (device loop1): ext4_acquire_dquot:6860: comm syz.1.3472: Failed to acquire dquot type 0 [ 229.087856][T14564] EXT4-fs error (device loop1): __ext4_get_inode_loc:4357: comm syz.1.3472: Invalid inode table block 0 in block_group 0 [ 229.110133][T14564] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 229.120423][T14564] EXT4-fs error (device loop1): ext4_ext_truncate:4432: inode #15: comm syz.1.3472: mark_inode_dirty error [ 229.149900][T14564] EXT4-fs error (device loop1): __ext4_get_inode_loc:4357: comm syz.1.3472: Invalid inode table block 0 in block_group 0 [ 229.168785][T14564] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 229.190127][T14564] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 229.207772][T14564] EXT4-fs error (device loop1): __ext4_get_inode_loc:4357: comm syz.1.3472: Invalid inode table block 0 in block_group 0 [ 229.231403][T14564] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 229.241085][T14564] EXT4-fs error (device loop1): ext4_truncate:4162: inode #15: comm syz.1.3472: mark_inode_dirty error [ 229.262970][T14564] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 229.284573][T14564] EXT4-fs (loop1): 1 truncate cleaned up [ 229.316750][T14581] tipc: Started in network mode [ 229.321716][T14581] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 229.339782][T14581] tipc: New replicast peer: 0000:0000:0000:0000:0000:ffff:ac1e:0003 [ 229.347932][T14581] tipc: Enabled bearer , priority 10 [ 229.405390][T14581] sctp: [Deprecated]: syz.2.3477 (pid 14581) Use of struct sctp_assoc_value in delayed_ack socket option. [ 229.405390][T14581] Use struct sctp_sack_info instead [ 229.488847][T14588] loop2: detected capacity change from 0 to 512 [ 229.512165][T14588] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 229.535190][T14588] EXT4-fs (loop2): 1 orphan inode deleted [ 229.541056][T14588] EXT4-fs (loop2): 1 truncate cleaned up [ 229.620091][T14588] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 229.658118][T14588] EXT4-fs (loop2): Remounting filesystem read-only [ 229.758085][T14608] netlink: 'syz.2.3483': attribute type 3 has an invalid length. [ 229.766023][T14608] netlink: 'syz.2.3483': attribute type 3 has an invalid length. [ 229.802183][T14608] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3483'. [ 229.836552][T14613] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3485'. [ 229.969763][T14617] loop1: detected capacity change from 0 to 1024 [ 229.984592][T14622] loop2: detected capacity change from 0 to 128 [ 229.989915][T14617] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 230.013278][T14617] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 230.041973][T14617] EXT4-fs (loop1): orphan cleanup on readonly fs [ 230.139329][T14617] EXT4-fs error (device loop1): __ext4_get_inode_loc:4357: comm syz.1.3488: Invalid inode table block 0 in block_group 0 [ 230.193675][T14617] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 230.226109][T14617] EXT4-fs error (device loop1): ext4_quota_write:7232: inode #3: comm syz.1.3488: mark_inode_dirty error [ 230.269728][T14617] EXT4-fs error (device loop1): ext4_acquire_dquot:6860: comm syz.1.3488: Failed to acquire dquot type 0 [ 230.308500][T14617] EXT4-fs error (device loop1): __ext4_get_inode_loc:4357: comm syz.1.3488: Invalid inode table block 0 in block_group 0 [ 230.334565][T14617] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 230.366129][T14617] EXT4-fs error (device loop1): ext4_ext_truncate:4432: inode #15: comm syz.1.3488: mark_inode_dirty error [ 230.394966][T14617] EXT4-fs error (device loop1): __ext4_get_inode_loc:4357: comm syz.1.3488: Invalid inode table block 0 in block_group 0 [ 230.423397][T14617] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 230.442902][T14617] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 230.455942][T14648] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3495'. [ 230.464397][T14617] EXT4-fs error (device loop1): __ext4_get_inode_loc:4357: comm syz.1.3488: Invalid inode table block 0 in block_group 0 [ 230.515825][T14617] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5731: Corrupt filesystem [ 230.539071][T14617] EXT4-fs error (device loop1): ext4_truncate:4162: inode #15: comm syz.1.3488: mark_inode_dirty error [ 230.551175][ T7457] tipc: Node number set to 1 [ 230.590119][T14617] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 230.605952][T14617] EXT4-fs (loop1): 1 truncate cleaned up [ 230.746178][T14666] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3502'. [ 230.769864][T14665] loop2: detected capacity change from 0 to 1024 [ 230.801757][T14665] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 231.221278][T14706] loop2: detected capacity change from 0 to 128 [ 231.228701][T14708] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3518'. [ 231.260693][T14706] ext4 filesystem being mounted at /19/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 231.290130][T14704] syz_tun: entered promiscuous mode [ 231.324473][T14704] bridge0: entered promiscuous mode [ 231.330569][T14704] hsr1: Slave B (bridge0) is not up; please bring it up to get a fully working HSR network [ 231.352050][T14712] selection: kmalloc() failed [ 231.390665][T14721] loop3: detected capacity change from 0 to 512 [ 231.689214][T14749] netlink: 9 bytes leftover after parsing attributes in process `syz.2.3531'. [ 231.741906][T14749] gretap0: entered promiscuous mode [ 231.788871][T14757] netlink: 5 bytes leftover after parsing attributes in process `syz.2.3531'. [ 231.807801][T14757] 0猉功D: renamed from gretap0 [ 231.820101][T14757] 0猉功D: left promiscuous mode [ 231.824992][T14757] 0猉功D: entered allmulticast mode [ 231.855314][T14757] A link change request failed with some changes committed already. Interface 30猉功D may have been left with an inconsistent configuration, please check. [ 231.871235][T14755] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3534'. [ 231.911962][T14762] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3536'. [ 231.951603][T14762] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14762 comm=syz.3.3536 [ 232.080067][T14776] 9pnet_fd: Insufficient options for proto=fd [ 232.117566][T14782] syz_tun: entered promiscuous mode [ 232.133837][T14531] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz.0.3461: path /107/file0/.: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1 [ 232.134327][T14782] bridge0: entered promiscuous mode [ 232.178453][T14782] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 232.192337][T14787] loop3: detected capacity change from 0 to 256 [ 232.196989][T14782] Cannot create hsr debugfs directory [ 232.283274][T14791] loop0: detected capacity change from 0 to 128 [ 232.302876][T14793] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3548'. [ 232.320538][T14793] 0猉功D: entered promiscuous mode [ 232.325759][T14793] 0猉功D: left allmulticast mode [ 232.355475][T14793] netlink: 5 bytes leftover after parsing attributes in process `syz.3.3548'. [ 232.370514][T14793] 1猉功D: renamed from 30猉功D [ 232.379019][T14793] 1猉功D: left promiscuous mode [ 232.384008][T14793] 1猉功D: entered allmulticast mode [ 232.394303][T14793] A link change request failed with some changes committed already. Interface 31猉功D may have been left with an inconsistent configuration, please check. [ 232.566028][T14823] loop2: detected capacity change from 0 to 128 [ 232.589758][ T29] kauditd_printk_skb: 64 callbacks suppressed [ 232.589775][ T29] audit: type=1400 audit(1720045074.126:33816): avc: denied { accept } for pid=14822 comm="syz.2.3555" path="socket:[55889]" dev="sockfs" ino=55889 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 232.650636][T14830] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3558'. [ 232.661264][ T29] audit: type=1326 audit(1720045074.191:33817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14829 comm="syz.0.3558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5fe48bd9 code=0x7ffc0000 [ 232.711074][ T29] audit: type=1326 audit(1720045074.218:33818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14829 comm="syz.0.3558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7f1a5fe48bd9 code=0x7ffc0000 [ 232.734843][ T29] audit: type=1326 audit(1720045074.218:33819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14829 comm="syz.0.3558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5fe48bd9 code=0x7ffc0000 [ 232.758610][ T29] audit: type=1326 audit(1720045074.218:33820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14829 comm="syz.0.3558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5fe48bd9 code=0x7ffc0000 [ 232.782340][ T29] audit: type=1326 audit(1720045074.218:33821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14829 comm="syz.0.3558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f1a5fe48bd9 code=0x7ffc0000 [ 232.806043][ T29] audit: type=1326 audit(1720045074.218:33822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14829 comm="syz.0.3558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5fe48bd9 code=0x7ffc0000 [ 232.829661][ T29] audit: type=1326 audit(1720045074.218:33823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14829 comm="syz.0.3558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5fe48bd9 code=0x7ffc0000 [ 232.853379][ T29] audit: type=1326 audit(1720045074.218:33824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14829 comm="syz.0.3558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f1a5fe48bd9 code=0x7ffc0000 [ 232.877032][ T29] audit: type=1326 audit(1720045074.218:33825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14829 comm="syz.0.3558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a5fe48bd9 code=0x7ffc0000 [ 232.901348][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.921282][T14840] loop0: detected capacity change from 0 to 512 [ 232.929324][T14840] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #15: comm syz.0.3562: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964) [ 232.961002][T14840] EXT4-fs error (device loop0): ext4_orphan_get:1399: comm syz.0.3562: couldn't read orphan inode 15 (err -117) [ 232.980245][T14844] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3563'. [ 232.991884][T14844] 1猉功D: entered promiscuous mode [ 232.997094][T14844] 1猉功D: left allmulticast mode [ 233.020686][T14844] netlink: 5 bytes leftover after parsing attributes in process `syz.1.3563'. [ 233.029715][T14844] 0猉功D: renamed from 31猉功D [ 233.041179][T14844] 0猉功D: left promiscuous