last executing test programs: 12.09008834s ago: executing program 4 (id=47): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) socket$xdp(0x2c, 0x3, 0x0) openat$incfs(0xffffffffffffff9c, 0x0, 0x40440, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r1, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000ac0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000001500000020002b8008000100030000000c0005020000000000000000050002000000000008000300", @ANYRES32], 0x44}}, 0x0) ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x8915, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x10) setpgid(0x0, 0x0) r2 = socket$kcm(0xa, 0x5, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) r3 = socket$kcm(0xa, 0x5, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x0, 0x400007, 0x9, 0x0, 0x1}, 0x48) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000001c0)=0x14) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, r4, 0x7, '\x00', r5, r6, 0x2, 0x1, 0x4}, 0x48) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x890b, &(0x7f0000000000)) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x8dffffff, @loopback={0xfec0ffff00000000}}, 0x80, &(0x7f0000002580)=[{&(0x7f0000000500)='\x00', 0x1}], 0x1}, 0x0) 11.172910064s ago: executing program 4 (id=61): r0 = perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0xc}, 0x10000, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) io_setup(0x9, &(0x7f0000000b80)) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r4 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0xa1) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000005b00)=0x20) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ftruncate(r5, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) creat(&(0x7f0000000200)='./bus\x00', 0x50) fstatfs(r6, &(0x7f0000000000)=""/108) r7 = perf_event_open(&(0x7f0000000500)={0x4, 0x80, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8, 0x0, 0x0, 0x0, 0x7fff}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_RESTRICTIONS(r3, 0xb, &(0x7f0000000440)=[@ioring_restriction_sqe_flags_allowed={0x2, 0xc}, @ioring_restriction_sqe_op, @ioring_restriction_register_op={0x0, 0x15}, @ioring_restriction_register_op={0x0, 0x14}, @ioring_restriction_sqe_flags_required={0x3, 0x11}, @ioring_restriction_sqe_op], 0x6) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r7, 0x4008240b, &(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4}) perf_event_open(&(0x7f0000000a80)={0x4, 0x80, 0x3, 0x30, 0x1, 0x8, 0x0, 0x0, 0x8, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x201e6, 0x0, @perf_config_ext={0x1}, 0x8, 0xf7e6, 0x4, 0x4, 0x9, 0x7, 0x3c, 0x0, 0xd0f, 0x0, 0x6}, 0x0, 0xc, r7, 0x11) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$int_in(r8, 0x5452, &(0x7f0000000300)=0x208) bind$inet6(r8, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) setsockopt$sock_int(r8, 0x1, 0x7, &(0x7f0000000180), 0x4) mknod$loop(&(0x7f00000002c0)='./bus\x00', 0x8, 0x1) sendto$inet6(r8, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) recvfrom$inet6(0xffffffffffffffff, &(0x7f0000001300)=""/29, 0x1d, 0x10000, &(0x7f0000000400)={0xa, 0x4e20, 0x1936e1a0, @remote, 0x6}, 0x1c) poll(&(0x7f0000000040)=[{r8}], 0x1, 0x800) sendto$inet6(r8, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090011006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) shutdown(r8, 0x1) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r9) 10.932380014s ago: executing program 4 (id=65): socket$inet_tcp(0x2, 0x1, 0x0) capset(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000280)={0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r1, 0x40047211, &(0x7f00000002c0)=0x4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newqdisc={0x64, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0x8}}, [@TCA_STAB={0x38, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}}, {0x18, 0x2, [0x2, 0x1, 0x4, 0x5, 0x8, 0x2, 0x7, 0x9, 0x400, 0x7]}}]}, @TCA_RATE={0x6, 0x5, {0x2, 0x8}}]}, 0x64}}, 0x0) 10.875262498s ago: executing program 4 (id=66): r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x62) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x52c8}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x454e, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000000)=0x56, 0x4) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 9.278210139s ago: executing program 4 (id=88): socket$kcm(0x10, 0x2, 0x10) socket$packet(0x11, 0x2, 0x300) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) socket$kcm(0x2, 0xa, 0x2) socket$packet(0x11, 0x2, 0x300) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff03c}, {}, {0x6}]}, 0x10) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_io_uring_setup(0x36c1, 0x0, &(0x7f0000000140), &(0x7f0000000100)) syz_io_uring_setup(0x1868, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000000040), &(0x7f0000000180)) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000400)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, 0xee01}}, './file0\x00'}) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000740)={&(0x7f00000005c0)={0x134, 0x0, 0x2, 0x0, 0x0, 0x0, {0x0, 0x0, 0x3}, [@CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @CTA_EXPECT_MASTER={0xac, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x9e}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @rand_addr=0x64010100}}}]}, @CTA_EXPECT_MASTER={0x6c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010100}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}]}, 0x134}}, 0x24000081) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r2, &(0x7f0000001240)=""/102400, 0x200000, 0x0) 9.13862381s ago: executing program 4 (id=91): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000009c0)={'vcan0\x00', 0x0}) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$AUTOFS_IOC_FAIL(r2, 0x9361, 0x5) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1}, 0x18) sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000840)={0x34, r4, 0x1, 0x0, 0x0, {0x37}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) bind$can_j1939(r0, &(0x7f0000000200)={0x1d, r1, 0x1}, 0x18) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000f00)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r7}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) socket$can_j1939(0x1d, 0x2, 0x7) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000009c0)={'vcan0\x00'}) (async) socket$can_j1939(0x1d, 0x2, 0x7) (async) ioctl$AUTOFS_IOC_FAIL(r2, 0x9361, 0x5) (async) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1}, 0x18) (async) sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_RATE_NEW(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000840)={0x34, r4, 0x1, 0x0, 0x0, {0x37}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) bind$can_j1939(r0, &(0x7f0000000200)={0x1d, r1, 0x1}, 0x18) (async) socket$can_j1939(0x1d, 0x2, 0x7) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) (async) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000f00)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r7}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) (async) 3.852974944s ago: executing program 3 (id=146): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, &(0x7f0000000440)=ANY=[], 0x0, 0x5}, 0x90) openat$selinux_enforce(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x40000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f00000001c0)="2f00ea7c2b58a993e9b6512ac246", &(0x7f0000000000)=""/8, 0x2}, 0x20) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@getchain={0x2c, 0x11, 0x1, 0x0, 0x2000, {0x0, 0x0, 0x0, r3}, [{0x8, 0xb, 0x1fe00000}]}, 0x2c}}, 0x0) 800.570394ms ago: executing program 0 (id=202): socket$inet_tcp(0x2, 0x1, 0x0) capset(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000280)={0x80, 0x6, 0x27d, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r1, 0x40047211, &(0x7f00000002c0)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newqdisc={0x64, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0x8}}, [@TCA_STAB={0x38, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}}, {0x18, 0x2, [0x2, 0x1, 0x4, 0x5, 0x8, 0x2, 0x7, 0x9, 0x400, 0x7]}}]}, @TCA_RATE={0x6, 0x5, {0x2, 0x8}}]}, 0x64}}, 0x0) 773.420717ms ago: executing program 0 (id=206): perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) io_uring_setup(0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'netdevsim0\x00', 0x0}) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0xffa1, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x2}]}, 0x38}}, 0x0) 716.415401ms ago: executing program 0 (id=209): socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00'}) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x0) shmctl$IPC_RMID(r0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2f, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r2, 0x25, 0x2, @val=@tcx}, 0x40) syz_emit_ethernet(0x22, &(0x7f0000000100)={@broadcast, @local, @val={@void}, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "534ead40a3537293"}}}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 704.930892ms ago: executing program 0 (id=210): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$nfc_llcp(r1, 0x6, 0x1a, 0x0, 0x2000e863) r2 = memfd_create(&(0x7f00000001c0)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84\xcdN\xf7\xf6\b~\xed_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xadNaC\xa6\xf9\xa7>c\x84\xd8\xfa\xf1\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8g8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93\xd8\x12\x8cXc5%\x03\x8d`\xdayC\x9b\x9a\xd9c\xe9\xb4\v\x99\x87\xe4\x00\x8a\x8eS\x8e\f\x05ZH\xa2\x0e\xbc\x9c\x95\b2Cf6\x9a\xe7\xb9\x86\xbe\xd0\xda\x91\xc1sl\x11PA\x93\xa5\x93\xc8\xf1w\x7fp6z\xbf\xe8[\'u\xb8\xd2$K\x12\rt\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00r\xe2`\xdf\xd2\xb3\xaf\xe9\xc4!Z\xb4&\xa2\x12\xe2i\x91kC$A\xafR\xb3\xff\x1d=\xec\x10\xb4+\x13\'\x92>\x14\x00\a\xb6R\x8b\xdcz\xc3\xd1Y\xd6\xd9;s \xb0\x938\xb7D9\xdcN\xbd\xdbn\xe35\xa7\x02\x9c\xc1\xd9\x13?\xc9\xd7\xab\x9c\xf3\x82\xd1\xee^kk\xce\xdbn\x02\x1f\x80\t\xdbr\xa9\xcc\xf1\xcb\x9f@\x8c\xfc\x02W/p\x97\xb0\xbd\x8f\xdb|n2a\xee\x95u\x83\xca\x8a>}\xd3\xd0\xff6.pa\x17\xe3e\xd2\x7f\xf6\xbc\x9d\x112\x1b\x14p\xa1\xd6u\xefn\xb4\xa3\x05D\x8c\xc5l\xcc\b\xeb\xf42\xe9\xf15\xf3\xf2\xee\xd6\xed\t\xb3\xf7\x1a\x7f\xe6\xb4z\x19\xe1\xb4w\xf7\xa6\xd7\\\xfa\x96\xe2\xf9\xb1\x81\xba\xdfg\xadI\x1c\xde*_\xd5\xdf\xeeA\xcd \x91\xc9\xd4\xd1\xcd*.t\x80]', 0x0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x5, 0x2012, r2, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x2}}, 0x6b) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_mreqn(r4, 0x0, 0x20, &(0x7f0000000980)={@local, @loopback}, &(0x7f00000009c0)=0xc) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000a40), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ANNOUNCE(0xffffffffffffffff, &(0x7f0000000b80)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r5, @ANYBLOB="00042abd7000fddbdf25080000002c000680068c07f86ed064e93a0001000a00000006000100000000000800060006000000060005004e220000080003000500000005000500000000050005000000000028000180060001000200000014000400fe800000000000000000000000000021080003007f00000108000200000000008e3b391da5c68a42f2d8"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x840) r6 = inotify_init() bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@cgroup, 0xffffffffffffffff, 0x14, 0x28, 0x0, @prog_id}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYRES8=r6], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000a80), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x90) r7 = syz_io_uring_setup(0xd8, &(0x7f0000000000)={0x0, 0x0, 0x20, 0x3}, &(0x7f0000000080), &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_RESTRICTIONS(r7, 0xb, &(0x7f0000000100)=[@ioring_restriction_register_op={0x0, 0x1}], 0x100000000000002c) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r7, 0xc, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(r7, 0x1, 0x0, 0x0) inotify_add_watch(r6, &(0x7f0000000340)='.\x00', 0xa50003d1) readv(r6, &(0x7f0000000140)=[{&(0x7f0000000040)=""/182, 0xb6}], 0x1) mkdir(&(0x7f0000000200)='./file0\x00', 0x0) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, 0x0, 0x0) 688.417564ms ago: executing program 1 (id=211): syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000000)='./file0/file0\x00', 0x210000, &(0x7f00000002c0)={[{@jqfmt_vfsv1}, {}, {@barrier_val}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x1000000004000080}}, {@barrier_val}, {@nodelalloc}, {@journal_path={'journal_path', 0x3d, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}}, {@errors_remount}]}, 0xfc, 0x581, &(0x7f0000000480)="$eJzs3d1rW+UfAPDvSdOue/n91sEY6oUMduFkLl1bXyYIzkvR4UDvZ2izMpouo0nHWgduF+7GGx2CiAPxD/Dey+E/4F8x0MGQUfTCm8o5PdmyNunbsiVbPh847fPknNPnfPO89HlyEhLAwDqa/ihEvBwR3yQRB1v2FSPfeXTtuJUH16bTLYnV1U//SiLJH2sen+S/9+eZlyLit68iThQ2lltfWp4rV6uVhTw/3pi/PF5fWj55cb48W5mtXJqcmjr91tTku++83bVYXz/3zw+f3Pnw9NfHVr7/5d6hW0mciQP5vtY4nsD1lnTxUXI4zqw7cKILhfWTpNcXwK4M5Q11ONIx4GAMtTZb4IX2ZUSsAgMqyfp/wSgAA6c5D2iu7bu0Dn5u3P9gbQGUxT7SGn9x7bWRGM3WRvtWksdWRul6d6wL5adl/Prn7VvpFpu/DrF3izzAjly/ERGnisWN43+Sj3+7dyp78Xhz68sYtP8/0Et30vnPG+3mf4WH859oM//Z36bv7sbW/b9wrwvFdJTO/95rO/99OHSNDeW5/2VzvuHkwsVq5VRE/D8ijsfwnjS/2f2c0yt3Vzvta53/pVtafnMumF/HveKex8+ZKTfKETHyJHE33b8R8UqxXfz5+P/taDbXXV//6fNxbptlHKncfrXTvq3jf7pWf454rW39P7qjlWx+f3I8aw/jzVax0d83j/zeqfxex5/W/77N4x9LWu/X1ndexk+j/1Y67dtt+x9JPsvSzU5wtdxoLExEjCQfb3x88tG5zXzz+DT+48c2H//atf908fX5NuO/efhmx0P7of5ndlT/O0/c/eiLHzuVv736fzNLHc8fyce/9vK2st0LfNLnDwAAAAAAAPpJISIORFIoPUwXCqXS2vs7Dse+QrVWb5y4UFu8NBPZZ2XHYrjQvNN9sOX9EBP5+2Gb+cl1+amIOBQR3w3tzfKl6Vp1ptfBAwAAAAAAAAAAAAAAAAAAQJ/Y3+Hz/6k/hnp9dcBTl32xwZ5eXwXQC1t+5X83vukJ6Etb9n/ghaX/w+Dadv83UMALR7eGwaX/w+DS/2Fw6f8wuPR/AAAAAAAAAAAAAAAAAAAAAAAAAAAA6KpzZ8+m2+rKg2vTaX7mytLiXO3KyZlKfa40vzhdmq4tXC7N1mqz1Uppuja/1d+r1mqXJyZj8ep4o1JvjNeXls/P1xYvNc5fnC/PVs5Xhp9JVAAAAAAAAAAAAAAAAAAAAPB8qS8tz5Wr1cqCRMfE+9EXl/E0A1yzq9OLz/RSR/vjGXuuEjfy6t3ZWT0clAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgnf8CAAD//9gdLz4=") chdir(&(0x7f00000001c0)='./file0\x00') creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x76, &(0x7f0000000280)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "e400ff", 0x40, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x11, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @dev}, [], "17c11d58674e624c1a146558aab57fff"}}}}}}}, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff) r1 = socket(0xa, 0x3, 0x3a) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r2, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x10) syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$vcsn(0x0, 0x0, 0x0) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x4800) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x804}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000), 0x4) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x42841) syz_emit_ethernet(0x8a, &(0x7f0000000a40)={@link_local, @dev, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x50, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private1, [@hopopts={0x3a}, @routing={0x0, 0x2, 0x0, 0x0, 0x7800, [@private2]}]}}}}}}}, 0x0) sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, 0x0, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 601.447861ms ago: executing program 0 (id=213): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_cache\x00') syz_mount_image$ext4(&(0x7f0000001140)='ext2\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000003c0)={0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x4e22, @rand_addr=0x64010101}, @in={0x2, 0x4e20, @private=0xa010100}]}, &(0x7f0000000fc0)=0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x25, &(0x7f0000000740)={0x0, @in={{0x2, 0x4e22, @rand_addr=0x64010101}}}, 0x90) fallocate(r1, 0x0, 0x0, 0x1001f0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) fallocate(r3, 0x3, 0x1800, 0x10000) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x90) mmap(&(0x7f000046f000/0x3000)=nil, 0x3000, 0x5, 0x10, r1, 0xe6f4d000) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000583ca91a0012800b00010067726574617000000c00028008000700e00000010a0001"], 0x48}}, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) r8 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000ec0), 