mode [ 233.046297][T14844] 0猉功D: entered allmulticast mode [ 233.064676][T14844] A link change request failed with some changes committed already. Interface 30猉功D may have been left with an inconsistent configuration, please check. [ 233.065283][ T3158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 233.118278][T14852] loop1: detected capacity change from 0 to 512 [ 233.126496][T14852] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 233.141678][T14852] EXT4-fs (loop1): 1 orphan inode deleted [ 233.147523][T14852] EXT4-fs (loop1): 1 truncate cleaned up [ 233.156909][T14853] loop0: detected capacity change from 0 to 128 [ 233.415489][T14867] loop3: detected capacity change from 0 to 512 [ 233.486509][T14873] FAULT_INJECTION: forcing a failure. [ 233.486509][T14873] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 233.499641][T14873] CPU: 1 PID: 14873 Comm: syz.1.3576 Tainted: G W 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 233.511330][T14873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 233.521400][T14873] Call Trace: [ 233.524704][T14873] [ 233.527646][T14873] dump_stack_lvl+0xf2/0x150 [ 233.532376][T14873] dump_stack+0x15/0x20 [ 233.536563][T14873] should_fail_ex+0x229/0x230 [ 233.541278][T14873] should_fail+0xb/0x10 [ 233.545553][T14873] should_fail_usercopy+0x1a/0x20 [ 233.550601][T14873] strncpy_from_user+0x25/0x270 [ 233.555595][T14873] ? should_failslab+0x9/0x20 [ 233.560374][T14873] ? kmem_cache_alloc_noprof+0x10c/0x290 [ 233.566069][T14873] getname_flags+0xb4/0x360 [ 233.570724][T14873] getname+0x19/0x20 [ 233.574678][T14873] __se_sys_quotactl+0x15e/0x670 [ 233.579656][T14873] __x64_sys_quotactl+0x55/0x70 [ 233.584537][T14873] x64_sys_call+0x1da4/0x2d70 [ 233.589250][T14873] do_syscall_64+0xc9/0x1c0 [ 233.593820][T14873] ? clear_bhb_loop+0x55/0xb0 [ 233.598550][T14873] ? clear_bhb_loop+0x55/0xb0 [ 233.603310][T14873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.609354][T14873] RIP: 0033:0x7f3f69543bd9 [ 233.613815][T14873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.633440][T14873] RSP: 002b:00007f3f687c5048 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3 [ 233.641891][T14873] RAX: ffffffffffffffda RBX: 00007f3f696d1f60 RCX: 00007f3f69543bd9 [ 233.649878][T14873] RDX: 0000000000000000 RSI: 0000000020002040 RDI: 0000000000000000 [ 233.657873][T14873] RBP: 00007f3f687c50a0 R08: 0000000000000000 R09: 0000000000000000 [ 233.665882][T14873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.673875][T14873] R13: 000000000000000b R14: 00007f3f696d1f60 R15: 00007fffcb8ec458 [ 233.681904][T14873] [ 233.771678][T14890] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 233.810008][T14896] loop3: detected capacity change from 0 to 512 [ 233.904456][T14896] loop3: detected capacity change from 0 to 1024 [ 234.057042][T14875] chnl_net:caif_netlink_parms(): no params data found [ 234.090913][T14923] loop1: detected capacity change from 0 to 8192 [ 234.107286][T14923] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 234.174755][T14875] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.181951][T14875] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.203162][ T8912] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 234.212157][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 234.220858][ T3162] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 234.232894][T14875] bridge_slave_0: entered allmulticast mode [ 234.248371][T14875] bridge_slave_0: entered promiscuous mode [ 234.263639][T14875] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.270889][T14875] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.296201][T14875] bridge_slave_1: entered allmulticast mode [ 234.311227][T14875] bridge_slave_1: entered promiscuous mode [ 234.348504][T14875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.372388][T14875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.416261][T14875] team0: Port device team_slave_0 added [ 234.430834][T14875] team0: Port device team_slave_1 added [ 234.447209][T14931] loop1: detected capacity change from 0 to 512 [ 234.473900][T14875] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 234.481033][T14875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.507031][T14875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.517909][T14931] journal_path: Lookup failure for './file1' [ 234.523905][T14931] EXT4-fs: error: could not find journal device path [ 234.531503][T14875] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.538613][T14875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.564614][T14875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 234.617985][T14931] loop1: detected capacity change from 0 to 1024 [ 234.618649][T14875] hsr_slave_0: entered promiscuous mode [ 234.645170][T14875] hsr_slave_1: entered promiscuous mode [ 234.652205][T14875] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 234.671590][T14875] Cannot create hsr debugfs directory [ 234.679803][T14931] vhci_hcd: invalid port number 97 [ 234.684970][T14931] vhci_hcd: default hub control req: d364 v6665 i0061 l29804 [ 234.851310][T14875] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.959260][T14875] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.052784][T14875] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.085623][T14966] FAULT_INJECTION: forcing a failure. [ 235.085623][T14966] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 235.098785][T14966] CPU: 0 PID: 14966 Comm: syz.1.3605 Tainted: G W 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 235.110455][T14966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 235.120675][T14966] Call Trace: [ 235.123968][T14966] [ 235.126912][T14966] dump_stack_lvl+0xf2/0x150 [ 235.131532][T14966] dump_stack+0x15/0x20 [ 235.135720][T14966] should_fail_ex+0x229/0x230 [ 235.140521][T14966] should_fail+0xb/0x10 [ 235.144765][T14966] should_fail_usercopy+0x1a/0x20 [ 235.149821][T14966] _copy_to_user+0x1e/0xa0 [ 235.154321][T14966] simple_read_from_buffer+0xa0/0x110 [ 235.159730][T14966] proc_fail_nth_read+0xfc/0x140 [ 235.164775][T14966] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 235.170396][T14966] vfs_read+0x1a2/0x6e0 [ 235.174564][T14966] ? __rcu_read_unlock+0x4e/0x70 [ 235.179529][T14966] ? __fget_files+0x1da/0x210 [ 235.184285][T14966] ksys_read+0xeb/0x1b0 [ 235.188599][T14966] __x64_sys_read+0x42/0x50 [ 235.193125][T14966] x64_sys_call+0x27e5/0x2d70 [ 235.197895][T14966] do_syscall_64+0xc9/0x1c0 [ 235.202592][T14966] ? clear_bhb_loop+0x55/0xb0 [ 235.207372][T14966] ? clear_bhb_loop+0x55/0xb0 [ 235.212075][T14966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.218051][T14966] RIP: 0033:0x7f3f695426bc [ 235.222473][T14966] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 235.242119][T14966] RSP: 002b:00007f3f687c5040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 235.250550][T14966] RAX: ffffffffffffffda RBX: 00007f3f696d1f60 RCX: 00007f3f695426bc [ 235.258614][T14966] RDX: 000000000000000f RSI: 00007f3f687c50b0 RDI: 0000000000000005 [ 235.266658][T14966] RBP: 00007f3f687c50a0 R08: 0000000000000000 R09: 0000000000000000 [ 235.274641][T14966] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 235.282653][T14966] R13: 000000000000000b R14: 00007f3f696d1f60 R15: 00007fffcb8ec458 [ 235.290675][T14966] [ 235.293938][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.321499][ T922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.402825][T14875] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.541284][T14875] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 235.574265][T14982] 1猉功D: entered promiscuous mode [ 235.579587][T14982] 1猉功D: left allmulticast mode [ 235.600793][T14875] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 235.620257][T14982] 0猉功D: renamed from 31猉功D [ 235.640805][T14982] 0猉功D: left promiscuous mode [ 235.645826][T14982] 0猉功D: entered allmulticast mode [ 235.663854][T14875] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 235.692120][T14875] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 235.757819][T14993] loop1: detected capacity change from 0 to 128 [ 235.872839][T14875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.897699][T14998] loop1: detected capacity change from 0 to 512 [ 235.917342][T14875] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.941762][ T922] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.948960][ T922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.970937][T14998] EXT4-fs mount: 46 callbacks suppressed [ 235.970977][T14998] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 236.001256][ T922] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.008522][ T922] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.027544][T14998] ext4 filesystem being mounted at /180/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 236.101021][T12408] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.189607][T14875] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.363551][T15024] 0猉功D: entered promiscuous mode [ 236.368786][T15024] 0猉功D: left allmulticast mode [ 236.483767][T15033] loop1: detected capacity change from 0 to 764 [ 236.486638][T14875] veth0_vlan: entered promiscuous mode [ 236.502333][T15033] rock: directory entry would overflow storage [ 236.508776][T15033] rock: sig=0x4654, size=5, remaining=4 [ 236.513915][T14875] veth1_vlan: entered promiscuous mode [ 236.549675][T14875] veth0_macvtap: entered promiscuous mode [ 236.567398][T14875] veth1_macvtap: entered promiscuous mode [ 236.592488][T14875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.603153][T14875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.612993][T14875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.623576][T14875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.633441][T14875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.643978][T14875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.653828][T14875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.664374][T14875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.674258][T14875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.684784][T14875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.694670][T14875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 236.705320][T14875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.717199][T14875] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 236.755876][T15038] loop1: detected capacity change from 0 to 256 [ 236.773262][T14875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.783799][T14875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.793668][T14875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.794596][T15036] loop3: detected capacity change from 0 to 512 [ 236.804172][T14875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.804193][T14875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.825046][T15038] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 236.830861][T14875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.852542][T14875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.863051][T14875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.873035][T14875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.883491][T14875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.893366][T14875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.903883][T14875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.920928][T15040] loop0: detected capacity change from 0 to 512 [ 236.927947][T15040] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 236.939391][T14875] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 236.940210][T15038] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 236.948265][T14875] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.965914][T14875] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.974615][T14875] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.983465][T14875] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.997131][T15040] EXT4-fs (loop0): 1 orphan inode deleted [ 237.003052][T15040] EXT4-fs (loop0): 1 truncate cleaned up [ 237.021258][T15040] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 237.056392][T15042] __nla_validate_parse: 11 callbacks suppressed [ 237.056409][T15042] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3625'. [ 237.101285][T12361] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.211865][T15048] loop4: detected capacity change from 0 to 256 [ 237.223664][T15048] FAT-fs (loop4): Unrecognized mount option "short e=winnt" or missing value [ 237.359377][T15062] FAULT_INJECTION: forcing a failure. [ 237.359377][T15062] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 237.372653][T15062] CPU: 1 PID: 15062 Comm: syz.4.3633 Tainted: G W 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 237.384304][T15062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 237.394431][T15062] Call Trace: [ 237.397712][T15062] [ 237.400646][T15062] dump_stack_lvl+0xf2/0x150 [ 237.405293][T15062] dump_stack+0x15/0x20 [ 237.409537][T15062] should_fail_ex+0x229/0x230 [ 237.414261][T15062] should_fail+0xb/0x10 [ 237.418476][T15062] should_fail_usercopy+0x1a/0x20 [ 237.423531][T15062] _copy_from_user+0x1e/0xd0 [ 237.428208][T15062] input_event_from_user+0x126/0x1e0 [ 237.433663][T15062] ? input_inject_event+0xe1/0x100 [ 237.438873][T15062] evdev_write+0x288/0x420 [ 237.443307][T15062] ? __pfx_evdev_write+0x10/0x10 [ 237.448327][T15062] vfs_write+0x28b/0x900 [ 237.452730][T15062] ? __fget_files+0x1da/0x210 [ 237.457427][T15062] ksys_write+0xeb/0x1b0 [ 237.461705][T15062] __x64_sys_write+0x42/0x50 [ 237.466350][T15062] x64_sys_call+0x27ef/0x2d70 [ 237.471050][T15062] do_syscall_64+0xc9/0x1c0 [ 237.475593][T15062] ? clear_bhb_loop+0x55/0xb0 [ 237.480424][T15062] ? clear_bhb_loop+0x55/0xb0 [ 237.485182][T15062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 237.491152][T15062] RIP: 0033:0x7f7c0da3dbd9 [ 237.495658][T15062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 237.515308][T15062] RSP: 002b:00007f7c0ccbf048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 237.523823][T15062] RAX: ffffffffffffffda RBX: 00007f7c0dbcbf60 RCX: 00007f7c0da3dbd9 [ 237.531802][T15062] RDX: 0000000000001b18 RSI: 0000000020000040 RDI: 0000000000000005 [ 237.539847][T15062] RBP: 00007f7c0ccbf0a0 R08: 0000000000000000 R09: 0000000000000000 [ 237.547907][T15062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 237.555884][T15062] R13: 000000000000000b R14: 00007f7c0dbcbf60 R15: 00007fff6e933f18 [ 237.563904][T15062] [ 237.623767][T15066] loop0: detected capacity change from 0 to 128 [ 237.630411][T15064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3634'. [ 237.630414][ T922] net_ratelimit: 7 callbacks suppressed [ 237.630428][ T922] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 237.677102][T15068] loop3: detected capacity change from 0 to 512 [ 237.700603][T15066] 9pnet_fd: Insufficient options for proto=fd [ 237.767833][T15072] loop1: detected capacity change from 0 to 256 [ 238.015546][T15095] loop3: detected capacity change from 0 to 512 [ 238.066852][T15097] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3647'. [ 238.103533][T15095] 9pnet_fd: Insufficient options for proto=fd [ 238.125136][T15095] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3646'. [ 238.247785][T10654] syz_tun (unregistering): left promiscuous mode [ 238.451752][T15107] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=960 sclass=netlink_route_socket pid=15107 comm=syz.4.3652 [ 238.544384][ T8914] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.604510][ T8914] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.672494][ T8914] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.756392][ T8914] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 238.853330][T15135] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.3662' sets config #858743910 [ 238.880845][ T8914] bridge_slave_1: left allmulticast mode [ 238.886685][ T8914] bridge_slave_1: left promiscuous mode [ 238.892377][ T8914] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.925776][ T8914] bridge_slave_0: left allmulticast mode [ 238.931609][ T8914] bridge_slave_0: left promiscuous mode [ 238.937363][ T8914] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.100230][ T8914] bridge0 (unregistering): left promiscuous mode [ 239.546602][ T8914] bond1 (unregistering): Released all slaves [ 239.567150][ T8914] bond2 (unregistering): Released all slaves [ 239.588716][ T8914] bond3 (unregistering): Released all slaves [ 239.652446][T15152] 9pnet_fd: Insufficient options for proto=fd [ 239.709198][T15117] chnl_net:caif_netlink_parms(): no params data found [ 239.754379][ T8914] hsr_slave_0: left promiscuous mode [ 239.773492][ T8914] hsr_slave_1: left promiscuous mode [ 239.779384][ T8914] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 239.787042][ T8914] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 239.799465][ T8914] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 239.806953][ T8914] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 239.827895][ T8914] veth1_macvtap: left promiscuous mode [ 239.833424][ T8914] veth0_macvtap: left promiscuous mode [ 239.839157][ T8914] veth1_vlan: left promiscuous mode [ 239.844857][ T8914] veth0_vlan: left promiscuous mode [ 239.895518][T15175] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=960 sclass=netlink_route_socket pid=15175 comm=syz.0.3678 [ 240.043359][ T8914] team0 (unregistering): Port device team_slave_1 removed [ 240.064678][ T8914] team0 (unregistering): Port device team_slave_0 removed [ 240.300006][T15117] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.307261][T15117] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.359965][T15117] bridge_slave_0: entered allmulticast mode [ 240.388296][T15184] loop4: detected capacity change from 0 to 8192 [ 240.388748][T15117] bridge_slave_0: entered promiscuous mode [ 240.428271][T15117] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.435475][T15117] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.441366][T15184] RDS: rds_bind could not find a transport for ::ffff:10.1.1.1, load rds_tcp or rds_rdma? [ 240.456219][T15117] bridge_slave_1: entered allmulticast mode [ 240.463460][T15117] bridge_slave_1: entered promiscuous mode [ 240.479230][ T29] kauditd_printk_skb: 126 callbacks suppressed [ 240.479243][ T29] audit: type=1400 audit(1720045081.409:33952): avc: denied { ioctl } for pid=15183 comm="syz.4.3680" path="socket:[57291]" dev="sockfs" ino=57291 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 240.479865][T15184] SELinux: Context system_u:object_r:ldconfig_cache_t:s0 is not valid (left unmapped). [ 240.490318][ T29] audit: type=1400 audit(1720045081.409:33953): avc: denied { relabelfrom } for pid=15183 comm="syz.4.3680" name="UDP" dev="sockfs" ino=57292 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 240.543010][ T29] audit: type=1400 audit(1720045081.409:33954): avc: denied { mac_admin } for pid=15183 comm="syz.4.3680" capability=33 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 240.566361][ T29] audit: type=1400 audit(1720045081.436:33955): avc: denied { relabelto } for pid=15183 comm="syz.4.3680" name="UDP" dev="sockfs" ino=57292 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=udp_socket permissive=1 trawcon="system_u:object_r:ldconfig_cache_t:s0" [ 240.598130][T15117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 240.614763][T15117] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 240.649198][T15196] loop1: detected capacity change from 0 to 128 [ 240.661917][T15196] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 240.663386][T15117] team0: Port device team_slave_0 added [ 240.672041][T15196] FAT-fs (loop1): Filesystem has been set read-only [ 240.685206][ T29] audit: type=1400 audit(1720045081.593:33956): avc: denied { read } for pid=15195 comm="syz.1.3684" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 240.747071][T15117] team0: Port device team_slave_1 added [ 240.786575][T15117] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 240.793683][T15117] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.819676][T15117] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 240.832524][T15117] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 240.839593][T15117] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.865902][T15117] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 240.900493][T15117] hsr_slave_0: entered promiscuous mode [ 240.920973][T15117] hsr_slave_1: entered promiscuous mode [ 240.926848][T15117] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 240.939517][T15117] Cannot create hsr debugfs directory [ 240.970481][ T29] audit: type=1326 audit(1720045081.852:33957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15206 comm="syz.4.3687" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7c0da3dbd9 code=0x0 [ 