0x2, 0x0) ioctl$FIDEDUPERANGE(r4, 0xc0189436, &(0x7f0000001000)={0xf68c, 0x2, 0x9, 0x0, 0x0, [{{r5}, 0x6}, {{r1}, 0xfffffffffffffffd}, {{r4}, 0x2}, {{r5}, 0x4ddf}, {{r5}, 0x3}, {{r3}}, {{r6}, 0x4}, {{}, 0x1}, {{r8}, 0x5}]}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r4, r7, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xd81, &(0x7f00000001c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbffffffffffff86dd604300930d4b3a00fe8000000000000000000000000000aaff0200000000000000000000000000018000907800000000f2e280b1930dc25a1f71776ae8c49d741a248844e443394bfbbda018c23fa534080c262caa58a9a5daad9b5a78335d264f152d5a6504987ae4a347601897b049028d9b8d8002f73e64be8ee1ce50b5c4f965741966a888499da106c8e696b3f1ed3438adcefc7327ccdbe1b00fc8c91389427ad5fcbe1081e90b2aa6afe627073851bcfe088d05dc0d13f6af72eb60d38b81df20ce7f5a982dfb34985be353474ef6f4b22071331d412f6107d484af5ab79c7cbb5857ca696e276c4af2aa945b5cd2bb2522ac246012a53a617ac753d37943230b45028f5c159ce46ffdb348e9b9c6933a55a8ed009fa0a082ce35688653cebfde0c77e4cc9f7ea1606c948a41593d6c0f1a91b3b139a03c82a4cf3f1d9ed434651b4e18be87e953317988fc68b03637762643f2525e84ac7c539c3df7c049ae14500acd8818685a6a452894f6f21228fe70b53471bfe1e2582f30a41b095bd9056b219651b24e5c60ec1375417f8a0d13517e782e774492863954f0544b10ff6265c810bd23c5386f0d6e5bf7f0783d9161a461395e0ac0551d663207233e298e1b12b003b3a953cbf98443523f422d9d8d99174bedfcd6ec43e32d01be999f59f662bddf66788d0a80748aba0f00aef14c13096e071427aa0492163ae0d1d88a0c6765f356f01ad1e37363a0dce9e6d819ff2f599b08943bfe4ba7e069ffd2888519187fdda9c1e8510b3bfac9e89779a5980e554cb0d1b0742b4885a3284a331832cf6ce49f0259dec11d1e198e38e62c9fc6efea0ddc05d4bded0ab41fc0088fb0bf72778969cb1722c651e32d16726b78beee2aadc781162c4d89bac4d2fd24bb19c9f797a440fc2eb197fd8a0c6c122d7cb6c22ab8442589888f6507cef2578ac973ec185c55c5de89f961723caabb0e6eeb6bbe1fb0a26b95ab0d1dd2a396f91e45dda56ad9edcdb03494bfcbaa90135014c2418b211baf483db7b35c934615e2b5edf3c5bc83f6d51b36f7476d5669898aba48289cd24a8714fd8ad6abaf5d94f37a32bad6912c9a4f8b9ccfe118114373074c9f8cbd4447ef22bc0ab55873975d54cfa1f01f5192f5d65db2f2f9b93659af3fb0966c0065f29645a3efd16f017d7cb8fac35b0886a4575e4e6ce03c92e1121e007d20329496613c997de8bcfcdb8bcf7ddab91da7a6d1485916b07db15f13180c38017fa9191fa20c22e94f445d6dcc0d3415a16da6c626d3ec8fd76d536a3319490f3c4c4f6c32f027bb2bec039f165c31cd21f138c69c7df53549dd27f89995b0f102d64a4210878db489978653c62864d9376188bd351b4258cb6bde27c0fe990a91e8ba8f6dc537cb276402621ea2773591f0c7c7c5c7ad11be435af9807afe11744b202b355aac366627ac4ff3b7360b2e42788c3a1c384f1197f2fe3b87d83dc333be8eb52aebf3c815f61d5a189810019687325059974e70bf85592bbce4d44c53518f76b7a855b7999cd13c49310af6ba75f34437f003dbde0992a463fe567143677630e95bd44630e9d12cf0e4f083d270804815b37d181597e31f0b7c2660fe10a5a4d1df2fc8fd8f08d5005d433c797302b61cb1baf8a4900e3e7c81605e2610cf115aeb1f5f4351f26c8cf80a2d5a66dda4181cc6811ad6117c1c31efba2ca65886a40da6f4bc55b06264acd3b853ba775982f2057378c1341b473f9026c11b4c8f3340fe71956375cc00fbc8bb28e6459cdad76447dd272d1b62c701bd2156cf96b71e38da312f7355d53fdd9b6dad9268df16baa552936a6ea35aa2a1d94f965edeb3316e567598681475a5eef8c87d5a5fbbfe43ddd838a97c3448593e4e3b8ee39fac3125ac781ee740dba9678949d6e30d12de4153e4fad91b7b920bb8ffcaf0e74e97ce593b4d7af42bf1c1cf034611026d18b9373670b8ad283872f52c8bfd6d2715756a67840f2aceb956d56e5897ca996522accfb86b6d5ea92f10b8a6a6ed21bc7621490802d78ae7037e6f1d7d3a28b2405570f2e9ad2a9fc3bca2772101d8c35ca6a68e56d54e9761feeeb19d558b5754cf6dbd9a662c7dd2725d837b6c424ad0e68d41505de0fecd8742207cc3176bc5ff968f151037150a941835c39503504b7d3e8a4c30e8f2f6e7f24d8bec6815012ac80806c641b4e6b0bd1af5949f512ba55993d37d9103299685b2a1367e9d4c7e3597021e078ea8883642912be363463ff6da21b1c538210513023cf55df08c1e2cf21df9b427ca93bfa3821a743a8b90469c31e54abe0b97f31b023ff8e68acc94c325b8b85faf4f842e3104cb830fd7924e09c9aebfbfa54686234cdee69ace952469e377210ae54b2500ec813202f4e918e97664191e2255f096a9c8ffc508c5ac075849cd4e79ae59795280599c128260d7da30fd0f4404b82a9f19ee5b3fc5b10b7c354da806a2bf91cc1e88e75da46e1bdda2a6f0d42979353665e6dade250ac3b0bb070f9c989d0b9c225bbdb76b2388203d927be83931518a171e275cf95abb3cea15984e6e975a31e1246bb28c2db5d97f956f5e09400cfb07171260c1a1d264a3531f7626b9f2a0a81300c24a3692cbd92f74ee24111af573c08a745a59a2226fe68ff09bca2174d08f1fff740232fb9421d45dfb9eb93dbfc6cdf6ffeaf6d387230ea1f6d1ce34ad4f5b2335a938cba6b1282da9e4ea3047a85b47800e835122ec0dfb332926d07e039313ed7d64448ddeab54bb2f3313cbc385e6efc33465096fd11eec45d7e4419759015540a132490b9c51bfbf5ce66a3a90d2833b0e0012a3f33cd0022551b48e58c2c4d5dcd9358b22165f398a2a324035b61510dc7987d1b6a97ad06656f3db0824e727e14d98be857fba16d8344e63b12daa54d0b2bf014e1e605b322a4e73c4ceeb502f0ad34b1387000bece68935f4d9702693e1565108cce285ac4e45d8fda0a111feb36270da6296a37d0a0c6d1297515f46cae0e4c48d23e8a71e46be3ec8fea7898b1465ce823d27b7898ad2bae8077ac874b07ad19277f133588eeb6c2789d36788d7b0ba9497a10e879dc6a2f6ba37c73f594f395e703a10cd948ee75122a1c0488a44f221fe701f84c00a21c0060b76186c57726bf73d4aa74d5754cb8220a87e241406c43aef84cfcacc64eec47bf95991f95b2180f1c427697a1122218d05bcbfd24839c3f34e03384e5deee72db953fb40706e3c5f260b5d34341eceff864092a6f40b99107a2f56b9e4ced0ee7f2b1be63733d83369588deb75338e812f01b0ce4653d68afa4b18a9b28a80f6cd65577b52b54692d70b6e709299478b0436874725314517bb113520b722aa65c2baba720d73ffa23f9f65c9257ebbda80835d5ccdfebe7573be3c6d1a3822b9e374a0adb43c19985998aef5844615bc5448091fd8dbd283ed3a70a14b2dc85c370adbf726e04e4638b161d2bc17c74d02a16fce3d5e708b30838e1e0242aac4c32f2f1a348eec1fe5ef14e00995c238060b3940b46e0ab17a096d1b4d53b679f430a232b6fd950923321e26ef9997fd469f0bba2605066a220cd0c4c29231a4df27a9cdcd7c63eac3cd07cb624b6b4b714632a6942c9d6f73f1cfe21b23e1036590af63c5e15070f5bbc6afba3a0e7121c936b838f7f33419d3931ebdf86f9c8141a5a40b1655fcdbafda716b76605ccf03f17a92b2efd0bc094ba326a8a923048b083df19f02ac6dafed3e449e4a8bb35a783ff1c78ad7d78e0216f7cfd38c8d3f85ac7a2d59f09fc132013b058852c4b7c0b334b447067ee2cea3cff56da99eab9911ebba607ed232136e41ed3fc7109a7bb659bd83cb51441f746a0e770e17e385345b614718a97641cce700e93350d894fd9c72b5a3a970c1cec810108bacb6860bd32b5f3d0a09f5d943d7261d01cbe05cc70b959d56f52cecb7aad15f3ca0ef441996401637b69ab715e433f1ed696c9beeccec826e84d7288b6856e264dd9ea5128c6ae816c14823ae9d448a828aa5b627ffd0d540c0872a9d7eb507cbb3c291d9b8e9b75c834ea541df8674594114eeddce09a40014fe386053a419b0ca4362e8ce1215dc193e80c2f5a830649632fc498ab07cdcc368d10c158dc9b7ce41b073c9fbf3306479784a8550028d3d0ecbff51b7533cb86ae58bbbfb55b71c3313697b461f11ed53613c168071df26f2be4331d21c900853ca90eb520181ca0c8929595fc36ab60e44f225e8f792743f52321ad7bad7e5e45c040abacda8f0854839b50b0e3c58654615decd64d3b6d55ee7a5af4c787aaa41070b345e28dcc2073c1552ce4fb8c7e9037ff7d400ac6f2da389217099c5d59df9c0a9f7211c84a02adbebd2728364e0bd4da15ced9e1e52131c3de5f184dd9677641738ba24bc5bb4bd08f3075fe677c4357cfca7d66de896df230cc32c4710377384659c020ee26a41b9cd7107df6083cb9e1560e371d88e863d8507acfc59a4a4f90ec114faf7de99fba637a272220b1a87af93ed8679a867fe15c7c4833771b921d24333e119e1554d93031729d65cec18cb59a896c5c5594b03295d917a0ae63a85fde763e35e45dd3fcb7d469869da77055cf90afd50b33136526dcd0513c5b176361720ba808b0a767c09e61f618d5c7f8468"], 0x0) pread64(r0, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) r9 = open(&(0x7f0000000500)='./bus\x00', 0x0, 0x41) ioctl$LOOP_SET_STATUS64(r9, 0x4c04, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x10000000000, 0x0, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5c9d000ff8ee09e737ff0edf110ff4117639c2eb4b78c66ee677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef9cc093fce47d85272036dc78388e3dc177e9b496", "d304e6d6ae9ef30bea2a72f60000000000406728002000000000001300"}) r10 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r10, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) r11 = syz_open_dev$usbfs(&(0x7f0000003f00), 0xc, 0x2c2181) fcntl$dupfd(r11, 0x0, r11) 561.265264ms ago: executing program 1 (id=215): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @val=@tcx}, 0x40) syz_emit_ethernet(0x22, &(0x7f0000000100)={@broadcast, @local, @val={@void}, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "534ead40a3537293"}}}}, 0x0) 561.003914ms ago: executing program 1 (id=216): socket$inet_tcp(0x2, 0x1, 0x0) capset(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2) ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000280)={0x80, 0x6, 0x27d, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r1, 0x40047211, &(0x7f00000002c0)=0x4) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 556.601015ms ago: executing program 2 (id=217): perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) socket$tipc(0x1e, 0x2, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x0, 0x8}, 0x48) syz_emit_ethernet(0xfe43, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="1800000025000100000000000000000003"], 0x18}], 0x1}, 0x0) 487.01065ms ago: executing program 0 (id=218): perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4000000000, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000640)}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x6, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0xa, 0x0, 0x0, @remote}, r1}}, 0x48) socket$l2tp6(0xa, 0x2, 0x73) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000040)={0xa2, 0x6, 0x2, 0x5, 0x0, [@private1={0xfc, 0x1, '\x00', 0x1}, @remote, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}]}, 0x38) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00'}) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x404e, &(0x7f0000000080)={[{@i_version}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@nodiscard}, {@usrquota}, {@quota}, {@jqfmt_vfsv0}]}, 0x1, 0x442, &(0x7f0000000d80)="$eJzs28tvG0UYAPBv7SQlfZBQlUcfQKAgKh5Jk5bSAxcQSBxAQoJDOYYkrULdBjVBolUEKULlwAFV4o44IvEXcIILAk5IXOGOKkUolxZORmvvJrZrJ3Xq1Gn9+0nbzuyOM/N5d+yZHW8APWsk/SeJ2B0Rf0bEUDVbX2Ck+t+NlcWpf1cWp5Iol9/5J6mUu76yOJUXzV+3K8/0RRQ+T+Jgk3rnL146O1kqzVzI8mML5z4cm7946YXZc5NnZs7MnJ84efL4sfGXTky82JE407iuH/hk7tD+N967+tbUqavv//p9ksffEEeHjKx38OlyucPVddeemnTS18WG0JZitZtGf6X/D0Ux1k7eULz+WVcbB2ypcrlcfqj14aUycA9LotstALoj/6JP57/5doeGHtvC8ivVCVAa941sqx7pi0JWpr9hfttJIxFxaum/b9IttuY+BABAnR/T8c/zzcZ/hai9L3R/toYyHBEPRMTeiDgREfsi4sGIStmHI+KRNutvXCS5efxTuFaTGWzzz28oHf+9nK1t1Y//8tFfDBez3J5K/P3J6dnSzNHsPTkS/TvS/Pg6dfz02h9ftTpWO/5Lt7T+fCyYteNa347610xPLkzeTsy1li9HHOhrFn+yuhKQRMT+iDiwyTpmn/3uUKtjG8e/jg6sM5W/jXimev6XoiH+XLL++uTYfVGaOTqWXxU3++33K2+3qv+24u+A5csxuLPp9b8a/3BSu147334dV/76ouWcZrPX/0Dybt2+jycXFi6MRwwkb1YbXbt/oqHcxFr59Po/crh5/98ba+/EwYhIL+JHI+KxiHg8a/sTEfFkRBxeJ/5fXn3qg83Hv7XS+KfbOv9riYFo3NM8UTz78w91lQ63E396/o9XUkeyPbfy+Xcr7drc1QwAAAB3n0JE7I6kMLqaLhRGR6u/4d8XOwulufmF507PfXR+uvqMwHD0F/I7XUM190PHs2l9np9oyB/L7ht/XRys5Een5krT3Q4eetyuFv0/9Xex260DtpzntaB36f/Qu/R/6F36P/SuJv2/4z+0BranZt//n3ahHcCd19D/LftBDzH/h96l/0PPWtL/oSfND8bGD8nfw4mB7H3YLu25exJR2MIqvtwGAfZ4ossfTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB3yfwAAAP//RDPkFg==") r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r4, &(0x7f00000004c0)='net_prio.prioidx\x00', 0x275a, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r5, &(0x7f0000000200), 0xf000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]}) r6 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000eb0000000001000000940000930600003e5f0000000000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) r7 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'ip6tnl0\x00', 0x0}) setsockopt$packet_int(r7, 0x107, 0xf, &(0x7f0000000000)=0xf3e, 0x4) sendto$packet(r7, &(0x7f00000000c0)="3f030e00f0e812002c001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c152cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x8847, r8, 0x1, 0x0, 0x6, @multicast}, 0x14) r9 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r9, 0x8916, &(0x7f0000000200)={@empty, 0x1a, r8}) sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f00000005c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x4c, 0x0, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x7}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x100}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xffffff80}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x44) socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000001b80)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, 0x0, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) 486.62266ms ago: executing program 1 (id=219): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000340)={0x9, 0x0}, 0x8) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000380)=r1, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYRES16=r1, @ANYRES16=r0], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x67, '\x00', 0x0, 0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x140000}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r4}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000700)=ANY=[@ANYBLOB="05000000000000007b1167000000000085100000020000008500000000000000f7ff00003d7e745227c2000000009500a5050000000049615d6de63e40adad25591cd885f55bc600008fa9fbd36cc62ed057fc1b933dc8d622c2d470dd70a0b51a4823b54077db7c87133d8792302b76b89ea3d614c448d6b5de71a07f2276bd6c9236f8183833aee2697a75892bfc4bd688612e475eec4a9313bf05b67b18629a0605be14ba196f7313f6ee636ad46bad22d70e9ffcf8f5cdc27d5f6c"], &(0x7f0000000080)='GPL\x00', 0x5, 0xce, &(0x7f0000000a40)=""/206, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x6}, 0x90) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0101000000000000000001"], 0xcc}}, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x18, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)=[0xffffffffffffffff]}, 0x1) 425.257115ms ago: executing program 1 (id=220): socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00'}) r0 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x0) shmctl$IPC_RMID(r0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2f, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r2, 0x25, 0x2, @val=@tcx}, 0x40) syz_emit_ethernet(0x22, &(0x7f0000000100)={@broadcast, @local, @val={@void}, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "534ead40a3537293"}}}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 424.565355ms ago: executing program 2 (id=221): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x1a8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0000b360000000000007fffffe000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000001b000012000000004b28c962170b7020000000000000000000000000000000ffffffff000000000066c0c60e0000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000086dd6361696630000000000000000000000076657468315f746f5f7465616d00000073797a6b616c6c65723100000000000076657468315f746f5f7465616d000000aaaaaaaaaabb0000000000000000000000e8000000e80000001801000069703600000100000000000009000000000000000000000000000000000000005000000000000000fe80000000000000000000000000000000000000000000000000ffffac1e0000000000000000000000004000000000000000000080000000000000010019000000062e004904004a194dc2f70d048c00000000000000000000000800000000000400"/424]}, 0x220) 415.193526ms ago: executing program 1 (id=222): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_io_uring_setup(0x320e, &(0x7f0000000800)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000540)=0x0) syz_io_uring_setup(0x297a, &(0x7f0000000200), &(0x7f00000002c0)=0x0, &(0x7f0000000080)) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0}) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, 0x0, 0x0, 0x4) readv(r1, &(0x7f0000000700)=[{&(0x7f0000000580)=""/52, 0x34}], 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000061109a000000000095000000000000001394aa96bf7efdf5240d40052c86462718b88acfc9ea5d38543e98206ed9457a49d272f41050136d495af47ec5231bb4621489261011c63eff1ecbc10eced1f6a115a45090ea8644c6304a0651173564e0f143"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x80000, 0x0, '\x00', 0x0, 0xf}, 0x90) pipe(&(0x7f00000001c0)) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0xa, 0x0, 0x0, @remote}, r5}}, 0x48) getsockopt$inet6_mreq(r0, 0x29, 0x1a, 0x0, &(0x7f0000003580)) 364.91804ms ago: executing program 2 (id=223): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$nfc_llcp(r1, 0x6, 0x1a, 0x0, 0x2000e863) r2 = memfd_create(&(0x7f00000001c0)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84\xcdN\xf7\xf6\b~\xed_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xadNaC\xa6\xf9\xa7>c\x84\xd8\xfa\xf1\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8g8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93\xd8\x12\x8cXc5%\x03\x8d`\xdayC\x9b\x9a\xd9c\xe9\xb4\v\x99\x87\xe4\x00\x8a\x8eS\x8e\f\x05ZH\xa2\x0e\xbc\x9c\x95\b2Cf6\x9a\xe7\xb9\x86\xbe\xd0\xda\x91\xc1sl\x11PA\x93\xa5\x93\xc8\xf1w\x7fp6z\xbf\xe8[\'u\xb8\xd2$K\x12\rt\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00r\xe2`\xdf\xd2\xb3\xaf\xe9\xc4!Z\xb4&\xa2\x12\xe2i\x91kC$A\xafR\xb3\xff\x1d=\xec\x10\xb4+\x13\'\x92>\x14\x00\a\xb6R\x8b\xdcz\xc3\xd1Y\xd6\xd9;s \xb0\x938\xb7D9\xdcN\xbd\xdbn\xe35\xa7\x02\x9c\xc1\xd9\x13?\xc9\xd7\xab\x9c\xf3\x82\xd1\xee^kk\xce\xdbn\x02\x1f\x80\t\xdbr\xa9\xcc\xf1\xcb\x9f@\x8c\xfc\x02W/p\x97\xb0\xbd\x8f\xdb|n2a\xee\x95u\x83\xca\x8a>}\xd3\xd0\xff6.pa\x17\xe3e\xd2\x7f\xf6\xbc\x9d\x112\x1b\x14p\xa1\xd6u\xefn\xb4\xa3\x05D\x8c\xc5l\xcc\b\xeb\xf42\xe9\xf15\xf3\xf2\xee\xd6\xed\t\xb3\xf7\x1a\x7f\xe6\xb4z\x19\xe1\xb4w\xf7\xa6\xd7\\\xfa\x96\xe2\xf9\xb1\x81\xba\xdfg\xadI\x1c\xde*_\xd5\xdf\xeeA\xcd \x91\xc9\xd4\xd1\xcd*.t\x80]', 0x0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x5, 0x2012, r2, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x2}}, 0x6b) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_mreqn(r4, 0x0, 0x20, &(0x7f0000000980)={@local, @loopback}, &(0x7f00000009c0)=0xc) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000a40), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ANNOUNCE(0xffffffffffffffff, &(0x7f0000000b80)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r5, @ANYBLOB="00042abd7000fddbdf25080000002c000680068c07f86ed064e93a0001000a00000006000100000000000800060006000000060005004e220000080003000500000005000500000000050005000000000028000180060001000200000014000400fe800000000000000000000000000021080003007f00000108000200000000008e3b391da5c68a42f2d8"], 0x90}, 0x1, 0x0, 0x0, 0x4000000}, 0x840) r6 = inotify_init() bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@cgroup, 0xffffffffffffffff, 0x14, 0x28, 0x0, @prog_id}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYRES8=r6], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000a80), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x90) r7 = syz_io_uring_setup(0xd8, &(0x7f0000000000)={0x0, 0x0, 0x20, 0x3}, &(0x7f0000000080), &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_RESTRICTIONS(r7, 0xb, &(0x7f0000000100)=[@ioring_restriction_register_op={0x0, 0x1}], 0x100000000000002c) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r7, 0xc, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(r7, 0x1, 0x0, 0x0) inotify_add_watch(r6, &(0x7f0000000340)='.\x00', 0xa50003d1) readv(r6, &(0x7f0000000140)=[{&(0x7f0000000040)=""/182, 0xb6}], 0x1) mkdir(&(0x7f0000000200)='./file0\x00', 0x0) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, 0x0, 0x0) 338.186372ms ago: executing program 2 (id=224): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0xc3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_OFLAGS={0x6}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x30000000}, 0x0) 324.560863ms ago: executing program 2 (id=225): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x62) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff) lsm_get_self_attr(0x66, 0x0, 0xfffffffffffffffe, 0x0) 284.744747ms ago: executing program 2 (id=226): mlockall(0x7) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) munlockall() madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x4) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000700100014000180050002000100000008"], 0x28}}, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00) r5 = socket$key(0xf, 0x3, 0x2) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDDISABIO(r8, 0x4b30) r9 = socket$inet_udp(0x2, 0x2, 0x0) r10 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$MON_IOCT_RING_SIZE(0xffffffffffffffff, 0x9204, 0x0) socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) connect$pppl2tp(r10, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r9, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000300)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/52, 0x34, 0x0, &(0x7f0000000180)=""/59, 0x3b}, &(0x7f0000000340)=0x40) socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(0xffffffffffffffff, &(0x7f00000003c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r5, 0x800001, 0x4, 0x2, 0x3, {0xa, 0x4e21, 0xffffff81, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}, 0x380}}}, 0x3a) sendmsg$key(r5, &(0x7f00005f5000)={0x1000000, 0x0, &(0x7f0000000280)={&(0x7f0000000f40)=ANY=[], 0xd8}}, 0x0) sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) 118.6152ms ago: executing program 3 (id=227): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @val=@tcx}, 0x40) syz_emit_ethernet(0x22, &(0x7f0000000100)={@broadcast, @local, @val={@void}, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "534ead40a3537293"}}}}, 0x0) 118.06245ms ago: executing program 3 (id=228): perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x6e) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000004c0000004c00000008000000030000000000000700000000000000000000000300000000030000000100002ff4000000020000000000000e04000000000000000100000000000009050000000e000000000000080100000000005f002e300000"], &(0x7f0000000080)=""/146, 0x6c, 0x92, 0x0, 0x9}, 0x20) syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') setgroups(0x0, 0x0) getgroups(0x1, &(0x7f0000000080)=[0xee00]) setregid(0x0, r0) ioperm(0x0, 0x7fff, 0x15f9) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000380)) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000240)) r1 = semget$private(0x0, 0x1, 0x0) semop(r1, &(0x7f0000000080)=[{0x0, 0x0, 0x1000}], 0x1) unshare(0x20040400) semtimedop(r1, &(0x7f0000000040)=[{0x1, 0x1, 0x1000}], 0x1, 0x0) unshare(0x800) r2 = semget(0x1, 0x4, 0x412) semtimedop(r2, &(0x7f00000002c0)=[{0x3, 0x2, 0x1000}, {0x3, 0x4, 0x1000}, {0x1, 0x0, 0x800}, {0x4, 0xf, 0x1000}, {0x0, 0x5, 0x800}, {0x0, 0x4001, 0x1000}, {0x3, 0x3, 0x800}, {0x2, 0x3, 0x1000}], 0x8, &(0x7f0000000140)={0x0, 0x3938700}) semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000000)=[0x5, 0x2, 0x100, 0x0, 0x1000]) semop(0xffffffffffffffff, &(0x7f00000000c0)=[{0x2, 0x3, 0x3000}, {0x0, 0x101, 0x1800}, {0x3, 0x1, 0x800}], 0x3) semctl$IPC_RMID(r1, 0x0, 0x0) semget(0x1, 0x1, 0x42) geteuid() unshare(0x20000200) r3 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r4, 0x0) 20.944658ms ago: executing program 3 (id=229): prlimit64(0x0, 0x0, 0x0, 0x0) getpid() perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffb}, 0x0, 0x80000000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000020240), 0x10010) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r2, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x9, 0x8000, 0x1}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000000)={r4, &(0x7f0000000000), 0x20000000}, 0x18) bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f00000000c0)={r4, &(0x7f0000000000), &(0x7f0000000280)=""/181}, 0x20) bind$rds(r3, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r3, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000002c0)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1}}], 0x48}, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f00000001c0)={@mcast2}, &(0x7f0000000200)=0x14) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000380)={'syztnl2\x00', &(0x7f0000000240)={'erspan0\x00', 0x0, 0x8, 0x7800, 0x9f0, 0x7ff, {{0x5, 0x4, 0x0, 0x5, 0x14, 0x68, 0x0, 0x4, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x25}, @local}}}}) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r6 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r1, &(0x7f0000000040)={0x10000004}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000071115e000000000016000000000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r0) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r7, &(0x7f00000002c0)={0x1f, 0x1, 0x2}, 0x6) 20.443159ms ago: executing program 3 (id=230): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000240)={0xa1}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 3 (id=231): preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./bus\x00', 0xa08886, &(0x7f0000000040)=ANY=[], 0x3, 0x2b9, &(0x7f0000000ac0)="$eJzs3U1oE2kYwPGnH9t2u7QJy7KwC7v77PayigxNzkIbpBUxUNFGqgVhaicaMiYhE6Ip0kQQevHgxa+zCiKFgngQhFIPnqRFevPgrbcerCeLiCPp9COp6Qc1bQr9/w7tQ573mTx538mQvIFk/ujtK/GoY0TNjNS31El9txRksU78Ui8rCnLo6sTbv86cO38yFA73nFbtDfUHgqra/s/k4PXx/6Yyv5x93v6yWab9F+YXgnPTv0//Mf+1/3LM0ZijiWRGTR1KJjPmkG3p8F0nbqiesi3TsTSWcKx0WT5qJ1OpnJqJ4bbWVNpyHDUTOY1bOc0kNZPOqXnJjCXUMAxtaxVsbjz7ILRxNvJ00XVlIfPGdZsL4rpu8caWPWwPNba0/q5bsv63at0S9lDJRb1FxB7LRrIR77+XD0UlJrZY0ik++SLFc8R9OOEunSrFv9eCE+HZw69fqapfRu38cn0+G2korw+IT/xejceLe0+EewLqKa//SVpL64Pik98q1wcr1jfJ/x0l9Yb4ZPaiJMWWmcl/P831jd1bqR8NqB7rC6+r/1mG16bpyccarQ8AAAAAAAAAADth6KqK+/dGccDNEVVtW5f36it9PrB+f76z4v58o/zZWNvHDgAAAADAQeHkRuKmbVvpHwyKb+WrcZzqB81S2zYe3dj+4L97Nx/T0dUw0/2ukLKtdF72x/RuJ/g8sC/aKA9kefdpq8ENVX6mrAUfqnKcuuX+Nh5zfPD9sy2P0/Td/GxkavevSgAAAAB2w9qL/i7JR19k8wNH7tS6JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADpodfOXYzP1KKS0Gvz6ulFq9M+/3xQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPaVbwEAAP//u5TQrw==") ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x60c2, 0x0) r2 = open$dir(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000300), 0x16) r4 = dup3(r3, r1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f00000001c0)={'syztnl1\x00', &(0x7f0000000340)={'ip6tnl0\x00', 0x0, 0x4, 0xf6, 0x2, 0x1, 0x0, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x7, 0x0, 0x6}}) ioctl$sock_inet6_SIOCDELRT(r4, 0x890c, &(0x7f00000006c0)={@local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev={0xfe, 0x80, '\x00', 0x1e}, 0x2, 0x0, 0x0, 0x100, 0x7, 0x200000, r5}) sendfile(r4, r2, 0x0, 0x800008038) socket$inet6(0xa, 0x1, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(&(0x7f0000000180), 0xffffffffffffffff) sendfile(r1, r2, 0x0, 0xef84) r7 = syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r3) sendmsg$DEVLINK_CMD_RATE_GET(r6, &(0x7f0000000540)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f00000003c0)={0xf0, r7, 0x200, 0x70bd27, 0x25dfdbfe, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xa9, 0xa8, @random="ff4992a61b3016bfedc94cf685a5897b4c716693e7761a63616a2392fc7204cacc02531b93a4f97b64a1f00e4badc5571cab3fceee88f2412594f7bc56a92802a54b10afa7a4e71695b63aba547b9ef0481c8eb13f5bbb1467f98289c3ead683391d1a64d6fceac1431c427eae1481cf2f3bf0ec9253a9062cad967be88126d6455e807d5f1d7ba54ed7a7aa823540d82f920f1cf06611b90fe3ba27c9a947d4a50d9c1792"}]}, 0xf0}, 0x1, 0x0, 0x0, 0xc801}, 0x50) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000a40)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000000000004000000030000000000000004f5ff0000000000000000000d020000000000d1aebb675b744d29a2f24e98cdad8f9d1d523166faae048293a54595ad8952dea2e4a10fb16d36103cf6f21b1899bba7f5c30209e49746c2d197ac91e1ee7de81a8397656ef33f421d7a5927218aae3186a1f9ba6139542c7b0c616c"], 0xffffffffffffffff, 0x3e, 0xb1, 0x2}, 0x20) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) fcntl$setpipe(r8, 0x407, 0x0) r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r9, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) sync() kernel console output (not intermixed with test programs): [ 23.437571][ T29] audit: type=1400 audit(1721779831.526:79): avc: denied { rlimitinh } for pid=3068 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.438030][ T3068] sh (3068) used greatest stack depth: 11872 bytes left [ 23.440395][ T29] audit: type=1400 audit(1721779831.526:80): avc: denied { siginh } for pid=3068 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.923959][ T3069] sshd (3069) used greatest stack depth: 11624 bytes left Warning: Permanently added '10.128.0.250' (ED25519) to the list of known hosts. [ 31.351809][ T29] audit: type=1400 audit(1721779839.446:81): avc: denied { mounton } for pid=3077 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 31.353123][ T3077] cgroup: Unknown subsys name 'net' [ 31.374537][ T29] audit: type=1400 audit(1721779839.446:82): avc: denied { mount } for pid=3077 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 31.402106][ T29] audit: type=1400 audit(1721779839.476:83): avc: denied { unmount } for pid=3077 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 31.422039][ T29] audit: type=1400 audit(1721779839.476:84): avc: denied { read } for pid=2769 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 31.558751][ T3077] cgroup: Unknown subsys name 'rlimit' [ 31.683264][ T29] audit: type=1400 audit(1721779839.776:85): avc: denied { create } for pid=3077 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 31.704864][ T29] audit: type=1400 audit(1721779839.776:86): avc: denied { write } for pid=3077 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 31.725373][ T29] audit: type=1400 audit(1721779839.776:87): avc: denied { read } for pid=3077 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 31.745686][ T29] audit: type=1400 audit(1721779839.776:88): avc: denied { mounton } for pid=3077 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 31.770477][ T29] audit: type=1400 audit(1721779839.776:89): avc: denied { mount } for pid=3077 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 31.800997][ T3081] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 31.809889][ T29] audit: type=1400 audit(1721779839.906:90): avc: denied { relabelto } for pid=3081 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 31.858148][ T3077] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 32.501731][ C1] eth0: bad gso: type: 1, size: 1408 [ 32.507547][ C1] eth0: bad gso: type: 1, size: 1408 [ 32.698268][ T3087] chnl_net:caif_netlink_parms(): no params data found [ 32.757107][ T3089] chnl_net:caif_netlink_parms(): no params data found [ 32.837965][ T3087] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.845132][ T3087] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.852583][ T3087] bridge_slave_0: entered allmulticast mode [ 32.859359][ T3087] bridge_slave_0: entered promiscuous mode [ 32.865990][ T3087] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.873227][ T3087] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.880721][ T3087] bridge_slave_1: entered allmulticast mode [ 32.887298][ T3087] bridge_slave_1: entered promiscuous mode [ 32.927078][ T3087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 32.936739][ T3089] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.943907][ T3089] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.960752][ T3089] bridge_slave_0: entered allmulticast mode [ 32.971605][ T3089] bridge_slave_0: entered promiscuous mode [ 32.978903][ T3089] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.986000][ T3089] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.993264][ T3089] bridge_slave_1: entered allmulticast mode [ 32.999961][ T3089] bridge_slave_1: entered promiscuous mode [ 33.007180][ T3087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.054323][ T3087] team0: Port device team_slave_0 added [ 33.065866][ T3089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.082848][ T3087] team0: Port device team_slave_1 added [ 33.094814][ T3089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.127182][ T3087] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.134243][ T3087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.160162][ T3087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.173075][ T3087] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.180063][ T3087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.206201][ T3087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.242460][ T3089] team0: Port device team_slave_0 added [ 33.252703][ T3089] team0: Port device team_slave_1 added [ 33.277108][ T3087] hsr_slave_0: entered promiscuous mode [ 33.283027][ T3087] hsr_slave_1: entered promiscuous mode [ 33.302187][ T3089] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.309173][ T3089] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.335110][ T3089] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.346633][ T3089] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.353641][ T3089] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.379546][ T3089] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.430072][ T3089] hsr_slave_0: entered promiscuous mode [ 33.436043][ T3089] hsr_slave_1: entered promiscuous mode [ 33.442036][ T3089] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 33.449766][ T3089] Cannot create hsr debugfs directory [ 33.520082][ T3112] chnl_net:caif_netlink_parms(): no params data found [ 33.533287][ T3116] chnl_net:caif_netlink_parms(): no params data found [ 33.601297][ T3087] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 33.613609][ T3087] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 33.633672][ T3110] chnl_net:caif_netlink_parms(): no params data found [ 33.642359][ T3087] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 33.663316][ T3087] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 33.671961][ T3116] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.679122][ T3116] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.686356][ T3116] bridge_slave_0: entered allmulticast mode [ 33.693046][ T3116] bridge_slave_0: entered promiscuous mode [ 33.702447][ T3116] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.709692][ T3116] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.716969][ T3116] bridge_slave_1: entered allmulticast mode [ 33.723386][ T3116] bridge_slave_1: entered promiscuous mode [ 33.762468][ T3112] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.769574][ T3112] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.777061][ T3112] bridge_slave_0: entered allmulticast mode [ 33.783577][ T3112] bridge_slave_0: entered promiscuous mode [ 33.790450][ T3112] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.797565][ T3112] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.804877][ T3112] bridge_slave_1: entered allmulticast mode [ 33.811420][ T3112] bridge_slave_1: entered promiscuous mode [ 33.850588][ T3112] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.862542][ T3116] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.876214][ T3112] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.885333][ T3089] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 33.897558][ T3116] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.922744][ T3089] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 33.946510][ T3112] team0: Port device team_slave_0 added [ 33.955022][ T3112] team0: Port device team_slave_1 added [ 33.961061][ T3089] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 33.969602][ T3110] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.976901][ T3110] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.984385][ T3110] bridge_slave_0: entered allmulticast mode [ 33.990850][ T3110] bridge_slave_0: entered promiscuous mode [ 33.998737][ T3116] team0: Port device team_slave_0 added [ 34.004660][ T3110] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.011950][ T3110] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.019285][ T3110] bridge_slave_1: entered allmulticast mode [ 34.025684][ T3110] bridge_slave_1: entered promiscuous mode [ 34.042389][ T3112] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.049561][ T3112] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.075561][ T3112] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.086604][ T3089] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 34.095697][ T3116] team0: Port device team_slave_1 added [ 34.108725][ T3112] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.115691][ T3112] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.141722][ T3112] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.166265][ T3116] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.173307][ T3116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.199430][ T3116] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.217024][ T3110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 34.227421][ T3110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 34.243261][ T3116] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.250243][ T3116] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.276227][ T3116] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.300632][ T3110] team0: Port device team_slave_0 added [ 34.325850][ T3112] hsr_slave_0: entered promiscuous mode [ 34.332331][ T3112] hsr_slave_1: entered promiscuous mode [ 34.338260][ T3112] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 34.345800][ T3112] Cannot create hsr debugfs directory [ 34.352180][ T3110] team0: Port device team_slave_1 added [ 34.367859][ T3116] hsr_slave_0: entered promiscuous mode [ 34.373885][ T3116] hsr_slave_1: entered promiscuous mode [ 34.379854][ T3116] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 34.387454][ T3116] Cannot create hsr debugfs directory [ 34.404188][ T3110] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.411183][ T3110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.437207][ T3110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.466731][ T3110] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.473785][ T3110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.499766][ T3110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.515291][ T3087] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.579696][ T3087] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.615996][ T3110] hsr_slave_0: entered promiscuous mode [ 34.622333][ T3110] hsr_slave_1: entered promiscuous mode [ 34.628386][ T3110] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 34.635927][ T3110] Cannot create hsr debugfs directory [ 34.665098][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.672228][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.680971][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.688177][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.723257][ T3112] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 34.745669][ T3112] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 34.756240][ T3112] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 34.764936][ T3112] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 34.816812][ T3089] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.828626][ T3116] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 34.838339][ T3116] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 34.856108][ T3089] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.867560][ T3116] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 34.876397][ T3116] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 34.900429][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.907579][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.936585][ T3164] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.943687][ T3164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.958995][ T3110] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 34.972981][ T3087] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.988286][ T3110] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 34.997422][ T3110] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 35.006447][ T3110] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 35.020317][ T3089] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 35.038629][ T3112] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.080481][ T3112] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.124428][ T3110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.132707][ T3160] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.139830][ T3160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.158037][ T3160] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.165179][ T3160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.182423][ T3089] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.196631][ T3110] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.207821][ T3116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.223628][ T3087] veth0_vlan: entered promiscuous mode [ 35.231557][ T3160] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.238745][ T3160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.256305][ T3164] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.263476][ T3164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.279054][ T3087] veth1_vlan: entered promiscuous mode [ 35.291519][ T3116] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.310889][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.317968][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.345063][ T3110] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 35.355642][ T3110] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 35.374760][ T3166] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.381952][ T3166] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.413073][ T3116] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 35.423519][ T3116] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 35.475237][ T3112] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.501281][ T3087] veth0_macvtap: entered promiscuous mode [ 35.517153][ T3089] veth0_vlan: entered promiscuous mode [ 35.525391][ T3089] veth1_vlan: entered promiscuous mode [ 35.541734][ T3110] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.559663][ T3116] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.586485][ T3089] veth0_macvtap: entered promiscuous mode [ 35.595040][ T3087] veth1_macvtap: entered promiscuous mode [ 35.615504][ T3089] veth1_macvtap: entered promiscuous mode [ 35.631733][ T3087] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.648718][ T3087] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.669867][ T3087] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.678868][ T3087] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.687646][ T3087] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.696483][ T3087] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.707766][ T3089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.718312][ T3089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.730573][ T3089] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.748578][ T3116] veth0_vlan: entered promiscuous mode [ 35.757395][ T3116] veth1_vlan: entered promiscuous mode [ 35.779866][ T3089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.790382][ T3089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.804089][ T3089] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.826357][ T3089] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.835137][ T3089] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.844027][ T3089] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.852773][ T3089] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.899362][ T3116] veth0_macvtap: entered promiscuous mode [ 35.909617][ T3110] veth0_vlan: entered promiscuous mode [ 35.918342][ T3112] veth0_vlan: entered promiscuous mode [ 35.925994][ T3229] FAULT_INJECTION: forcing a failure. [ 35.925994][ T3229] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 35.930755][ T3116] veth1_macvtap: entered promiscuous mode [ 35.939264][ T3229] CPU: 1 UID: 0 PID: 3229 Comm: syz.1.2 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 35.951937][ T3116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.954966][ T3229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 35.965412][ T3116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.965424][ T3116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 35.975488][ T3229] Call Trace: [ 35.975499][ T3229] [ 35.975509][ T3229] dump_stack_lvl+0xf2/0x150 [ 35.975538][ T3229] dump_stack+0x15/0x20 [ 35.975560][ T3229] should_fail_ex+0x229/0x230 [ 35.975619][ T3229] should_fail+0xb/0x10 [ 35.985486][ T3116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.995804][ T3229] should_fail_usercopy+0x1a/0x20 [ 35.995848][ T3229] _copy_from_user+0x1e/0xd0 [ 36.003321][ T3116] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.006698][ T3229] set_selection_user+0x48/0xa0 [ 36.006736][ T3229] tioclinux+0x2b0/0x430 [ 36.012202][ T3116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.015901][ T3229] vt_ioctl+0x84f/0x1810 [ 36.020101][ T3116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.029954][ T3229] ? tty_jobctrl_ioctl+0x2ab/0x810 [ 36.029999][ T3229] tty_ioctl+0x821/0xbe0 [ 36.035009][ T3116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.039635][ T3229] ? __pfx_tty_ioctl+0x10/0x10 [ 36.046963][ T3116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.051748][ T3229] __se_sys_ioctl+0xd3/0x150 [ 36.059758][ T3116] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.066371][ T3229] __x64_sys_ioctl+0x43/0x50 [ 36.072181][ T3116] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.080392][ T3229] x64_sys_call+0x1688/0x2e00 [ 36.080430][ T3229] do_syscall_64+0xc9/0x1c0 [ 36.080455][ T3229] ? clear_bhb_loop+0x55/0xb0 [ 36.080475][ T3229] ? clear_bhb_loop+0x55/0xb0 [ 36.085673][ T3116] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.089808][ T3229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 36.100292][ T3116] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.105009][ T3229] RIP: 0033:0x7fb27edb5f19 [ 36.114835][ T3116] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.119355][ T3229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 36.119379][ T3229] RSP: 002b:00007fb27da37048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 36.223225][ T3229] RAX: ffffffffffffffda RBX: 00007fb27ef45f60 RCX: 00007fb27edb5f19 [ 36.231202][ T3229] RDX: 0000000020000100 RSI: 000000000000541c RDI: 0000000000000006 [ 36.239209][ T3229] RBP: 00007fb27da370a0 R08: 0000000000000000 R09: 0000000000000000 [ 36.247182][ T3229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 36.255180][ T3229] R13: 000000000000000b R14: 00007fb27ef45f60 R15: 00007ffda1aec868 [ 36.263240][ T3229] [ 36.282765][ T3110] veth1_vlan: entered promiscuous mode [ 36.299342][ T3232] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 36.308752][ T3112] veth1_vlan: entered promiscuous mode [ 36.318316][ T3232] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6'. [ 36.327034][ T3232] netlink: 56 bytes leftover after parsing attributes in process `syz.1.6'. [ 36.344152][ T3112] veth0_macvtap: entered promiscuous mode [ 36.359874][ T3112] veth1_macvtap: entered promiscuous mode [ 36.379478][ T3110] veth0_macvtap: entered promiscuous mode [ 36.404810][ T3110] veth1_macvtap: entered promiscuous mode [ 36.416149][ T3238] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 36.430644][ T3112] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.434700][ T29] kauditd_printk_skb: 34 callbacks suppressed [ 36.434718][ T29] audit: type=1400 audit(1721779844.526:125): avc: denied { create } for pid=3235 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 36.441273][ T3112] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.476412][ T3112] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.477028][ T29] audit: type=1400 audit(1721779844.576:126): avc: denied { create } for pid=3243 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 36.486859][ T3112] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.486882][ T3112] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.486896][ T3112] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.495159][ T3112] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.530139][ T29] audit: type=1400 audit(1721779844.606:127): avc: denied { create } for pid=3243 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 36.539949][ T3112] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.543642][ T29] audit: type=1400 audit(1721779844.626:128): avc: denied { prog_run } for pid=3236 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 36.562716][ T3112] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.576404][ T29] audit: type=1400 audit(1721779844.666:129): avc: denied { create } for pid=3243 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 36.591763][ T3112] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.591783][ T3112] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.591805][ T3112] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.642457][ T29] audit: type=1400 audit(1721779844.726:130): avc: denied { write } for pid=3243 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 36.651614][ T3112] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.673035][ T3245] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'. [ 36.682204][ T3112] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.698107][ T29] audit: type=1400 audit(1721779844.766:131): avc: denied { write } for pid=3236 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 36.718326][ T29] audit: type=1400 audit(1721779844.766:132): avc: denied { read } for pid=3236 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 36.726409][ T3110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.748888][ T3110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.758731][ T3110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.769220][ T3110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.779148][ T3110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.789718][ T3110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.799603][ T3110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.810091][ T3110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.825272][ T29] audit: type=1400 audit(1721779844.916:133): avc: denied { create } for pid=3250 comm="syz.1.