241.102406][T15209] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3687'. [ 241.111481][T15209] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3687'. [ 241.250723][T15218] 9pnet_fd: Insufficient options for proto=fd [ 241.284829][T15218] ICMPv6: NA: fd:f9:a6:84:a5:1b advertised our address fe80::aa on syz_tun! [ 241.327137][T15117] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 241.345316][T15117] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 241.363602][T15117] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 241.380599][T15117] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 241.444554][T15117] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.457924][T15117] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.471826][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.478960][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.505334][ T4343] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.512446][ T4343] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.550044][T15196] delete_channel: no stack [ 241.569083][T12408] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 241.660042][T15117] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 241.774342][ T29] audit: type=1326 audit(1720045082.590:33958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15226 comm="syz.1.3691" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f69543bd9 code=0x0 [ 241.858609][T15117] veth0_vlan: entered promiscuous mode [ 241.876578][T15117] veth1_vlan: entered promiscuous mode [ 241.911305][T15117] veth0_macvtap: entered promiscuous mode [ 241.926329][T15117] veth1_macvtap: entered promiscuous mode [ 241.956422][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.966941][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.976907][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.987505][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.997618][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 242.008175][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.018063][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 242.028688][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.038671][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 242.049305][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.059180][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 242.069609][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.081922][T15117] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.099455][T15240] netlink: 24576 bytes leftover after parsing attributes in process `syz.4.3694'. [ 242.127837][T15242] loop0: detected capacity change from 0 to 128 [ 242.142453][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.152966][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.162865][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.173534][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.183532][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.194066][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.204039][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.214478][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.224367][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.234860][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.244693][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.255520][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.280281][T15117] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.291741][T15117] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.300577][T15117] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.309414][T15117] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.318178][T15117] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.418239][T15256] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3656'. [ 242.535352][T15263] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3701'. [ 242.557046][T15263] loop0: detected capacity change from 0 to 128 [ 242.589995][T15263] tipc: Enabling of bearer rejected, failed to enable media [ 242.646050][T15271] netlink: 'syz.1.3705': attribute type 5 has an invalid length. [ 242.668877][T15271] loop1: detected capacity change from 0 to 164 [ 242.692496][T15275] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 242.718138][T15275] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 242.740666][T15271] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 242.783522][T15279] loop0: detected capacity change from 0 to 1024 [ 242.808980][T15279] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 242.841702][T15279] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 242.846095][T15281] loop3: detected capacity change from 0 to 2048 [ 242.905640][T12361] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.018401][T15298] block device autoloading is deprecated and will be removed. [ 243.040095][T15298] bio_check_eod: 7 callbacks suppressed [ 243.040117][T15298] syz.0.3713: attempt to access beyond end of device [ 243.040117][T15298] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 243.066031][ T7457] kernel write not supported for file bpf-prog (pid: 7457 comm: kworker/0:7) [ 243.283120][ T29] audit: type=1400 audit(1720045083.993:33959): avc: denied { connect } for pid=15328 comm="syz.0.3723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 243.302599][T15330] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3722'. [ 243.323738][T15329] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3723'. [ 243.373140][T15334] loop3: detected capacity change from 0 to 2048 [ 243.435579][T15338] loop4: detected capacity change from 0 to 128 [ 243.599538][T15343] syz_tun: entered promiscuous mode [ 243.614907][T15343] syz_tun: left promiscuous mode [ 244.110743][T15358] loop1: detected capacity change from 0 to 2048 [ 244.126568][T15358] EXT4-fs: Ignoring removed orlov option [ 244.139501][T15358] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 244.197379][T15362] loop0: detected capacity change from 0 to 256 [ 244.211087][T12408] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.279303][T15362] Process accounting resumed [ 244.439468][T15376] netlink: 'syz.1.3741': attribute type 4 has an invalid length. [ 244.465100][T15379] loop0: detected capacity change from 0 to 128 [ 244.490293][T15376] netlink: 'syz.1.3741': attribute type 4 has an invalid length. [ 244.583976][T15385] loop1: detected capacity change from 0 to 2048 [ 244.601907][T15385] EXT4-fs: Ignoring removed orlov option [ 244.628158][T15385] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 244.663548][T12408] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.768653][T15397] loop0: detected capacity change from 0 to 1024 [ 244.809840][T15397] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 244.841471][T15397] ext4 filesystem being mounted at /169/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 244.899182][T15410] FAULT_INJECTION: forcing a failure. [ 244.899182][T15410] name failslab, interval 1, probability 0, space 0, times 0 [ 244.911872][T15410] CPU: 0 PID: 15410 Comm: syz.1.3751 Tainted: G W 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 244.923524][T15410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 244.933582][T15410] Call Trace: [ 244.936962][T15410] [ 244.940043][T15410] dump_stack_lvl+0xf2/0x150 [ 244.944741][T15410] dump_stack+0x15/0x20 [ 244.948913][T15410] should_fail_ex+0x229/0x230 [ 244.953840][T15410] ? br_vlan_init+0x34/0x110 [ 244.958433][T15410] __should_failslab+0x92/0xa0 [ 244.963205][T15410] should_failslab+0x9/0x20 [ 244.967724][T15410] kmalloc_trace_noprof+0x4b/0x2a0 [ 244.972920][T15410] br_vlan_init+0x34/0x110 [ 244.977364][T15410] br_dev_init+0x5d/0xf0 [ 244.981700][T15410] register_netdevice+0x220/0xdd0 [ 244.986747][T15410] ? alloc_netdev_mqs+0x898/0x8b0 [ 244.991780][T15410] ? validate_linkmsg+0x526/0x5a0 [ 244.996845][T15410] br_dev_newlink+0x25/0xe0 [ 245.001399][T15410] ? __pfx_br_dev_newlink+0x10/0x10 [ 245.006606][T15410] rtnl_newlink+0xefd/0x1690 [ 245.011213][T15410] ? security_capable+0x64/0x80 [ 245.016140][T15410] ? ns_capable+0x7d/0xb0 [ 245.020536][T15410] ? __pfx_rtnl_newlink+0x10/0x10 [ 245.025575][T15410] rtnetlink_rcv_msg+0x85e/0x910 [ 245.030528][T15410] ? memcg_list_lru_alloc+0xd2/0x740 [ 245.035841][T15410] ? mod_objcg_state+0x2e2/0x4e0 [ 245.040887][T15410] ? __memcg_slab_free_hook+0xc9/0x1e0 [ 245.046618][T15410] ? xas_load+0x3ae/0x3d0 [ 245.051004][T15410] ? kmem_cache_free+0xd8/0x280 [ 245.055926][T15410] ? nlmon_xmit+0x51/0x60 [ 245.060317][T15410] ? __kfree_skb+0x102/0x150 [ 245.064913][T15410] ? consume_skb+0x57/0x180 [ 245.069550][T15410] ? nlmon_xmit+0x51/0x60 [ 245.073907][T15410] ? dev_hard_start_xmit+0x3c1/0x3f0 [ 245.079256][T15410] ? __dev_queue_xmit+0xb21/0x1e50 [ 245.084364][T15410] ? ref_tracker_free+0x3a5/0x410 [ 245.089573][T15410] netlink_rcv_skb+0x12c/0x230 [ 245.094342][T15410] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 245.099822][T15410] rtnetlink_rcv+0x1c/0x30 [ 245.104315][T15410] netlink_unicast+0x58d/0x660 [ 245.109163][T15410] netlink_sendmsg+0x5ca/0x6e0 [ 245.113980][T15410] ? __pfx_netlink_sendmsg+0x10/0x10 [ 245.119270][T15410] __sock_sendmsg+0x140/0x180 [ 245.123948][T15410] ____sys_sendmsg+0x312/0x410 [ 245.128731][T15410] __sys_sendmsg+0x1e9/0x280 [ 245.133375][T15410] __x64_sys_sendmsg+0x46/0x50 [ 245.138141][T15410] x64_sys_call+0xb25/0x2d70 [ 245.142747][T15410] do_syscall_64+0xc9/0x1c0 [ 245.147272][T15410] ? clear_bhb_loop+0x55/0xb0 [ 245.151957][T15410] ? clear_bhb_loop+0x55/0xb0 [ 245.156636][T15410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.162538][T15410] RIP: 0033:0x7f3f69543bd9 [ 245.166994][T15410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.186596][T15410] RSP: 002b:00007f3f687c5048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 245.195110][T15410] RAX: ffffffffffffffda RBX: 00007f3f696d1f60 RCX: 00007f3f69543bd9 [ 245.203076][T15410] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 245.211041][T15410] RBP: 00007f3f687c50a0 R08: 0000000000000000 R09: 0000000000000000 [ 245.219014][T15410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 245.226981][T15410] R13: 000000000000000b R14: 00007f3f696d1f60 R15: 00007fffcb8ec458 [ 245.234977][T15410] [ 245.313875][T12361] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 245.430127][T15425] ebt_among: src integrity fail: 300 [ 245.441706][ T29] audit: type=1400 audit(1720045085.987:33960): avc: denied { accept } for pid=15424 comm="syz.3.3756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 245.514236][T15398] chnl_net:caif_netlink_parms(): no params data found [ 245.539262][T15420] macvlan0: entered promiscuous mode [ 245.555001][T15429] loop3: detected capacity change from 0 to 2048 [ 245.567584][T15429] EXT4-fs: Ignoring removed orlov option [ 245.579178][T15420] ipvlan0: entered promiscuous mode [ 245.602526][T15420] ipvlan0: left promiscuous mode [ 245.622800][T15420] macvlan0: left promiscuous mode [ 245.726135][T15398] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.733693][T15398] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.775754][T15447] loop4: detected capacity change from 0 to 128 [ 245.778337][T15398] bridge_slave_0: entered allmulticast mode [ 245.799490][T15398] bridge_slave_0: entered promiscuous mode [ 245.818188][T15398] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.825403][T15398] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.848811][T15398] bridge_slave_1: entered allmulticast mode [ 245.878381][T15455] netlink: 'syz.4.3763': attribute type 9 has an invalid length. [ 245.891203][T15455] syz.4.3763: attempt to access beyond end of device [ 245.891203][T15455] loop4: rw=2049, sector=217, nr_sectors = 120 limit=128 [ 245.919369][T15398] bridge_slave_1: entered promiscuous mode [ 245.976768][T15398] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 246.002653][T15398] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 246.049255][T15398] team0: Port device team_slave_0 added [ 246.066767][T15398] team0: Port device team_slave_1 added [ 246.112818][T15398] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 246.119833][T15398] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 246.145813][T15398] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 246.195905][T15398] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 246.202974][T15398] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 246.222498][T15464] loop0: detected capacity change from 0 to 2048 [ 246.229007][T15398] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 246.270509][T15464] EXT4-fs: Ignoring removed orlov option [ 246.318454][T15464] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 246.336643][T12361] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.371818][T15398] hsr_slave_0: entered promiscuous mode [ 246.397991][T15398] hsr_slave_1: entered promiscuous mode [ 246.413012][T15398] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 246.423130][T15398] Cannot create hsr debugfs directory [ 246.593697][T15398] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.655450][T15398] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.729971][ T8914] kworker/u8:17: attempt to access beyond end of device [ 246.729971][ T8914] loop4: rw=1, sector=337, nr_sectors = 1 limit=128 [ 246.760393][T15398] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.803167][T15482] loop1: detected capacity change from 0 to 256 [ 246.811952][T15482] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 246.853909][T15398] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.878331][T15482] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 246.982569][T15398] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 247.010273][T15398] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 247.030172][T15398] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 247.050566][T15486] ip6gretap0: entered promiscuous mode [ 247.080377][T15486] ip6gretap0: left promiscuous mode [ 247.097039][T15493] loop4: detected capacity change from 0 to 2048 [ 247.115531][T15398] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 247.126659][T15493] EXT4-fs: Ignoring removed orlov option [ 247.251311][T15398] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.258517][T15493] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 247.289218][T15398] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.350302][ T4343] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.357443][ T4343] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.391586][T14875] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.409288][T15510] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3785'. [ 247.424009][ T4343] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.431127][ T4343] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.536780][T15398] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 247.612773][T15528] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3789'. [ 247.651661][T15527] loop4: detected capacity change from 0 to 1024 [ 247.659102][T15533] ip6erspan0: entered promiscuous mode [ 247.759012][T15398] veth0_vlan: entered promiscuous mode [ 247.790415][T15398] veth1_vlan: entered promiscuous mode [ 247.837649][T15398] veth0_macvtap: entered promiscuous mode [ 247.851824][T15545] loop0: detected capacity change from 0 to 2048 [ 247.862041][T15398] veth1_macvtap: entered promiscuous mode [ 247.893813][T15398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.904442][T15398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.914395][T15398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.924822][T15398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.934676][T15398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.945211][T15398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.955143][T15398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.965645][T15398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.975699][T15398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.986246][T15398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.996065][T15398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 248.006501][T15398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.016321][T15398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 248.026824][T15398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.039788][T15398] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 248.049649][T15545] loop0: p2 < > [ 248.052556][T15398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.063640][T15398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.073468][T15398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.083983][T15398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.093869][T15398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.104320][T15398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.114201][T15398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.124702][T15398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.134511][T15398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.145037][T15398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.154969][T15398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.165422][T15398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.175294][T15398] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 248.185726][T15398] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.198776][T15398] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 248.210116][T15398] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.218977][T15398] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.227768][T15398] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.236788][T15398] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.324388][T15550] loop4: detected capacity change from 0 to 2048 [ 248.379179][T15550] EXT4-fs: Ignoring removed orlov option [ 248.418317][T15553] loop0: detected capacity change from 0 to 512 [ 248.423279][T15550] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 248.457413][T15553] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.3795: invalid block [ 248.501136][T15564] syz_tun: entered promiscuous mode [ 248.538183][T15564] bridge0: entered promiscuous mode [ 248.547597][T15553] EXT4-fs (loop0): Remounting filesystem read-only [ 248.649630][T15553] EXT4-fs (loop0): 2 truncates cleaned up [ 248.666308][T15553] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 248.685694][T15579] loop1: detected capacity change from 0 to 1024 [ 248.693768][T15553] SELinux: (dev loop0, type ext4) getxattr errno 5 [ 248.702304][T14875] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.713850][T15553] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 248.732874][T15579] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 248.787263][ T29] audit: type=1400 audit(1720045089.069:33961): avc: denied { map } for pid=15552 comm="syz.0.3795" path="/194/file0" dev="tmpfs" ino=1056 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 248.827797][T15579] EXT4-fs error (device loop1): ext4_lookup:1858: inode #2: comm syz.1.3800: deleted inode referenced: 12 [ 248.880018][T15579] EXT4-fs (loop1): Remounting filesystem read-only [ 248.968106][T12408] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.032948][T15600] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3806'. [ 249.080930][T15606] loop1: detected capacity change from 0 to 128 [ 249.163330][T15610] loop0: detected capacity change from 0 to 512 [ 249.184554][T15610] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.3812: invalid block [ 249.212245][T15610] EXT4-fs (loop0): Remounting filesystem read-only [ 249.222276][T15610] EXT4-fs (loop0): 2 truncates cleaned up [ 249.231710][T15610] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 249.261732][T15610] SELinux: (dev loop0, type ext4) getxattr errno 5 [ 249.270628][T15610] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.005486][T15647] loop2: detected capacity change from 0 to 512 [ 250.062034][T15647] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 250.184234][T15647] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 250.241498][ T29] audit: type=1326 audit(1720045090.417:33962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15646 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8b2a15bd9 code=0x7ffc0000 [ 250.292852][ T29] audit: type=1326 audit(1720045090.445:33963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15646 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8b2a15bd9 code=0x7ffc0000 [ 250.316506][ T29] audit: type=1326 audit(1720045090.445:33964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15646 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7fe8b2a15bd9 code=0x7ffc0000 [ 250.340082][ T29] audit: type=1326 audit(1720045090.454:33965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15646 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8b2a15bd9 