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 36.832493][ T3110] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.845233][ T29] audit: type=1400 audit(1721779844.916:134): avc: denied { write } for pid=3250 comm="syz.1.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 36.905553][ T3112] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.914416][ T3112] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.914535][ T3112] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.914687][ T3112] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.929869][ T3110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.929892][ T3110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.929903][ T3110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.929990][ T3110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.930005][ T3110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.930021][ T3110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.930032][ T3110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.930048][ T3110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.936585][ T3110] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.050835][ T3249] geneve1: entered promiscuous mode [ 37.056360][ T3249] geneve1: entered allmulticast mode [ 37.064518][ T3280] netlink: 20 bytes leftover after parsing attributes in process `syz.2.13'. [ 37.083048][ T3280] syz.2.13 (3280) used greatest stack depth: 11248 bytes left [ 37.098983][ T3249] team0: Port device geneve1 added [ 37.122256][ T3275] batadv0: entered promiscuous mode [ 37.128904][ T3275] macvtap0: entered promiscuous mode [ 37.135092][ T3275] macvtap0: left promiscuous mode [ 37.140621][ T3275] batadv0: left promiscuous mode [ 37.154252][ T3110] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.154292][ T3110] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.154377][ T3110] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.154476][ T3110] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.167606][ T3281] loop1: detected capacity change from 0 to 512 [ 37.167899][ T3281] ======================================================= [ 37.167899][ T3281] WARNING: The mand mount option has been deprecated and [ 37.167899][ T3281] and is ignored by this kernel. Remove the mand [ 37.167899][ T3281] option from the mount to silence this warning. [ 37.167899][ T3281] ======================================================= [ 37.185708][ T3281] EXT4-fs (loop1): external journal device major/minor numbers have changed [ 37.266640][ T3285] netlink: 24 bytes leftover after parsing attributes in process `syz.2.15'. [ 37.270031][ T3281] EXT4-fs (loop1): failed to open journal device unknown-block(4,137) -6 [ 37.290189][ T3249] syz.0.1 (3249) used greatest stack depth: 11040 bytes left [ 37.339660][ T3293] FAULT_INJECTION: forcing a failure. [ 37.339660][ T3293] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 37.352932][ T3293] CPU: 1 UID: 0 PID: 3293 Comm: syz.0.16 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 37.363145][ T3293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 37.373386][ T3293] Call Trace: [ 37.376679][ T3293] [ 37.379618][ T3293] dump_stack_lvl+0xf2/0x150 [ 37.384230][ T3293] dump_stack+0x15/0x20 [ 37.388447][ T3293] should_fail_ex+0x229/0x230 [ 37.393232][ T3293] should_fail+0xb/0x10 [ 37.397489][ T3293] should_fail_usercopy+0x1a/0x20 [ 37.402562][ T3293] _copy_to_user+0x1e/0xa0 [ 37.407015][ T3293] simple_read_from_buffer+0xa0/0x110 [ 37.412538][ T3293] proc_fail_nth_read+0xfc/0x140 [ 37.417549][ T3293] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 37.423121][ T3293] vfs_read+0x1a2/0x6e0 [ 37.427335][ T3293] ? __rcu_read_unlock+0x4e/0x70 [ 37.432296][ T3293] ? __fget_files+0x1da/0x210 [ 37.437008][ T3293] ksys_read+0xeb/0x1b0 [ 37.441205][ T3293] __x64_sys_read+0x42/0x50 [ 37.445813][ T3293] x64_sys_call+0x2a36/0x2e00 [ 37.450610][ T3293] do_syscall_64+0xc9/0x1c0 [ 37.455135][ T3293] ? clear_bhb_loop+0x55/0xb0 [ 37.459907][ T3293] ? clear_bhb_loop+0x55/0xb0 [ 37.464606][ T3293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 37.470575][ T3293] RIP: 0033:0x7fdae2a249fc [ 37.475009][ T3293] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 37.494804][ T3293] RSP: 002b:00007fdae16a7040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 37.503242][ T3293] RAX: ffffffffffffffda RBX: 00007fdae2bb5f60 RCX: 00007fdae2a249fc [ 37.511226][ T3293] RDX: 000000000000000f RSI: 00007fdae16a70b0 RDI: 0000000000000003 [ 37.519207][ T3293] RBP: 00007fdae16a70a0 R08: 0000000000000000 R09: 0000000000000000 [ 37.527277][ T3293] R10: 0000000020000480 R11: 0000000000000246 R12: 0000000000000001 [ 37.535256][ T3293] R13: 000000000000000b R14: 00007fdae2bb5f60 R15: 00007ffe47c7bca8 [ 37.543286][ T3293] [ 37.552718][ T3299] loop2: detected capacity change from 0 to 128 [ 37.587458][ T3299] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 37.636881][ T3299] FAULT_INJECTION: forcing a failure. [ 37.636881][ T3299] name failslab, interval 1, probability 0, space 0, times 1 [ 37.649661][ T3299] CPU: 1 UID: 0 PID: 3299 Comm: syz.2.18 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 37.657457][ T3313] loop3: detected capacity change from 0 to 128 [ 37.659877][ T3299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 37.676364][ T3299] Call Trace: [ 37.679713][ T3299] [ 37.682664][ T3299] dump_stack_lvl+0xf2/0x150 [ 37.687355][ T3299] dump_stack+0x15/0x20 [ 37.691596][ T3299] should_fail_ex+0x229/0x230 [ 37.696316][ T3299] ? register_netdevice+0x1fa/0xe30 [ 37.701559][ T3299] should_failslab+0x8f/0xb0 [ 37.706261][ T3299] __kmalloc_cache_noprof+0x4b/0x2a0 [ 37.711591][ T3299] register_netdevice+0x1fa/0xe30 [ 37.712408][ T3313] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 37.716695][ T3299] ? hsr_add_port+0x303/0x500 [ 37.716757][ T3299] hsr_dev_finalize+0x3bf/0x5a0 [ 37.716792][ T3299] hsr_newlink+0x535/0x5e0 [ 37.716828][ T3299] ? __pfx_hsr_newlink+0x10/0x10 [ 37.716859][ T3299] rtnl_newlink+0xeff/0x1690 [ 37.716898][ T3299] ? mutex_spin_on_owner+0xc6/0x170 [ 37.731741][ T3313] ext4 filesystem being mounted at /1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 37.733606][ T3299] ? __mutex_lock+0x18f/0x8e0 [ 37.733637][ T3299] ? __pfx_rtnl_newlink+0x10/0x10 [ 37.749081][ T3313] netlink: 'syz.3.23': attribute type 16 has an invalid length. [ 37.752479][ T3299] rtnetlink_rcv_msg+0x6aa/0x710 [ 37.757784][ T3313] netlink: 'syz.3.23': attribute type 3 has an invalid length. [ 37.789495][ T3299] ? ref_tracker_free+0x3a5/0x410 [ 37.789608][ T3299] ? __dev_queue_xmit+0x161/0x1fe0 [ 37.794288][ T3313] netlink: 132 bytes leftover after parsing attributes in process `syz.3.23'. [ 37.799292][ T3299] netlink_rcv_skb+0x12c/0x230 [ 37.799329][ T3299] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 37.844515][ T3323] loop0: detected capacity change from 0 to 2048 [ 37.848759][ T3299] rtnetlink_rcv+0x1c/0x30 [ 37.860000][ T3299] netlink_unicast+0x593/0x670 [ 37.864820][ T3299] netlink_sendmsg+0x5cc/0x6e0 [ 37.869614][ T3299] ? __pfx_netlink_sendmsg+0x10/0x10 [ 37.874919][ T3299] __sock_sendmsg+0x140/0x180 [ 37.879755][ T3299] ____sys_sendmsg+0x312/0x410 [ 37.884546][ T3299] __sys_sendmsg+0x1e9/0x280 [ 37.889177][ T3299] __x64_sys_sendmsg+0x46/0x50 [ 37.894042][ T3299] x64_sys_call+0x26f8/0x2e00 [ 37.898737][ T3299] do_syscall_64+0xc9/0x1c0 [ 37.903301][ T3299] ? clear_bhb_loop+0x55/0xb0 [ 37.908012][ T3299] ? clear_bhb_loop+0x55/0xb0 [ 37.912702][ T3299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 37.918700][ T3299] RIP: 0033:0x7faed3545f19 [ 37.923181][ T3299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 37.942811][ T3299] RSP: 002b:00007faed21c7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 37.951290][ T3299] RAX: ffffffffffffffda RBX: 00007faed36d5f60 RCX: 00007faed3545f19 [ 37.959275][ T3299] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000009 [ 37.967271][ T3299] RBP: 00007faed21c70a0 R08: 0000000000000000 R09: 0000000000000000 [ 37.975426][ T3299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 37.983567][ T3299] R13: 000000000000000b R14: 00007faed36d5f60 R15: 00007fff09fc4208 [ 37.991570][ T3299] [ 38.058536][ T3110] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 38.079618][ T3327] batadv0: entered promiscuous mode [ 38.087654][ T3323] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.101278][ T3327] macvtap0: entered promiscuous mode [ 38.110999][ T3327] macvtap0: left promiscuous mode [ 38.115863][ T3338] FAULT_INJECTION: forcing a failure. [ 38.115863][ T3338] name failslab, interval 1, probability 0, space 0, times 0 [ 38.128794][ T3338] CPU: 0 UID: 0 PID: 3338 Comm: syz.1.30 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 38.139023][ T3338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 38.149155][ T3338] Call Trace: [ 38.152445][ T3338] [ 38.155444][ T3338] dump_stack_lvl+0xf2/0x150 [ 38.160206][ T3338] dump_stack+0x15/0x20 [ 38.164408][ T3338] should_fail_ex+0x229/0x230 [ 38.169135][ T3338] ? skb_clone+0x154/0x1f0 [ 38.173629][ T3338] should_failslab+0x8f/0xb0 [ 38.178251][ T3338] kmem_cache_alloc_noprof+0x4c/0x290 [ 38.183642][ T3338] skb_clone+0x154/0x1f0 [ 38.187924][ T3338] nfnetlink_rcv+0x2de/0x15b0 [ 38.192677][ T3338] ? kmem_cache_free+0xd8/0x280 [ 38.197541][ T3338] ? nlmon_xmit+0x51/0x60 [ 38.201889][ T3338] ? __kfree_skb+0x102/0x150 [ 38.206508][ T3338] ? consume_skb+0x57/0x180 [ 38.211035][ T3338] ? nlmon_xmit+0x51/0x60 [ 38.215578][ T3338] ? dev_hard_start_xmit+0x3c1/0x3f0 [ 38.220883][ T3338] ? __dev_queue_xmit+0xb86/0x1fe0 [ 38.226010][ T3338] ? ref_tracker_free+0x3a5/0x410 [ 38.231054][ T3338] ? __dev_queue_xmit+0x161/0x1fe0 [ 38.236188][ T3338] netlink_unicast+0x593/0x670 [ 38.240969][ T3338] netlink_sendmsg+0x5cc/0x6e0 [ 38.245856][ T3338] ? __pfx_netlink_sendmsg+0x10/0x10 [ 38.251162][ T3338] __sock_sendmsg+0x140/0x180 [ 38.255986][ T3338] ____sys_sendmsg+0x312/0x410 [ 38.260803][ T3338] __sys_sendmsg+0x1e9/0x280 [ 38.265462][ T3338] __x64_sys_sendmsg+0x46/0x50 [ 38.270245][ T3338] x64_sys_call+0x26f8/0x2e00 [ 38.275006][ T3338] do_syscall_64+0xc9/0x1c0 [ 38.279559][ T3338] ? clear_bhb_loop+0x55/0xb0 [ 38.284249][ T3338] ? clear_bhb_loop+0x55/0xb0 [ 38.288930][ T3338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 38.294849][ T3338] RIP: 0033:0x7fb27edb5f19 [ 38.299266][ T3338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 38.318928][ T3338] RSP: 002b:00007fb27da37048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 38.327345][ T3338] RAX: ffffffffffffffda RBX: 00007fb27ef45f60 RCX: 00007fb27edb5f19 [ 38.335403][ T3338] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 38.343378][ T3338] RBP: 00007fb27da370a0 R08: 0000000000000000 R09: 0000000000000000 [ 38.351430][ T3338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 38.359585][ T3338] R13: 000000000000000b R14: 00007fb27ef45f60 R15: 00007ffda1aec868 [ 38.367565][ T3338] [ 38.373417][ T3327] batadv0: left promiscuous mode [ 38.381999][ T3340] loop2: detected capacity change from 0 to 512 [ 38.390813][ T3341] loop4: detected capacity change from 0 to 512 [ 38.400562][ T3340] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 38.414165][ T3339] usb usb1: usbfs: process 3339 (syz.3.26) did not claim interface 0 before use [ 38.438668][ T3341] journal_path: Lookup failure for './file1' [ 38.444719][ T3341] EXT4-fs: error: could not find journal device path [ 38.474518][ T3346] loop1: detected capacity change from 0 to 256 [ 38.492770][ T3340] EXT4-fs (loop2): failed to open journal device unknown-block(4,137) -6 [ 38.521967][ T3331] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 38.526049][ T3349] Zero length message leads to an empty skb [ 38.540852][ T3331] vhci_hcd: invalid port number 16 [ 38.559151][ T3353] EXT4-fs error (device loop0): __ext4_remount:6491: comm syz.0.24: Abort forced by user [ 38.578512][ T3353] EXT4-fs (loop0): Remounting filesystem read-only [ 38.618000][ T3355] loop2: detected capacity change from 0 to 1024 [ 38.635518][ T3355] EXT4-fs: Ignoring removed orlov option [ 38.664853][ T3355] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.701419][ T3367] loop1: detected capacity change from 0 to 256 [ 38.732056][ T3089] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.751813][ T3368] loop3: detected capacity change from 0 to 512 [ 38.809691][ T3374] usb usb1: usbfs: process 3374 (syz.4.42) did not claim interface 0 before use [ 38.837038][ T50] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 12 with max blocks 16 with error 28 [ 38.849681][ T50] EXT4-fs (loop2): This should not happen!! Data will be lost [ 38.849681][ T50] [ 38.859378][ T50] EXT4-fs (loop2): Total free blocks count 0 [ 38.865471][ T50] EXT4-fs (loop2): Free/Dirty block details [ 38.869686][ T3377] loop0: detected capacity change from 0 to 2048 [ 38.871435][ T50] EXT4-fs (loop2): free_blocks=0 [ 38.882731][ T50] EXT4-fs (loop2): dirty_blocks=0 [ 38.887863][ T50] EXT4-fs (loop2): Block reservation details [ 38.893889][ T50] EXT4-fs (loop2): i_reserved_data_blocks=0 [ 38.916129][ T3116] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.929275][ T3386] loop3: detected capacity change from 0 to 128 [ 38.945429][ T3386] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 38.958861][ T3377] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.973943][ T3393] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 38.985744][ T3386] ext4 filesystem being mounted at /6/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 39.026822][ T3396] netlink: 80 bytes leftover after parsing attributes in process `syz.0.40'. [ 39.035687][ T3396] netlink: 80 bytes leftover after parsing attributes in process `syz.0.40'. [ 39.079118][ T3386] syz.3.46 (3386) used greatest stack depth: 10800 bytes left [ 39.093378][ T3399] batadv0: entered promiscuous mode [ 39.105064][ T3110] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 39.114503][ T3089] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.125720][ T3399] macvtap0: entered promiscuous mode [ 39.133724][ T3399] macvtap0: left promiscuous mode [ 39.145868][ T3399] batadv0: left promiscuous mode [ 39.162671][ T3405] loop0: detected capacity change from 0 to 2048 [ 39.172794][ T3403] loop2: detected capacity change from 0 to 512 [ 39.186523][ T3403] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 39.202361][ T3405] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.214947][ T3407] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 39.260561][ T3413] loop3: detected capacity change from 0 to 512 [ 39.273561][ T3403] EXT4-fs (loop2): failed to open journal device unknown-block(4,137) -6 [ 39.329446][ T3413] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.353133][ T3413] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.365616][ T3419] EXT4-fs error (device loop0): __ext4_remount:6491: comm syz.0.50: Abort forced by user [ 39.420716][ T3419] EXT4-fs (loop0): Remounting filesystem read-only [ 