code=0x7ffc0000 [ 250.363748][ T29] audit: type=1326 audit(1720045090.454:33966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15646 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fe8b2a15bd9 code=0x7ffc0000 [ 250.387413][ T29] audit: type=1326 audit(1720045090.454:33967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15646 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8b2a15bd9 code=0x7ffc0000 [ 250.411135][ T29] audit: type=1326 audit(1720045090.454:33968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15646 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8b2a15bd9 code=0x7ffc0000 [ 250.434878][ T29] audit: type=1326 audit(1720045090.454:33969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15646 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe8b2a15bd9 code=0x7ffc0000 [ 250.540147][ T29] audit: type=1326 audit(1720045090.639:33970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15646 comm="syz.2.3824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8b2a15bd9 code=0x7ffc0000 [ 250.597096][T15398] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 250.914138][T15690] loop4: detected capacity change from 0 to 128 [ 250.991573][T15692] loop1: detected capacity change from 0 to 512 [ 251.030056][T15692] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.3839: invalid block [ 251.079424][T15692] EXT4-fs (loop1): Remounting filesystem read-only [ 251.101535][T15692] EXT4-fs (loop1): 2 truncates cleaned up [ 251.122709][T15692] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 251.152299][T15702] loop2: detected capacity change from 0 to 1024 [ 251.163312][T15692] SELinux: (dev loop1, type ext4) getxattr errno 5 [ 251.191454][T15692] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.226088][T15702] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 251.269555][T15702] EXT4-fs error (device loop2): ext4_lookup:1858: inode #2: comm syz.2.3842: deleted inode referenced: 12 [ 251.321271][T15707] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3844'. [ 251.359147][T15702] EXT4-fs (loop2): Remounting filesystem read-only [ 251.371253][T15707] netlink: 5 bytes leftover after parsing attributes in process `syz.1.3844'. [ 251.404072][T15707] 1猉功D: renamed from 30猉功D [ 251.432459][T15707] 1猉功D: left promiscuous mode [ 251.437345][T15707] 1猉功D: entered allmulticast mode [ 251.450739][T15398] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.462161][T15707] A link change request failed with some changes committed already. Interface 31猉功D may have been left with an inconsistent configuration, please check. [ 251.566422][T15712] loop0: detected capacity change from 0 to 8192 [ 251.940726][T15741] loop1: detected capacity change from 0 to 2048 [ 252.004321][T15741] loop1: p1 < > p4 [ 252.008760][T15741] loop1: p4 size 8388608 extends beyond EOD, truncated [ 252.094203][T15748] netlink: 9 bytes leftover after parsing attributes in process `syz.2.3858'. [ 252.126757][T15748] gretap0: entered promiscuous mode [ 252.175167][T15750] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3859'. [ 252.184355][T15754] netlink: 5 bytes leftover after parsing attributes in process `syz.2.3858'. [ 252.211887][T15754] 0猉功D: renamed from gretap0 [ 252.243624][T15754] 0猉功D: left promiscuous mode [ 252.248525][T15754] 0猉功D: entered allmulticast mode [ 252.285919][T15754] A link change request failed with some changes committed already. Interface 30猉功D may have been left with an inconsistent configuration, please check. [ 252.445706][T15769] loop2: detected capacity change from 0 to 2048 [ 252.484801][T15769] EXT4-fs: Ignoring removed orlov option [ 252.572916][T15769] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 252.865892][T15797] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3874'. [ 252.909324][T15797] gretap0: entered promiscuous mode [ 252.914833][T15802] loop0: detected capacity change from 0 to 128 [ 252.944574][T15803] netlink: 5 bytes leftover after parsing attributes in process `syz.4.3874'. [ 252.991234][T15803] 0猉功D: renamed from gretap0 [ 253.000909][T15803] 0猉功D: left promiscuous mode [ 253.005792][T15803] 0猉功D: entered allmulticast mode [ 253.090183][T15803] A link change request failed with some changes committed already. Interface 30猉功D may have been left with an inconsistent configuration, please check. [ 253.215120][T15817] netlink: 'syz.4.3882': attribute type 1 has an invalid length. [ 253.233334][T15817] mmap: syz.4.3882 (15817): VmData 45850624 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 253.402051][T15795] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 253.445615][T15795] EXT4-fs (loop2): Remounting filesystem read-only [ 253.476467][T15800] EXT4-fs (loop2): ext4_do_writepages: jbd2_start: 9223372036854775807 pages, ino 18; err -5 [ 253.672556][T15840] FAULT_INJECTION: forcing a failure. [ 253.672556][T15840] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 253.685675][T15840] CPU: 1 PID: 15840 Comm: syz.0.3892 Tainted: G W 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 253.697316][T15840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 253.707396][T15840] Call Trace: [ 253.710675][T15840] [ 253.713611][T15840] dump_stack_lvl+0xf2/0x150 [ 253.718329][T15840] dump_stack+0x15/0x20 [ 253.722497][T15840] should_fail_ex+0x229/0x230 [ 253.727199][T15840] should_fail+0xb/0x10 [ 253.731398][T15840] should_fail_usercopy+0x1a/0x20 [ 253.736702][T15840] _copy_from_user+0x1e/0xd0 [ 253.741448][T15840] sctp_setsockopt+0xbe/0xea0 [ 253.746210][T15840] sock_common_setsockopt+0x64/0x80 [ 253.751520][T15840] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 253.757509][T15840] __sys_setsockopt+0x1d8/0x250 [ 253.762444][T15840] __x64_sys_setsockopt+0x66/0x80 [ 253.767498][T15840] x64_sys_call+0x1183/0x2d70 [ 253.772197][T15840] do_syscall_64+0xc9/0x1c0 [ 253.776721][T15840] ? clear_bhb_loop+0x55/0xb0 [ 253.781494][T15840] ? clear_bhb_loop+0x55/0xb0 [ 253.786193][T15840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.792112][T15840] RIP: 0033:0x7f1a5fe48bd9 [ 253.796538][T15840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.816225][T15840] RSP: 002b:00007f1a5f0ca048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 253.824708][T15840] RAX: ffffffffffffffda RBX: 00007f1a5ffd6f60 RCX: 00007f1a5fe48bd9 [ 253.832683][T15840] RDX: 0000000000000019 RSI: 0000000000000084 RDI: 0000000000000003 [ 253.840661][T15840] RBP: 00007f1a5f0ca0a0 R08: 0000000000000008 R09: 0000000000000000 [ 253.848643][T15840] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000001 [ 253.856631][T15840] R13: 000000000000000b R14: 00007f1a5ffd6f60 R15: 00007ffe70963648 [ 253.864629][T15840] [ 253.887421][T15398] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.002520][T15850] netlink: 'syz.2.3890': attribute type 4 has an invalid length. [ 254.030735][T15853] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3896'. [ 254.525869][T15892] sctp: [Deprecated]: syz.1.3908 (pid 15892) Use of int in max_burst socket option. [ 254.525869][T15892] Use struct sctp_assoc_value instead [ 254.671344][T15904] loop4: detected capacity change from 0 to 2048 [ 254.686410][T15904] EXT4-fs: Ignoring removed orlov option [ 254.697380][T15905] loop2: detected capacity change from 0 to 512 [ 254.721598][T15905] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.3910: attempt to clear invalid blocks 1 len 1 [ 254.737966][T15904] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 254.750808][T15905] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3910: bg 0: block 343: padding at end of block bitmap is not set [ 254.783242][T15905] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 254.839329][T15905] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.3910: invalid indirect mapped block 1819239214 (level 0) [ 254.887017][T15905] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.3910: invalid indirect mapped block 1819239214 (level 1) [ 254.970138][T15905] EXT4-fs (loop2): 1 truncate cleaned up [ 255.008654][T15905] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 255.249403][T15920] FAULT_INJECTION: forcing a failure. [ 255.249403][T15920] name failslab, interval 1, probability 0, space 0, times 0 [ 255.262181][T15920] CPU: 0 PID: 15920 Comm: syz.1.3916 Tainted: G W 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 255.273824][T15920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 255.283962][T15920] Call Trace: [ 255.287353][T15920] [ 255.290372][T15920] dump_stack_lvl+0xf2/0x150 [ 255.294989][T15920] dump_stack+0x15/0x20 [ 255.299303][T15920] should_fail_ex+0x229/0x230 [ 255.304003][T15920] ? getname_flags+0x86/0x360 [ 255.308704][T15920] __should_failslab+0x92/0xa0 [ 255.313543][T15920] should_failslab+0x9/0x20 [ 255.318111][T15920] kmem_cache_alloc_noprof+0x4c/0x290 [ 255.323604][T15920] getname_flags+0x86/0x360 [ 255.328144][T15920] user_path_at_empty+0x2c/0x120 [ 255.333165][T15920] __se_sys_mount+0x24b/0x2d0 [ 255.337938][T15920] __x64_sys_mount+0x67/0x80 [ 255.342608][T15920] x64_sys_call+0x25c9/0x2d70 [ 255.347296][T15920] do_syscall_64+0xc9/0x1c0 [ 255.351918][T15920] ? clear_bhb_loop+0x55/0xb0 [ 255.356601][T15920] ? clear_bhb_loop+0x55/0xb0 [ 255.361312][T15920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.367250][T15920] RIP: 0033:0x7f3f69543bd9 [ 255.371670][T15920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.391349][T15920] RSP: 002b:00007f3f687c5048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 255.399775][T15920] RAX: ffffffffffffffda RBX: 00007f3f696d1f60 RCX: 00007f3f69543bd9 [ 255.407751][T15920] RDX: 00000000200002c0 RSI: 0000000020000280 RDI: 0000000020000100 [ 255.415778][T15920] RBP: 00007f3f687c50a0 R08: 0000000020000300 R09: 0000000000000000 [ 255.423790][T15920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 255.431884][T15920] R13: 000000000000000b R14: 00007f3f696d1f60 R15: 00007fffcb8ec458 [ 255.439875][T15920] [ 255.440693][T15909] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 255.534834][T15909] EXT4-fs (loop4): Remounting filesystem read-only [ 255.535476][T15398] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.541914][T15912] EXT4-fs (loop4): ext4_do_writepages: jbd2_start: 9223372036854775807 pages, ino 18; err -5 [ 255.693628][T15934] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3919'. [ 255.702674][T15934] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3919'. [ 255.738199][ T29] kauditd_printk_skb: 21 callbacks suppressed [ 255.738221][ T29] audit: type=1326 audit(1720045095.484:33992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15935 comm="syz.0.3923" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a5fe48bd9 code=0x0 [ 255.785617][T15938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3924'. [ 255.858272][T14875] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.955540][T15952] ref_ctr going negative. vaddr: 0x20002082, curr val: -11067, delta: 1 [ 255.964085][T15952] ref_ctr increment failed for inode: 0x5ac offset: 0x0 ref_ctr_offset: 0x82 of mm: 0xffff88810a75a4c0 [ 256.207891][T15971] loop1: detected capacity change from 0 to 128 [ 256.372162][T15976] FAULT_INJECTION: forcing a failure. [ 256.372162][T15976] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 256.385533][T15976] CPU: 0 PID: 15976 Comm: syz.1.3938 Tainted: G W 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 256.397274][T15976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 256.407390][T15976] Call Trace: [ 256.410677][T15976] [ 256.413614][T15976] dump_stack_lvl+0xf2/0x150 [ 256.418228][T15976] dump_stack+0x15/0x20 [ 256.422425][T15976] should_fail_ex+0x229/0x230 [ 256.427303][T15976] __should_fail_alloc_page+0xfd/0x110 [ 256.432914][T15976] __alloc_pages_noprof+0x109/0x360 [ 256.438151][T15976] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 256.443696][T15976] alloc_pages_noprof+0xe1/0x100 [ 256.448664][T15976] pte_alloc_one+0x32/0xf0 [ 256.453151][T15976] __pte_alloc+0x33/0x270 [ 256.457493][T15976] handle_mm_fault+0x1ade/0x2a80 [ 256.462500][T15976] exc_page_fault+0x296/0x650 [ 256.467191][T15976] asm_exc_page_fault+0x26/0x30 [ 256.472087][T15976] RIP: 0010:__put_user_4+0x11/0x20 [ 256.477254][T15976] Code: 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 [ 256.496964][T15976] RSP: 0018:ffffc9000123fbd8 EFLAGS: 00050206 [ 256.503122][T15976] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000200005c0 [ 256.511197][T15976] RDX: 00000000000001d5 RSI: 0000000000000000 RDI: ffffc9000123fbe0 [ 256.519222][T15976] RBP: 0000000000000000 R08: 0001c9000123fbe3 R09: 0000000000000000 [ 256.527199][T15976] R10: 0001ffffffffffff R11: 0001c9000123fbe0 R12: ffff88810689af40 [ 256.535252][T15976] R13: ffffffff855092c0 R14: 00000000200005c0 R15: 000000000000541b [ 256.543296][T15976] sk_ioctl+0x25c/0x3c0 [ 256.547485][T15976] ? path_openat+0x1a6f/0x1fa0 [ 256.552261][T15976] inet6_ioctl+0x13f/0x190 [ 256.556724][T15976] ? _parse_integer+0x27/0x30 [ 256.561422][T15976] ? __rcu_read_unlock+0x4e/0x70 [ 256.566454][T15976] sock_do_ioctl+0x81/0x260 [ 256.571011][T15976] sock_ioctl+0x470/0x640 [ 256.575420][T15976] ? file_has_perm+0x347/0x390 [ 256.580262][T15976] ? __pfx_sock_ioctl+0x10/0x10 [ 256.585133][T15976] do_vfs_ioctl+0x96f/0x1560 [ 256.589738][T15976] ? selinux_file_ioctl+0x1c6/0x380 [ 256.595012][T15976] __se_sys_ioctl+0x81/0x150 [ 256.599713][T15976] __x64_sys_ioctl+0x43/0x50 [ 256.604361][T15976] x64_sys_call+0x1581/0x2d70 [ 256.609064][T15976] do_syscall_64+0xc9/0x1c0 [ 256.613606][T15976] ? clear_bhb_loop+0x55/0xb0 [ 256.618300][T15976] ? clear_bhb_loop+0x55/0xb0 [ 256.623029][T15976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.628967][T15976] RIP: 0033:0x7f3f69543bd9 [ 256.633398][T15976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.653031][T15976] RSP: 002b:00007f3f687c5048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 256.661463][T15976] RAX: ffffffffffffffda RBX: 00007f3f696d1f60 RCX: 00007f3f69543bd9 [ 256.669479][T15976] RDX: 00000000200005c0 RSI: 000000000000541b RDI: 0000000000000003 [ 256.677464][T15976] RBP: 00007f3f687c50a0 R08: 0000000000000000 R09: 0000000000000000 [ 256.685462][T15976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 256.693440][T15976] R13: 000000000000000b R14: 00007f3f696d1f60 R15: 00007fffcb8ec458 [ 256.701458][T15976] [ 256.795352][T15988] netlink: 'syz.0.3943': attribute type 1 has an invalid length. [ 256.866118][T15997] loop1: detected capacity change from 0 to 128 [ 256.878949][T15992] loop2: detected capacity change from 0 to 2048 [ 256.921879][T15992] EXT4-fs: Ignoring removed orlov option [ 256.951589][T16003] loop0: detected capacity change from 0 to 512 [ 256.988107][T16002] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3948'. [ 256.997505][T16003] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 257.093347][T15992] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 257.161934][T16018] loop1: detected capacity change from 0 to 512 [ 257.168507][T16018] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 257.268313][T15994] chnl_net:caif_netlink_parms(): no params data found [ 257.440234][T15994] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.447419][T15994] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.486627][T15994] bridge_slave_0: entered allmulticast mode [ 257.510781][T15994] bridge_slave_0: entered promiscuous mode [ 257.520812][T16042] netlink: 'syz.4.3956': attribute type 1 has an invalid length. [ 257.545395][T15994] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.552584][T15994] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.578468][T15994] bridge_slave_1: entered allmulticast mode [ 257.598381][T15994] bridge_slave_1: entered promiscuous mode [ 257.673560][T15994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 257.709490][T15994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.723897][T16016] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 257.761226][T15994] team0: Port device team_slave_0 added [ 257.763622][T16016] EXT4-fs (loop2): Remounting filesystem read-only [ 257.802019][T15994] team0: Port device team_slave_1 added [ 257.856002][T15994] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 257.863040][T15994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.889068][T15994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 257.994524][T15994] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 258.001538][T15994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 258.022155][T15398] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.027534][T15994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 258.127171][T15994] hsr_slave_0: entered promiscuous mode [ 258.145706][T16058] netlink: 'syz.4.3962': attribute type 1 has an invalid length. [ 258.153866][T15994] hsr_slave_1: entered promiscuous mode [ 258.170737][T15994] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 258.189135][T15994] Cannot create hsr debugfs directory [ 258.257874][ T29] audit: type=1400 audit(1720045097.810:33993): avc: denied { mounton } for pid=16059 comm="syz.4.3963" path="/80/file0" dev="tmpfs" ino=442 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 258.257884][T16062] 9pnet_fd: Insufficient options for proto=fd [ 258.346847][T16063] netlink: 312 bytes leftover after parsing attributes in process `syz.2.3960'. [ 258.347429][T16064] loop4: detected capacity change from 0 to 512 [ 258.391961][T16064] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 258.400019][T16064] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 258.463719][T15994] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.559341][T16064] System zones: 0-1, 15-15, 18-18, 34-34 [ 258.565218][T16064] EXT4-fs (loop4): orphan cleanup on readonly fs [ 258.624512][T16064] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 258.679591][T15994] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.771457][T15994] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.780632][T16064] EXT4-fs warning (device loop4): ext4_enable_quotas:7078: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 258.796418][T16064] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 258.913254][T15994] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.920453][T16064] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3963: bg 0: block 40: padding at end of block bitmap is not set [ 259.031025][T16064] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 259.057725][T15994] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 259.077677][T16064] EXT4-fs (loop4): 1 truncate cleaned up [ 259.083802][T16064] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 259.137908][T15994] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 259.166298][T15994] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 259.179347][T15994] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 259.221021][T16095] netlink: 'syz.2.3972': attribute type 1 has an invalid length. [ 259.272798][T16062] EXT4-fs error (device loop4): ext4_encrypted_get_link:46: inode #16: comm syz.4.3963: bad symlink. [ 259.430480][T15994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 259.480225][T16102] vlan2: entered promiscuous mode [ 259.485312][T16102] syz_tun: entered promiscuous mode [ 259.519229][T14875] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.528398][T16102] syz_tun: left promiscuous mode [ 259.589513][T15994] 8021q: adding VLAN 0 to HW filter on device team0 [ 259.613769][ T4335] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.620987][ T4335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 259.683752][ T4335] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.690901][ T4335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 259.780065][T15994] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 259.790485][T15994] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 259.852698][T16106] Dead loop on virtual device ip6_vti0, fix it urgently! [ 260.019758][T15994] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 260.134206][T16130] loop1: detected capacity change from 0 to 1024 [ 260.161335][T16130] EXT4-fs: Invalid want_extra_isize 125 [ 260.236483][T15994] veth0_vlan: entered promiscuous mode [ 260.278505][T15994] veth1_vlan: entered promiscuous mode [ 260.296776][T16130] loop1: detected capacity change from 0 to 2048 [ 260.328433][T16143] netlink: 'syz.2.3985': attribute type 1 has an invalid length. [ 260.334925][T15994] veth0_macvtap: entered promiscuous mode [ 260.359857][T15994] veth1_macvtap: entered promiscuous mode [ 260.396172][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.396207][T16130] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 260.406706][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.428623][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.439087][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.449021][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.459482][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.461334][T16148] loop2: detected capacity change from 0 to 512 [ 260.469324][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.469345][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.469365][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.469381][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.516174][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.526619][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.536493][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.546984][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.556856][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 260.567349][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.618479][T16148] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 260.640186][T16148] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 260.660626][T15994] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 260.673088][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.683638][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.693491][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.703955][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.713802][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.724382][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.734199][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.744700][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.754623][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.765219][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.775101][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.785538][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.795488][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.806061][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.816148][T15994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.826656][T15994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.848165][T15994] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 260.880282][T15994] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.889304][T15994] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.898144][T15994] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.906947][T15994] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.039661][T12408] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.100955][T15398] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 261.134738][T16168] loop0: detected capacity change from 0 to 512 [ 261.158521][T15398] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 261.182455][T16168] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #15: comm syz.0.3992: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964) [ 261.211976][T16168] EXT4-fs error (device loop0): ext4_orphan_get:1399: comm syz.0.3992: couldn't read orphan inode 15 (err -117) [ 261.229848][T15398] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 261.255849][T15398] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 261.256336][T16168] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 261.359203][T16186] FAULT_INJECTION: forcing a failure. [ 261.359203][T16186] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 261.372359][T16186] CPU: 0 PID: 16186 Comm: syz.3.3995 Tainted: G W 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 261.384534][T16186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 261.394647][T16186] Call Trace: [ 261.397971][T16186] [ 261.400900][T16186] dump_stack_lvl+0xf2/0x150 [ 261.405510][T16186] dump_stack+0x15/0x20 [ 261.409700][T16186] should_fail_ex+0x229/0x230 [ 261.414452][T16186] should_fail+0xb/0x10 [ 261.418641][T16186] should_fail_usercopy+0x1a/0x20 [ 261.423699][T16186] _copy_from_iter+0xd3/0xb00 [ 261.428451][T16186] ? __alloc_pages_noprof+0x1bc/0x360 [ 261.433859][T16186] copy_page_from_iter+0x14f/0x280 [ 261.438992][T16186] pipe_write+0x44a/0xd30 [ 261.443454][T16186] vfs_write+0x78f/0x900 [ 261.447829][T16186] ? __pfx_pipe_write+0x10/0x10 [ 261.452725][T16186] ksys_write+0xeb/0x1b0 [ 261.456983][T16186] __x64_sys_write+0x42/0x50 [ 261.461578][T16186] x64_sys_call+0x27ef/0x2d70 [ 261.466300][T16186] do_syscall_64+0xc9/0x1c0 [ 261.470878][T16186] ? clear_bhb_loop+0x55/0xb0 [ 261.475564][T16186] ? clear_bhb_loop+0x55/0xb0 [ 261.480282][T16186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.486263][T16186] RIP: 0033:0x7f9708449bd9 [ 261.490687][T16186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.510304][T16186] RSP: 002b:00007f97076aa048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 261.518774][T16186] RAX: ffffffffffffffda RBX: 00007f97085d8038 RCX: 00007f9708449bd9 [ 261.526748][T16186] RDX: 00000000fffffdef RSI: 0000000020000000 RDI: 0000000000000000 [ 261.534733][T16186] RBP: 00007f97076aa0a0 R08: 0000000000000000 R09: 0000000000000000 [ 261.542771][T16186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 261.550769][T16186] R13: 000000000000006e R14: 00007f97085d8038 R15: 00007ffe53314378 [ 261.558867][T16186] [ 261.589396][T12361] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 261.609667][T15398] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 261.645138][T15398] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 261.660579][ T29] audit: type=1400 audit(1720045100.958:33994): avc: denied { getattr } for pid=16188 comm="syz.1.3997" name="/" dev="pidfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 261.723956][T15398] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 261.737991][ T8] kernel write not supported for file /vcsa1 (pid: 8 comm: kworker/0:0) [ 261.800694][ T29] audit: type=1400 audit(1720045101.087:33995): avc: denied { map } for pid=16203 comm="syz.0.4001" path="/dev/null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:null_device_t tclass=chr_file permissive=1 [ 261.829717][T15398] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 261.900835][T15398] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 261.914642][T16213] loop0: detected capacity change from 0 to 512 [ 261.929428][T16213] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.4005: invalid block [ 261.941775][T15398] EXT4-fs error (device loop2): ext4_empty_dir:3089: inode #12: comm syz-executor: Directory hole found for htree leaf block [ 261.966279][T16213] EXT4-fs (loop0): Remounting filesystem read-only [ 261.981160][T16213] EXT4-fs (loop0): 2 truncates cleaned up [ 261.987456][T16213] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 262.002961][T16213] SELinux: (dev loop0, type ext4) getxattr errno 5 [ 262.023346][T16213] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.086203][T16233] netlink: 'syz.1.4010': attribute type 1 has an invalid length. [ 262.112356][T16236] netlink: 'syz.4.4012': attribute type 1 has an invalid length. [ 262.219830][T16245] ================================================================== [ 262.227961][T16245] BUG: KCSAN: data-race in inode_update_timestamps / inode_update_timestamps [ 262.236762][T16245] [ 262.239088][T16245] write to 0xffff88810520b180 of 8 bytes by task 16247 on cpu 1: [ 262.246812][T16245] inode_update_timestamps+0x16f/0x280 [ 262.252295][T16245] file_update_time+0x22f/0x2c0 [ 262.257166][T16245] pipe_write+0xa87/0xd30 [ 262.261506][T16245] vfs_write+0x78f/0x900 [ 262.265757][T16245] ksys_write+0xeb/0x1b0 [ 262.270007][T16245] __x64_sys_write+0x42/0x50 [ 262.274609][T16245] x64_sys_call+0x27ef/0x2d70 [ 262.279299][T16245] do_syscall_64+0xc9/0x1c0 [ 262.283810][T16245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.289711][T16245] [ 262.292036][T16245] read to 0xffff88810520b180 of 8 bytes by task 16245 on cpu 0: [ 262.299669][T16245] inode_update_timestamps+0x8a/0x280 [ 262.305078][T16245] file_update_time+0x22f/0x2c0 [ 262.309944][T16245] pipe_write+0xa87/0xd30 [ 262.314285][T16245] vfs_write+0x78f/0x900 [ 262.318532][T16245] ksys_write+0xeb/0x1b0 [ 262.322781][T16245] __x64_sys_write+0x42/0x50 [ 262.327378][T16245] x64_sys_call+0x27ef/0x2d70 [ 262.332071][T16245] do_syscall_64+0xc9/0x1c0 [ 262.336586][T16245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.342488][T16245] [ 262.344807][T16245] value changed: 0x000000001b3712ef -> 0x000000001c50c050 [ 262.351908][T16245] [ 262.354238][T16245] Reported by Kernel Concurrency Sanitizer on: [ 262.360396][T16245] CPU: 0 PID: 16245 Comm: syz.0.4015 Tainted: G W 6.10.0-rc6-syzkaller-00067-g8a9c6c40432e #0 [ 262.372039][T16245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 262.382126][T16245] ================================================================== [ 262.459847][T16247] 9pnet_fd: Insufficient options for proto=fd [ 262.477772][T16250] loop1: detected capacity change from 0 to 128 [ 262.537585][T16250] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 262.563613][T16250] vhci_hcd: invalid port number 219 [ 262.568898][T16250] vhci_hcd: default hub control req: 0000 v6ab1 i00db l1556 [ 262.766783][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.779908][T15398] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.852304][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.894904][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.959805][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 263.031753][ T11] bridge_slave_1: left allmulticast mode [ 263.037493][ T11] bridge_slave_1: left promiscuous mode [ 263.043136][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.055649][ T11] bridge_slave_0: left allmulticast mode [ 263.061312][ T11] bridge_slave_0: left promiscuous mode [ 263.067031][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.225094][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 263.263193][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 263.280952][ T11] bond0 (unregistering): Released all slaves [ 263.392553][ T11] hsr_slave_0: left promiscuous mode [ 263.413167][ T11] hsr_slave_1: left promiscuous mode [ 263.418946][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 263.426464][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 263.455049][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 263.462525][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 263.492508][ T11] veth1_macvtap: left promiscuous mode [ 263.498045][ T11] veth0_macvtap: left promiscuous mode [ 263.503633][ T11] veth1_vlan: left promiscuous mode [ 263.508973][ T11] veth0_vlan: left promiscuous mode [ 263.761429][ T11] team0 (unregistering): Port device team_slave_1 removed [ 263.783594][ T11] team0 (unregistering): Port device team_slave_0 removed