39.439187][ T3110] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.485102][ T3089] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.569351][ T3427] loop0: detected capacity change from 0 to 2048 [ 39.598642][ T3427] loop0: p1 < > p4 [ 39.605789][ T3427] loop0: p4 size 8388608 extends beyond EOD, truncated [ 39.624595][ T2787] loop0: p1 < > p4 [ 39.627054][ T3427] netlink: 'syz.0.55': attribute type 1 has an invalid length. [ 39.630339][ T2787] loop0: p4 size 8388608 extends beyond EOD, truncated [ 39.666841][ T2787] loop0: p1 < > p4 [ 39.671495][ T2787] loop0: p4 size 8388608 extends beyond EOD, truncated [ 39.692459][ T3441] loop1: detected capacity change from 0 to 512 [ 39.713801][ T3441] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 39.727123][ T3441] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 39.737030][ T3441] EXT4-fs (loop1): bad geometry: first data block 256 is beyond end of filesystem (256) [ 39.749803][ T3271] udevd[3271]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 39.761440][ T3080] udevd[3080]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 39.779818][ T3449] loop0: detected capacity change from 0 to 128 [ 39.796396][ T3391] syz.4.47 (3391) used greatest stack depth: 9872 bytes left [ 39.798956][ T3449] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 39.830279][ T3080] udevd[3080]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 39.836476][ T3351] udevd[3351]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 39.850753][ T3449] ext4 filesystem being mounted at /9/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 39.873751][ T3449] openvswitch: netlink: Tunnel attr 10 has unexpected len 0 expected 2 [ 39.894867][ T3456] loop1: detected capacity change from 0 to 512 [ 39.895771][ T3424] chnl_net:caif_netlink_parms(): no params data found [ 39.911090][ T3456] EXT4-fs error (device loop1): __ext4_iget:4985: inode #11: block 16: comm syz.1.62: invalid block [ 39.922748][ T3456] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.62: couldn't read orphan inode 11 (err -117) [ 39.936925][ T3456] EXT4-fs (loop1): 1 truncate cleaned up [ 39.943346][ T3089] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 39.943673][ T3456] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.973175][ T3456] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.62: bg 0: block 16: invalid block bitmap [ 40.003117][ T3424] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.010451][ T3424] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.018007][ T3424] bridge_slave_0: entered allmulticast mode [ 40.024571][ T3424] bridge_slave_0: entered promiscuous mode [ 40.032100][ T3424] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.039325][ T3424] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.046502][ T3424] bridge_slave_1: entered allmulticast mode [ 40.053772][ T3424] bridge_slave_1: entered promiscuous mode [ 40.053816][ T3087] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.069377][ T3464] netlink: 576 bytes leftover after parsing attributes in process `syz.0.63'. [ 40.119596][ T3424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.130935][ T3424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.145125][ T3471] loop1: detected capacity change from 0 to 256 [ 40.175806][ T3471] FAT-fs (loop1): bogus sectors per cluster 223 [ 40.182168][ T3471] FAT-fs (loop1): Can't find a valid FAT filesystem [ 40.196687][ T3424] team0: Port device team_slave_0 added [ 40.225892][ T3424] team0: Port device team_slave_1 added [ 40.236013][ T3476] netlink: 29 bytes leftover after parsing attributes in process `syz.0.67'. [ 40.296619][ T3424] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.303661][ T3424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.329731][ T3424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.343817][ T3482] loop1: detected capacity change from 0 to 128 [ 40.408918][ T3493] loop2: detected capacity change from 0 to 512 [ 40.417882][ T3424] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.424884][ T3424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.451211][ T3424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.474993][ T3487] loop0: detected capacity change from 0 to 1024 [ 40.481844][ T3493] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 40.507376][ T3487] EXT4-fs: Ignoring removed orlov option [ 40.513117][ T3487] EXT4-fs: Ignoring removed oldalloc option [ 40.551051][ T3487] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 40.587589][ T3487] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 40.589076][ T3424] hsr_slave_0: entered promiscuous mode [ 40.598714][ T3487] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869) [ 40.614236][ T3424] hsr_slave_1: entered promiscuous mode [ 40.623674][ T3487] EXT4-fs (loop0): invalid journal inode [ 40.629645][ T3424] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 40.629932][ T3487] EXT4-fs (loop0): can't get journal size [ 40.643450][ T3487] EXT4-fs error (device loop0): ext4_protect_reserved_inode:182: inode #2: comm syz.0.70: blocks 6-6 from inode overlap system zone [ 40.647006][ T3424] Cannot create hsr debugfs directory [ 40.658927][ T3487] EXT4-fs (loop0): failed to initialize system zone (-117) [ 40.678676][ T3487] EXT4-fs (loop0): mount failed [ 40.895086][ T3424] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.915828][ T3527] loop0: detected capacity change from 0 to 1024 [ 40.936540][ T3528] FAULT_INJECTION: forcing a failure. [ 40.936540][ T3528] name failslab, interval 1, probability 0, space 0, times 0 [ 40.949434][ T3528] CPU: 0 UID: 0 PID: 3528 Comm: syz.1.79 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 40.949739][ T3527] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 40.959600][ T3528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 40.978477][ T3528] Call Trace: [ 40.981785][ T3528] [ 40.984726][ T3528] dump_stack_lvl+0xf2/0x150 [ 40.989341][ T3528] dump_stack+0x15/0x20 [ 40.993527][ T3528] should_fail_ex+0x229/0x230 [ 40.996827][ T3527] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 40.998224][ T3528] ? batadv_hash_new+0x5d/0x190 [ 41.009626][ T3527] EXT4-fs (loop0): group descriptors corrupted! [ 41.013920][ T3528] should_failslab+0x8f/0xb0 [ 41.024802][ T3528] __kmalloc_noprof+0xa5/0x370 [ 41.029689][ T3528] batadv_hash_new+0x5d/0x190 [ 41.034443][ T3528] batadv_tt_init+0x92/0x1f0 [ 41.039062][ T3528] batadv_mesh_init+0x2aa/0x440 [ 41.043941][ T3528] batadv_softif_init_late+0x3c2/0x440 [ 41.049477][ T3528] register_netdevice+0x293/0xe30 [ 41.054618][ T3528] ? rtnl_create_link+0x579/0x680 [ 41.059768][ T3528] batadv_softif_newlink+0x6f/0x80 [ 41.064899][ T3528] ? __pfx_batadv_softif_newlink+0x10/0x10 [ 41.070797][ T3528] rtnl_newlink+0xeff/0x1690 [ 41.075427][ T3528] ? __list_del_entry_valid_or_report+0x5f/0xf0 [ 41.081677][ T3528] ? _raw_spin_unlock+0x26/0x50 [ 41.086539][ T3528] ? __mutex_lock+0x221/0x8e0 [ 41.091249][ T3528] ? __pfx_rtnl_newlink+0x10/0x10 [ 41.096308][ T3528] rtnetlink_rcv_msg+0x6aa/0x710 [ 41.101262][ T3528] ? ref_tracker_free+0x3a5/0x410 [ 41.106309][ T3528] ? __dev_queue_xmit+0x161/0x1fe0 [ 41.111471][ T3528] netlink_rcv_skb+0x12c/0x230 [ 41.116254][ T3528] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 41.121738][ T3528] rtnetlink_rcv+0x1c/0x30 [ 41.126272][ T3528] netlink_unicast+0x593/0x670 [ 41.131112][ T3528] netlink_sendmsg+0x5cc/0x6e0 [ 41.135897][ T3528] ? __pfx_netlink_sendmsg+0x10/0x10 [ 41.141228][ T3528] __sock_sendmsg+0x140/0x180 [ 41.145965][ T3528] ____sys_sendmsg+0x312/0x410 [ 41.150767][ T3528] __sys_sendmsg+0x1e9/0x280 [ 41.155383][ T3528] __x64_sys_sendmsg+0x46/0x50 [ 41.160176][ T3528] x64_sys_call+0x26f8/0x2e00 [ 41.164940][ T3528] do_syscall_64+0xc9/0x1c0 [ 41.169449][ T3528] ? clear_bhb_loop+0x55/0xb0 [ 41.174134][ T3528] ? clear_bhb_loop+0x55/0xb0 [ 41.178843][ T3528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 41.184761][ T3528] RIP: 0033:0x7fb27edb5f19 [ 41.189177][ T3528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 41.208800][ T3528] RSP: 002b:00007fb27da37048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 41.217230][ T3528] RAX: ffffffffffffffda RBX: 00007fb27ef45f60 RCX: 00007fb27edb5f19 [ 41.225210][ T3528] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000004 [ 41.233188][ T3528] RBP: 00007fb27da370a0 R08: 0000000000000000 R09: 0000000000000000 [ 41.241164][ T3528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 41.249163][ T3528] R13: 000000000000000b R14: 00007fb27ef45f60 R15: 00007ffda1aec868 [ 41.257166][ T3528] [ 41.522506][ C1] eth0: bad gso: type: 1, size: 1408 [ 41.528563][ C1] eth0: bad gso: type: 1, size: 1408 [ 41.538649][ T29] kauditd_printk_skb: 168 callbacks suppressed [ 41.538690][ T29] audit: type=1400 audit(1721779849.636:303): avc: denied { checkpoint_restore } for pid=3543 comm="syz.1.85" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 41.547749][ T3544] mmap: syz.1.85 (3544) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 41.754061][ T3551] syz.4.88 uses obsolete (PF_INET,SOCK_PACKET) [ 41.762562][ T29] audit: type=1400 audit(1721779849.856:304): avc: denied { read } for pid=3550 comm="syz.4.88" name="nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 41.785516][ T29] audit: type=1400 audit(1721779849.856:305): avc: denied { open } for pid=3550 comm="syz.4.88" path="/dev/nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 41.811915][ T29] audit: type=1400 audit(1721779849.856:306): avc: denied { create } for pid=3552 comm="syz.1.89" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 41.854581][ T3556] __nla_validate_parse: 1 callbacks suppressed [ 41.854598][ T3556] netlink: 8 bytes leftover after parsing attributes in process `syz.0.90'. [ 41.865067][ T3557] loop1: detected capacity change from 0 to 512 [ 41.870682][ T3556] FAULT_INJECTION: forcing a failure. [ 41.870682][ T3556] name failslab, interval 1, probability 0, space 0, times 0 [ 41.888808][ T3556] CPU: 0 UID: 0 PID: 3556 Comm: syz.0.90 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 41.898993][ T3556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 41.899651][ T3557] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.89: casefold flag without casefold feature [ 41.909062][ T3556] Call Trace: [ 41.909076][ T3556] [ 41.909084][ T3556] dump_stack_lvl+0xf2/0x150 [ 41.909115][ T3556] dump_stack+0x15/0x20 [ 41.926139][ T3557] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.89: couldn't read orphan inode 15 (err -117) [ 41.927699][ T3556] should_fail_ex+0x229/0x230 [ 41.932787][ T3557] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.936440][ T3556] ? batadv_hash_new+0x5d/0x190 [ 41.970114][ T3556] should_failslab+0x8f/0xb0 [ 41.975070][ T3556] __kmalloc_noprof+0xa5/0x370 [ 41.979959][ T3556] batadv_hash_new+0x5d/0x190 [ 41.984664][ T3556] batadv_nc_mesh_init+0xbd/0x290 [ 41.989793][ T3556] batadv_mesh_init+0x316/0x440 [ 41.994690][ T3556] batadv_softif_init_late+0x3c2/0x440 [ 42.000177][ T3556] register_netdevice+0x293/0xe30 [ 42.005233][ T3556] batadv_softif_newlink+0x6f/0x80 [ 42.010388][ T3556] ? __pfx_batadv_softif_newlink+0x10/0x10 [ 42.016292][ T3556] rtnl_newlink+0xeff/0x1690 [ 42.020961][ T3556] ? security_capable+0x64/0x80 [ 42.025822][ T3556] ? ns_capable+0x7d/0xb0 [ 42.030166][ T3556] ? __pfx_rtnl_newlink+0x10/0x10 [ 42.035287][ T3556] rtnetlink_rcv_msg+0x6aa/0x710 [ 42.040292][ T3556] ? ref_tracker_free+0x3a5/0x410 [ 42.045466][ T3556] ? __dev_queue_xmit+0x161/0x1fe0 [ 42.050712][ T3556] netlink_rcv_skb+0x12c/0x230 [ 42.055557][ T3556] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 42.061105][ T3556] rtnetlink_rcv+0x1c/0x30 [ 42.065567][ T3556] netlink_unicast+0x593/0x670 [ 42.070343][ T3556] netlink_sendmsg+0x5cc/0x6e0 [ 42.075182][ T3556] ? __pfx_netlink_sendmsg+0x10/0x10 [ 42.080481][ T3556] __sock_sendmsg+0x140/0x180 [ 42.085168][ T3556] ____sys_sendmsg+0x312/0x410 [ 42.089951][ T3556] __sys_sendmsg+0x1e9/0x280 [ 42.094657][ T3556] __x64_sys_sendmsg+0x46/0x50 [ 42.099435][ T3556] x64_sys_call+0x26f8/0x2e00 [ 42.104158][ T3556] do_syscall_64+0xc9/0x1c0 [ 42.108687][ T3556] ? clear_bhb_loop+0x55/0xb0 [ 42.113448][ T3556] ? clear_bhb_loop+0x55/0xb0 [ 42.118134][ T3556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 42.124102][ T3556] RIP: 0033:0x7fdae2a25f19 [ 42.128530][ T3556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 42.148148][ T3556] RSP: 002b:00007fdae16a7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 42.156695][ T3556] RAX: ffffffffffffffda RBX: 00007fdae2bb5f60 RCX: 00007fdae2a25f19 [ 42.164679][ T3556] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000004 [ 42.172709][ T3556] RBP: 00007fdae16a70a0 R08: 0000000000000000 R09: 0000000000000000 [ 42.180759][ T3556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 42.188743][ T3556] R13: 000000000000000b R14: 00007fdae2bb5f60 R15: 00007ffe47c7bca8 [ 42.196743][ T3556] [ 42.216275][ T3559] netlink: 4 bytes leftover after parsing attributes in process `syz.4.91'. [ 42.276967][ T3563] FAULT_INJECTION: forcing a failure. [ 42.276967][ T3563] name failslab, interval 1, probability 0, space 0, times 0 [ 42.289600][ T3563] CPU: 1 UID: 0 PID: 3563 Comm: syz.0.92 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 42.299753][ T3563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 42.309825][ T3563] Call Trace: [ 42.313109][ T3563] [ 42.316041][ T3563] dump_stack_lvl+0xf2/0x150 [ 42.320639][ T3563] dump_stack+0x15/0x20 [ 42.324791][ T3563] should_fail_ex+0x229/0x230 [ 42.329514][ T3563] ? nf_ct_ext_add+0xe6/0x1a0 [ 42.334272][ T3563] should_failslab+0x8f/0xb0 [ 42.338869][ T3563] __kmalloc_node_track_caller_noprof+0xa6/0x380 [ 42.345218][ T3563] krealloc_noprof+0x48/0xa0 [ 42.349822][ T3563] nf_ct_ext_add+0xe6/0x1a0 [ 42.354409][ T3563] init_conntrack+0x539/0x970 [ 42.359114][ T3563] nf_conntrack_in+0x899/0xf20 [ 42.363905][ T3563] ? __pfx_ipv6_conntrack_in+0x10/0x10 [ 42.369445][ T3563] ipv6_conntrack_in+0x1d/0x30 [ 42.374326][ T3563] nf_hook_slow+0x86/0x1b0 [ 42.378760][ T3563] ipv6_rcv+0x113/0x150 [ 42.382964][ T3563] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 42.388171][ T3563] __netif_receive_skb+0xa2/0x280 [ 42.393335][ T3563] netif_receive_skb+0x4a/0x320 [ 42.398196][ T3563] ? tun_rx_batched+0xba/0x410 [ 42.402978][ T3563] tun_rx_batched+0xf0/0x410 [ 42.407638][ T3563] tun_get_user+0x1e77/0x24b0 [ 42.412380][ T3563] ? kstrtoull+0x110/0x140 [ 42.416896][ T3563] ? ref_tracker_alloc+0x1f5/0x2f0 [ 42.422153][ T3563] ? selinux_file_permission+0x22c/0x360 [ 42.427796][ T3563] tun_chr_write_iter+0x18e/0x240 [ 42.432852][ T3563] vfs_write+0x78f/0x900 [ 42.437250][ T3563] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 42.442803][ T3563] ksys_write+0xeb/0x1b0 [ 42.447094][ T3563] __x64_sys_write+0x42/0x50 [ 42.451780][ T3563] x64_sys_call+0x2a40/0x2e00 [ 42.456487][ T3563] do_syscall_64+0xc9/0x1c0 [ 42.461023][ T3563] ? clear_bhb_loop+0x55/0xb0 [ 42.465725][ T3563] ? clear_bhb_loop+0x55/0xb0 [ 42.470418][ T3563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 42.476368][ T3563] RIP: 0033:0x7fdae2a25f19 [ 42.480795][ T3563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 42.500406][ T3563] RSP: 002b:00007fdae16a7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 42.508873][ T3563] RAX: ffffffffffffffda RBX: 00007fdae2bb5f60 RCX: 00007fdae2a25f19 [ 42.516856][ T3563] RDX: 0000000000000ffe RSI: 00000000200000c0 RDI: 0000000000000003 [ 42.524823][ T3563] RBP: 00007fdae16a70a0 R08: 0000000000000000 R09: 0000000000000000 [ 42.532813][ T3563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 42.540855][ T3563] R13: 000000000000000b R14: 00007fdae2bb5f60 R15: 00007ffe47c7bca8 [ 42.548848][ T3563] [ 42.592531][ T3572] loop2: detected capacity change from 0 to 512 [ 42.600939][ T3572] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 42.609138][ T3572] EXT4-fs (loop2): orphan cleanup on readonly fs [ 42.615638][ T3572] Quota error (device loop2): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 42.626060][ T3572] EXT4-fs warning (device loop2): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 42.640848][ T3572] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 42.648222][ T3572] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #16: comm syz.2.93: iget: immutable or append flags not allowed on symlinks [ 42.662711][ T3572] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.93: couldn't read orphan inode 16 (err -117) [ 42.674965][ T3572] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 42.813268][ T3087] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.823694][ T3116] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.953945][ T3588] loop1: detected capacity change from 0 to 1024 [ 42.961200][ T3588] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 42.971644][ T3588] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 42.982570][ T3588] EXT4-fs (loop1): group descriptors corrupted! [ 43.012755][ T3424] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.070256][ T3424] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.111247][ T3592] loop0: detected capacity change from 0 to 1024 [ 43.122590][ T3424] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.133780][ T3592] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 43.144601][ T3592] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 43.155545][ T3592] EXT4-fs (loop0): group descriptors corrupted! [ 43.212689][ T36] bridge_slave_1: left allmulticast mode [ 43.218447][ T36] bridge_slave_1: left promiscuous mode [ 43.224127][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.237301][ T36] bridge_slave_0: left allmulticast mode [ 43.243068][ T36] bridge_slave_0: left promiscuous mode [ 43.248781][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.375031][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 43.391910][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 43.409574][ T36] bond0 (unregistering): Released all slaves [ 43.444497][ T3424] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 43.453317][ T3424] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 43.463002][ T3424] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 43.475746][ T3424] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 43.509473][ T36] hsr_slave_0: left promiscuous mode [ 43.515372][ T36] hsr_slave_1: left promiscuous mode [ 43.522841][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 43.530528][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 43.539744][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 43.547319][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 43.557340][ T36] veth1_macvtap: left promiscuous mode [ 43.562913][ T36] veth0_macvtap: left promiscuous mode [ 43.568625][ T36] veth1_vlan: left promiscuous mode [ 43.573943][ T36] veth0_vlan: left promiscuous mode [ 43.674678][ T36] team0 (unregistering): Port device team_slave_1 removed [ 43.686407][ T36] team0 (unregistering): Port device team_slave_0 removed [ 43.769249][ T3424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.783433][ T3424] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.801854][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.809284][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.838032][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.845294][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.870819][ T3424] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 43.881262][ T3424] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 43.931077][ T3599] netlink: 'syz.0.101': attribute type 4 has an invalid length. [ 43.959531][ T3599] netlink: 'syz.0.101': attribute type 17 has an invalid length. [ 44.088362][ T3424] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.101190][ T3614] loop0: detected capacity change from 0 to 512 [ 44.114604][ T3610] loop1: detected capacity change from 0 to 512 [ 44.154411][ T3614] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.158414][ C1] hrtimer: interrupt took 40914 ns [ 44.173964][ T3614] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 44.187023][ T3610] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.200981][ T3610] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 44.223812][ T29] audit: type=1400 audit(1721779852.316:307): avc: denied { rename } for pid=3609 comm="syz.1.103" name="bus" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 44.245442][ T29] audit: type=1400 audit(1721779852.316:308): avc: denied { rmdir } for pid=3609 comm="syz.1.103" name="file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.253049][ T3424] veth0_vlan: entered promiscuous mode [ 44.267494][ T3610] EXT4-fs error (device loop1): ext4_empty_dir:3103: inode #12: block 31: comm syz.1.103: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=1, rec_len=6, size=1024 fake=1 [ 44.279227][ T3424] veth1_vlan: entered promiscuous mode [ 44.310056][ T3424] veth0_macvtap: entered promiscuous mode [ 44.317755][ T3089] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.329263][ T3610] EXT4-fs (loop1): Remounting filesystem read-only [ 44.335865][ T3610] EXT4-fs warning (device loop1): ext4_empty_dir:3105: inode #12: comm syz.1.103: directory missing '..' [ 44.351719][ T3424] veth1_macvtap: entered promiscuous mode [ 44.381344][ T3424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 44.391918][ T3424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.401812][ T3424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 44.412317][ T3424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.422143][ T3424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 44.432613][ T3424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.444303][ T3424] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 44.453231][ T3424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 44.463785][ T3424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.473704][ T3424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 44.484200][ T3424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.494051][ T3424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 44.504593][ T3424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.514517][ T3424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 44.524948][ T3424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 44.535804][ T3424] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 44.556179][ T3424] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.564983][ T3424] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.572052][ T29] audit: type=1400 audit(1721779852.666:309): avc: denied { bind } for pid=3628 comm="syz.0.106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 44.573750][ T3424] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.593068][ T29] audit: type=1400 audit(1721779852.666:310): avc: denied { name_bind } for pid=3628 comm="syz.0.106" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 44.593123][ T29] audit: type=1400 audit(1721779852.666:311): avc: denied { node_bind } for pid=3628 comm="syz.0.106" saddr=172.20.20.170 src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 44.646762][ T3424] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.656116][ T3087] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.689876][ T3632] netlink: 'syz.2.108': attribute type 10 has an invalid length. [ 44.729292][ T3632] team0: Port device netdevsim1 added [ 44.755878][ T3634] loop1: detected capacity change from 0 to 512 [ 44.768017][ T3643] usb usb1: usbfs: process 3643 (syz.3.53) did not claim interface 0 before use [ 44.779343][ T3641] netlink: 'syz.2.108': attribute type 10 has an invalid length. [ 44.798471][ T3634] EXT4-fs (loop1): external journal device major/minor numbers have changed [ 44.861048][ T3634] EXT4-fs (loop1): failed to open journal device unknown-block(4,137) -6 [ 44.988277][ T3657] loop2: detected capacity change from 0 to 512 [ 45.025499][ T3657] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.039538][ T3657] ext4 filesystem being mounted at /22/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.077807][ T3116] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.134807][ T3665] FAULT_INJECTION: forcing a failure. [ 45.134807][ T3665] name failslab, interval 1, probability 0, space 0, times 0 [ 45.147491][ T3665] CPU: 1 UID: 0 PID: 3665 Comm: syz.2.116 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 45.157970][ T3665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 45.168099][ T3665] Call Trace: [ 45.171391][ T3665] [ 45.174353][ T3665] dump_stack_lvl+0xf2/0x150 [ 45.179258][ T3665] dump_stack+0x15/0x20 [ 45.183422][ T3665] should_fail_ex+0x229/0x230 [ 45.188165][ T3665] ? __alloc_skb+0x10b/0x310 [ 45.192822][ T3665] should_failslab+0x8f/0xb0 [ 45.197554][ T3665] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 45.203438][ T3665] __alloc_skb+0x10b/0x310 [ 45.207875][ T3665] netlink_alloc_large_skb+0xad/0xe0 [ 45.213221][ T3665] netlink_sendmsg+0x3b4/0x6e0 [ 45.218630][ T3665] ? __pfx_netlink_sendmsg+0x10/0x10 [ 45.224108][ T3665] __sock_sendmsg+0x140/0x180 [ 45.228847][ T3665] ____sys_sendmsg+0x312/0x410 [ 45.233721][ T3665] __sys_sendmsg+0x1e9/0x280 [ 45.238399][ T3665] __x64_sys_sendmsg+0x46/0x50 [ 45.243217][ T3665] x64_sys_call+0x26f8/0x2e00 [ 45.247910][ T3665] do_syscall_64+0xc9/0x1c0 [ 45.252477][ T3665] ? clear_bhb_loop+0x55/0xb0 [ 45.257161][ T3665] ? clear_bhb_loop+0x55/0xb0 [ 45.261849][ T3665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 45.267812][ T3665] RIP: 0033:0x7faed3545f19 [ 45.272242][ T3665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 45.292093][ T3665] RSP: 002b:00007faed21c7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 45.300604][ T3665] RAX: ffffffffffffffda RBX: 00007faed36d5f60 RCX: 00007faed3545f19 [ 45.308709][ T3665] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000006 [ 45.316689][ T3665] RBP: 00007faed21c70a0 R08: 0000000000000000 R09: 0000000000000000 [ 45.324768][ T3665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 45.332867][ T3665] R13: 000000000000000b R14: 00007faed36d5f60 R15: 00007fff09fc4208 [ 45.341157][ T3665] [ 45.434368][ T3678] usb usb1: usbfs: process 3678 (syz.1.121) did not claim interface 0 before use [ 45.544101][ T3690] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 45.551950][ T3690] vhci_hcd: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub [ 45.595104][ T3701] netlink: 52 bytes leftover after parsing attributes in process `syz.2.126'. [ 45.646439][ T3703] loop2: detected capacity change from 0 to 1024 [ 45.661143][ T3703] EXT4-fs: Ignoring removed orlov option [ 45.680107][ T3703] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.702328][ T3705] xt_connbytes: Forcing CT accounting to be enabled [ 45.711557][ T3705] Cannot find add_set index 0 as target [ 45.781806][ T28] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 12 with max blocks 16 with error 28 [ 45.794259][ T28] EXT4-fs (loop2): This should not happen!! Data will be lost [ 45.794259][ T28] [ 45.804259][ T28] EXT4-fs (loop2): Total free blocks count 0 [ 45.810379][ T28] EXT4-fs (loop2): Free/Dirty block details [ 45.816467][ T28] EXT4-fs (loop2): free_blocks=0 [ 45.822081][ T28] EXT4-fs (loop2): dirty_blocks=0 [ 45.827168][ T28] EXT4-fs (loop2): Block reservation details [ 45.833158][ T28] EXT4-fs (loop2): i_reserved_data_blocks=0 [ 45.849880][ T3116] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.873236][ T3714] loop2: detected capacity change from 0 to 512 [ 45.899532][ T3714] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 45.918602][ T3718] usb usb1: usbfs: process 3718 (syz.1.132) did not claim interface 0 before use [ 45.932778][ T3714] EXT4-fs (loop2): 1 orphan inode deleted [ 45.938599][ T3714] EXT4-fs (loop2): 1 truncate cleaned up [ 45.961234][ T3714] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.980896][ T3721] 9pnet: p9_errstr2errno: server reported unknown error [ 45.994291][ T3721] loop1: detected capacity change from 0 to 1024 [ 46.002093][ T3721] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 46.018953][ T3714] FAULT_INJECTION: forcing a failure. [ 46.018953][ T3714] name failslab, interval 1, probability 0, space 0, times 0 [ 46.031860][ T3714] CPU: 0 UID: 0 PID: 3714 Comm: syz.2.130 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 46.042160][ T3714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 46.052401][ T3714] Call Trace: [ 46.055903][ T3714] [ 46.059156][ T3714] dump_stack_lvl+0xf2/0x150 [ 46.063819][ T3714] dump_stack+0x15/0x20 [ 46.068107][ T3714] should_fail_ex+0x229/0x230 [ 46.072882][ T3714] ? ext4_mb_new_blocks+0x2fc/0x2020 [ 46.078223][ T3714] should_failslab+0x8f/0xb0 [ 46.082852][ T3714] kmem_cache_alloc_noprof+0x4c/0x290 [ 46.088367][ T3714] ext4_mb_new_blocks+0x2fc/0x2020 [ 46.093492][ T3714] ? event_sched_in+0x63f/0x6d0 [ 46.098474][ T3714] ? put_dec+0xcd/0xe0 [ 46.102565][ T3714] ? ext4_inode_to_goal_block+0x197/0x1f0 [ 46.108367][ T3714] ext4_ind_map_blocks+0xb3a/0x14f0 [ 46.113611][ T3714] ext4_map_blocks+0x6de/0xf50 [ 46.118419][ T3714] ? __ext4_get_inode_loc+0x757/0x910 [ 46.123836][ T3714] _ext4_get_block+0x104/0x370 [ 46.128637][ T3714] ext4_get_block+0x39/0x50 [ 46.133152][ T3714] __block_write_begin_int+0x417/0xfa0 [ 46.138657][ T3714] ? __pfx_ext4_get_block+0x10/0x10 [ 46.143870][ T3714] ? __pfx_ext4_get_block+0x10/0x10 [ 46.149099][ T3714] __block_write_begin+0x5e/0x110 [ 46.154236][ T3714] ext4_write_begin+0x41e/0xbb0 [ 46.159391][ T3714] generic_perform_write+0x1b4/0x580 [ 46.164790][ T3714] ext4_buffered_write_iter+0x1f6/0x380 [ 46.170427][ T3714] ext4_file_write_iter+0x29f/0xe30 [ 46.175672][ T3714] ? kstrtouint+0x77/0xc0 [ 46.180141][ T3714] ? kstrtouint_from_user+0xb0/0xe0 [ 46.185477][ T3714] ? avc_policy_seqno+0x15/0x20 [ 46.190340][ T3714] ? selinux_file_permission+0x22c/0x360 [ 46.195997][ T3714] vfs_write+0x78f/0x900 [ 46.200323][ T3714] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 46.206122][ T3714] ksys_write+0xeb/0x1b0 [ 46.210669][ T3714] __x64_sys_write+0x42/0x50 [ 46.215298][ T3714] x64_sys_call+0x2a40/0x2e00 [ 46.220030][ T3714] do_syscall_64+0xc9/0x1c0 [ 46.224621][ T3714] ? clear_bhb_loop+0x55/0xb0 [ 46.229370][ T3714] ? clear_bhb_loop+0x55/0xb0 [ 46.234056][ T3714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 46.239980][ T3714] RIP: 0033:0x7faed3545f19 [ 46.244414][ T3714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 46.264030][ T3714] RSP: 002b:00007faed21c7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 46.272893][ T3714] RAX: ffffffffffffffda RBX: 00007faed36d5f60 RCX: 00007faed3545f19 [ 46.280870][ T3714] RDX: 0000000000043451 RSI: 0000000020000200 RDI: 0000000000000006 [ 46.288875][ T3714] RBP: 00007faed21c70a0 R08: 0000000000000000 R09: 0000000000000000 [ 46.296852][ T3714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 46.304864][ T3714] R13: 000000000000000b R14: 00007faed36d5f60 R15: 00007fff09fc4208 [ 46.312847][ T3714] [ 46.376689][ T3116] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.443002][ T3738] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=3738 comm=syz.0.139 [ 46.444425][ T3736] loop3: detected capacity change from 0 to 1024 [ 46.456488][ T3738] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3738 comm=syz.0.139 [ 46.462477][ T3730] loop2: detected capacity change from 0 to 512 [ 46.476424][ T3738] netlink: 12 bytes leftover after parsing attributes in process `syz.0.139'. [ 46.490645][ T3730] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 46.507762][ T3738] 8021q: adding VLAN 0 to HW filter on device bond1 [ 46.533153][ T3738] 8021q: adding VLAN 0 to HW filter on device bond1 [ 46.535661][ T3730] EXT4-fs (loop2): failed to open journal device unknown-block(4,137) -6 [ 46.540485][ T3738] bond1: (slave ip6tnl1): The slave device specified does not support setting the MAC address [ 46.550389][ T3736] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.560855][ T3738] bond1: (slave ip6tnl1): Error -95 calling set_mac_address [ 46.601212][ T3424] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.638407][ T3750] sock: sock_timestamping_bind_phc: sock not bind to device [ 46.638793][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 46.638821][ T29] audit: type=1400 audit(1721779854.736:326): avc: denied { setopt } for pid=3749 comm="syz.2.142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 46.675645][ T29] audit: type=1400 audit(1721779854.736:327): avc: denied { ioctl } for pid=3749 comm="syz.2.142" path="socket:[5848]" dev="sockfs" ino=5848 ioctlcmd=0x8915 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 46.700441][ T29] audit: type=1400 audit(1721779854.736:328): avc: denied { write } for pid=3749 comm="syz.2.142" path="socket:[5848]" dev="sockfs" ino=5848 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 46.728065][ T3752] usb usb1: usbfs: process 3752 (syz.2.143) did not claim interface 0 before use [ 46.744655][ T3748] loop3: detected capacity change from 0 to 1024 [ 46.755760][ T3748] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.764451][ T3757] loop2: detected capacity change from 0 to 512 [ 46.790516][ T3757] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.803473][ T3757] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.871526][ T3762] netlink: 'syz.2.145': attribute type 4 has an invalid length. [ 46.903297][ T3762] netlink: 'syz.2.145': attribute type 17 has an invalid length. [ 47.109662][ T3748] netlink: 'syz.3.140': attribute type 6 has an invalid length. [ 47.126748][ T3424] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.149189][ T3764] netlink: 12 bytes leftover after parsing attributes in process `syz.3.146'. [ 47.207146][ T3766] loop1: detected capacity change from 0 to 512 [ 47.219680][ T3766] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 47.232397][ T3766] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.245969][ T29] audit: type=1400 audit(1721779855.336:329): avc: denied { ioctl } for pid=3765 comm="syz.1.147" path="/51/file0/memory.events" dev="loop1" ino=18 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 47.282292][ T3087] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 47.333258][ T3772] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 47.341245][ T3772] audit: out of memory in audit_log_start [ 47.362119][ T3774] FAULT_INJECTION: forcing a failure. [ 47.362119][ T3774] name failslab, interval 1, probability 0, space 0, times 0 [ 47.375023][ T3774] CPU: 0 UID: 0 PID: 3774 Comm: syz.1.150 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 47.385262][ T3774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 47.395325][ T3774] Call Trace: [ 47.398627][ T3774] [ 47.401553][ T3774] dump_stack_lvl+0xf2/0x150 [ 47.406201][ T3774] dump_stack+0x15/0x20 [ 47.410357][ T3774] should_fail_ex+0x229/0x230 [ 47.415061][ T3774] ? fib_nl2rule+0x217/0xcb0 [ 47.419650][ T3774] should_failslab+0x8f/0xb0 [ 47.424307][ T3774] __kmalloc_noprof+0xa5/0x370 [ 47.429080][ T3774] fib_nl2rule+0x217/0xcb0 [ 47.433556][ T3774] fib_nl_newrule+0x2b4/0xf70 [ 47.438248][ T3774] ? xa_load+0xb9/0xe0 [ 47.442365][ T3774] ? __mod_memcg_lruvec_state+0x124/0x210 [ 47.448178][ T3774] ? __rcu_read_unlock+0x4e/0x70 [ 47.453192][ T3774] ? __rcu_read_unlock+0x4e/0x70 [ 47.458256][ T3774] ? avc_has_perm_noaudit+0x1cc/0x210 [ 47.463706][ T3774] ? ns_capable+0x7d/0xb0 [ 47.468064][ T3774] ? __pfx_fib_nl_newrule+0x10/0x10 [ 47.473336][ T3774] rtnetlink_rcv_msg+0x6aa/0x710 [ 47.478283][ T3774] ? ref_tracker_free+0x3a5/0x410 [ 47.483340][ T3774] ? __dev_queue_xmit+0x161/0x1fe0 [ 47.488569][ T3774] netlink_rcv_skb+0x12c/0x230 [ 47.493410][ T3774] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 47.498906][ T3774] rtnetlink_rcv+0x1c/0x30 [ 47.503373][ T3774] netlink_unicast+0x593/0x670 [ 47.508290][ T3774] netlink_sendmsg+0x5cc/0x6e0 [ 47.513170][ T3774] ? __pfx_netlink_sendmsg+0x10/0x10 [ 47.518472][ T3774] __sock_sendmsg+0x140/0x180 [ 47.523171][ T3774] ____sys_sendmsg+0x312/0x410 [ 47.527952][ T3774] __sys_sendmsg+0x1e9/0x280 [ 47.532646][ T3774] __x64_sys_sendmsg+0x46/0x50 [ 47.537506][ T3774] x64_sys_call+0x26f8/0x2e00 [ 47.542241][ T3774] do_syscall_64+0xc9/0x1c0 [ 47.546816][ T3774] ? clear_bhb_loop+0x55/0xb0 [ 47.551527][ T3774] ? clear_bhb_loop+0x55/0xb0 [ 47.556212][ T3774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.562237][ T3774] RIP: 0033:0x7fb27edb5f19 [ 47.566676][ T3774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 47.586341][ T3774] RSP: 002b:00007fb27da37048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 47.594780][ T3774] RAX: ffffffffffffffda RBX: 00007fb27ef45f60 RCX: 00007fb27edb5f19 [ 47.602773][ T3774] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 47.610762][ T3774] RBP: 00007fb27da370a0 R08: 0000000000000000 R09: 0000000000000000 [ 47.618996][ T3774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 47.627043][ T3774] R13: 000000000000000b R14: 00007fb27ef45f60 R15: 00007ffda1aec868 [ 47.635178][ T3774] [ 47.650022][ T3776] loop0: detected capacity change from 0 to 512 [ 47.663416][ T3776] EXT4-fs (loop0): external journal device major/minor numbers have changed [ 47.676465][ T3780] FAULT_INJECTION: forcing a failure. [ 47.676465][ T3780] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 47.689915][ T3780] CPU: 0 UID: 0 PID: 3780 Comm: syz.1.152 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 47.697689][ T3776] EXT4-fs (loop0): failed to open journal device unknown-block(4,137) -6 [ 47.700330][ T3780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 47.718843][ T3780] Call Trace: [ 47.722128][ T3780] [ 47.725054][ T3780] dump_stack_lvl+0xf2/0x150 [ 47.729690][ T3780] dump_stack+0x15/0x20 [ 47.733912][ T3780] should_fail_ex+0x229/0x230 [ 47.738683][ T3780] should_fail+0xb/0x10 [ 47.742852][ T3780] should_fail_usercopy+0x1a/0x20 [ 47.747931][ T3780] copy_page_from_iter_atomic+0x22a/0xda0 [ 47.753790][ T3780] ? shmem_write_begin+0xa0/0x1c0 [ 47.758844][ T3780] ? shmem_write_begin+0x10c/0x1c0 [ 47.763979][ T3780] generic_perform_write+0x323/0x580 [ 47.769276][ T3780] shmem_file_write_iter+0xc8/0xf0 [ 47.774422][ T3780] vfs_write+0x78f/0x900 [ 47.778690][ T3780] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 47.784507][ T3780] ksys_write+0xeb/0x1b0 [ 47.788759][ T3780] __x64_sys_write+0x42/0x50 [ 47.793392][ T3780] x64_sys_call+0x2a40/0x2e00 [ 47.798161][ T3780] do_syscall_64+0xc9/0x1c0 [ 47.802685][ T3780] ? clear_bhb_loop+0x55/0xb0 [ 47.807373][ T3780] ? clear_bhb_loop+0x55/0xb0 [ 47.812123][ T3780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.818048][ T3780] RIP: 0033:0x7fb27edb4a9f [ 47.822479][ T3780] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 47.842183][ T3780] RSP: 002b:00007fb27da36e00 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 47.850709][ T3780] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007fb27edb4a9f [ 47.858695][ T3780] RDX: 0000000000020000 RSI: 00007fb275617000 RDI: 0000000000000004 [ 47.866872][ T3780] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000001b9 [ 47.874862][ T3780] R10: 0000000020000302 R11: 0000000000000293 R12: 0000000000000004 [ 47.882830][ T3780] R13: 00007fb27da36f00 R14: 00007fb27da36ec0 R15: 00007fb275617000 [ 47.890803][ T3780] [ 47.896141][ T3780] loop1: detected capacity change from 0 to 256 [ 47.902921][ T3780] msdos: Bad value for 'gid' [ 47.907698][ T3780] msdos: Bad value for 'gid' [ 47.956913][ T3788] usb usb1: usbfs: process 3788 (syz.1.155) did not claim interface 0 before use [ 47.984144][ T29] audit: type=1400 audit(1721779856.076:330): avc: denied { read } for pid=3789 comm="syz.0.156" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 48.008246][ T29] audit: type=1400 audit(1721779856.076:331): avc: denied { open } for pid=3789 comm="syz.0.156" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 48.008281][ T29] audit: type=1400 audit(1721779856.086:332): avc: denied { ioctl } for pid=3789 comm="syz.0.156" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x9371 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 48.036433][ T29] audit: type=1400 audit(1721779856.116:333): avc: denied { remount } for pid=3791 comm="syz.1.157" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 48.070680][ T3794] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 48.089589][ T3794] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 48.097337][ T3794] vhci_hcd vhci_hcd.0: Device attached [ 48.106110][ T3795] vhci_hcd: cannot find the pending unlink 53665 [ 48.118714][ T3795] vhci_hcd: connection closed [ 48.119085][ T3116] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.123117][ T55] vhci_hcd: stop threads [ 48.137046][ T55] vhci_hcd: release socket [ 48.137056][ T55] vhci_hcd: disconnect device [ 48.152124][ T3798] loop2: detected capacity change from 0 to 512 [ 48.160792][ T3798] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 48.174970][ T3798] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2862: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 48.188357][ T3798] EXT4-fs (loop2): 1 truncate cleaned up [ 48.194465][ T3798] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.217934][ T3116] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.238568][ T3805] FAULT_INJECTION: forcing a failure. [ 48.238568][ T3805] name failslab, interval 1, probability 0, space 0, times 0 [ 48.251488][ T3805] CPU: 0 UID: 0 PID: 3805 Comm: syz.2.160 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 48.261759][ T3805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 48.271828][ T3805] Call Trace: [ 48.275134][ T3805] [ 48.278077][ T3805] dump_stack_lvl+0xf2/0x150 [ 48.282679][ T3805] dump_stack+0x15/0x20 [ 48.286882][ T3805] should_fail_ex+0x229/0x230 [ 48.291592][ T3805] ? p9_client_create+0x1a7/0xa80 [ 48.296630][ T3805] should_failslab+0x8f/0xb0 [ 48.301253][ T3805] __kmalloc_node_track_caller_noprof+0xa6/0x380 [ 48.307638][ T3805] kstrdup+0x3a/0x80 [ 48.311542][ T3805] p9_client_create+0x1a7/0xa80 [ 48.316413][ T3805] v9fs_session_init+0xf9/0xda0 [ 48.321299][ T3805] ? __rcu_read_unlock+0x4e/0x70 [ 48.326391][ T3805] ? __rcu_read_unlock+0x4e/0x70 [ 48.331337][ T3805] ? v9fs_mount+0x53/0x560 [ 48.335771][ T3805] ? should_failslab+0x8f/0xb0 [ 48.340616][ T3805] v9fs_mount+0x69/0x560 [ 48.344946][ T3805] ? __pfx_v9fs_mount+0x10/0x10 [ 48.349835][ T3805] legacy_get_tree+0x77/0xd0 [ 48.354461][ T3805] vfs_get_tree+0x56/0x1d0 [ 48.358886][ T3805] do_new_mount+0x227/0x690 [ 48.363512][ T3805] path_mount+0x49b/0xb30 [ 48.367910][ T3805] __se_sys_mount+0x27c/0x2d0 [ 48.372610][ T3805] __x64_sys_mount+0x67/0x80 [ 48.377267][ T3805] x64_sys_call+0xd11/0x2e00 [ 48.381881][ T3805] do_syscall_64+0xc9/0x1c0 [ 48.386507][ T3805] ? clear_bhb_loop+0x55/0xb0 [ 48.391197][ T3805] ? clear_bhb_loop+0x55/0xb0 [ 48.395889][ T3805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.401855][ T3805] RIP: 0033:0x7faed3545f19 [ 48.406273][ T3805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 48.425975][ T3805] RSP: 002b:00007faed21c7048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 48.434394][ T3805] RAX: ffffffffffffffda RBX: 00007faed36d5f60 RCX: 00007faed3545f19 [ 48.442376][ T3805] RDX: 0000000020000180 RSI: 0000000020000000 RDI: 0000000000000000 [ 48.450359][ T3805] RBP: 00007faed21c70a0 R08: 0000000020000080 R09: 0000000000000000 [ 48.458339][ T3805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 48.466342][ T3805] R13: 000000000000000b R14: 00007faed36d5f60 R15: 00007fff09fc4208 [ 48.474324][ T3805] [ 48.485245][ T3805] loop2: detected capacity change from 0 to 1024 [ 48.492496][ T3805] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 48.665667][ T3816] loop2: detected capacity change from 0 to 512 [ 48.673051][ T3816] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 48.698755][ T3816] EXT4-fs (loop2): failed to open journal device unknown-block(4,137) -6 [ 48.762006][ T3824] openvswitch: netlink: Key type 31 is not supported [ 48.806262][ T3828] loop2: detected capacity change from 0 to 128 [ 48.833620][ T3831] FAULT_INJECTION: forcing a failure. [ 48.833620][ T3831] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 48.847027][ T3831] CPU: 0 UID: 0 PID: 3831 Comm: syz.1.169 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 48.857304][ T3831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 48.867380][ T3831] Call Trace: [ 48.870689][ T3831] [ 48.873692][ T3831] dump_stack_lvl+0xf2/0x150 [ 48.878334][ T3831] dump_stack+0x15/0x20 [ 48.882512][ T3831] should_fail_ex+0x229/0x230 [ 48.887436][ T3831] should_fail_alloc_page+0xfd/0x110 [ 48.892791][ T3831] __alloc_pages_noprof+0x109/0x360 [ 48.898037][ T3831] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 48.903495][ T3831] alloc_pages_noprof+0xe1/0x100 [ 48.908458][ T3831] get_free_pages_noprof+0xc/0x30 [ 48.913537][ T3831] vcs_write+0x7f/0xbb0 [ 48.917785][ T3831] ? kstrtouint_from_user+0xb0/0xe0 [ 48.923047][ T3831] ? avc_policy_seqno+0x15/0x20 [ 48.927932][ T3831] ? selinux_file_permission+0x22c/0x360 [ 48.933667][ T3831] ? __pfx_vcs_write+0x10/0x10 [ 48.938473][ T3831] vfs_write+0x28b/0x900 [ 48.942803][ T3831] ? __fget_files+0x1da/0x210 [ 48.947601][ T3831] ksys_write+0xeb/0x1b0 [ 48.951958][ T3831] __x64_sys_write+0x42/0x50 [ 48.956690][ T3831] x64_sys_call+0x2a40/0x2e00 [ 48.961487][ T3831] do_syscall_64+0xc9/0x1c0 [ 48.966074][ T3831] ? clear_bhb_loop+0x55/0xb0 [ 48.970778][ T3831] ? clear_bhb_loop+0x55/0xb0 [ 48.975488][ T3831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.981453][ T3831] RIP: 0033:0x7fb27edb5f19 [ 48.985953][ T3831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 49.005625][ T3831] RSP: 002b:00007fb27da37048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 49.014067][ T3831] RAX: ffffffffffffffda RBX: 00007fb27ef45f60 RCX: 00007fb27edb5f19 [ 49.022099][ T3831] RDX: 0000000000000f8f RSI: 0000000020001780 RDI: 0000000000000004 [ 49.030209][ T3831] RBP: 00007fb27da370a0 R08: 0000000000000000 R09: 0000000000000000 [ 49.038211][ T3831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 49.046218][ T3831] R13: 000000000000000b R14: 00007fb27ef45f60 R15: 00007ffda1aec868 [ 49.054277][ T3831] [ 49.246594][ T3840] loop1: detected capacity change from 0 to 4096 [ 49.284500][ T3840] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.368384][ T3087] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.444320][ T3858] netlink: 4 bytes leftover after parsing attributes in process `syz.2.178'. [ 49.552561][ T3868] loop2: detected capacity change from 0 to 512 [ 49.749778][ T3886] FAULT_INJECTION: forcing a failure. [ 49.749778][ T3886] name failslab, interval 1, probability 0, space 0, times 0 [ 49.762548][ T3886] CPU: 1 UID: 0 PID: 3886 Comm: syz.0.190 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 49.772839][ T3886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 49.782899][ T3886] Call Trace: [ 49.786194][ T3886] [ 49.789125][ T3886] dump_stack_lvl+0xf2/0x150 [ 49.793733][ T3886] dump_stack+0x15/0x20 [ 49.797935][ T3886] should_fail_ex+0x229/0x230 [ 49.802715][ T3886] ? anon_vma_fork+0x12c/0x2d0 [ 49.807485][ T3886] should_failslab+0x8f/0xb0 [ 49.812170][ T3886] kmem_cache_alloc_noprof+0x4c/0x290 [ 49.817560][ T3886] anon_vma_fork+0x12c/0x2d0 [ 49.822224][ T3886] copy_mm+0x680/0x10e0 [ 49.826524][ T3886] copy_process+0xee1/0x1f90 [ 49.831125][ T3886] kernel_clone+0x167/0x5e0 [ 49.835665][ T3886] __se_sys_clone3+0x1b5/0x1f0 [ 49.840440][ T3886] __x64_sys_clone3+0x31/0x40 [ 49.845134][ T3886] x64_sys_call+0x11e9/0x2e00 [ 49.849854][ T3886] do_syscall_64+0xc9/0x1c0 [ 49.854377][ T3886] ? clear_bhb_loop+0x55/0xb0 [ 49.859054][ T3886] ? clear_bhb_loop+0x55/0xb0 [ 49.863738][ T3886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 49.869693][ T3886] RIP: 0033:0x7fdae2a25f19 [ 49.874119][ T3886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 49.893839][ T3886] RSP: 002b:00007fdae16a6f18 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 49.902277][ T3886] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007fdae2a25f19 [ 49.910271][ T3886] RDX: 00007fdae16a6f30 RSI: 0000000000000058 RDI: 00007fdae16a6f30 [ 49.918301][ T3886] RBP: 00007fdae16a70a0 R08: 0000000000000000 R09: 0000000000000058 [ 49.926273][ T3886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 49.934254][ T3886] R13: 000000000000000b R14: 00007fdae2bb5f60 R15: 00007ffe47c7bca8 [ 49.942240][ T3886] [ 49.994556][ T3891] xt_connbytes: Forcing CT accounting to be enabled [ 50.001573][ T3891] Cannot find add_set index 0 as target [ 50.010013][ T3893] netlink: 16 bytes leftover after parsing attributes in process `syz.2.192'. [ 50.024804][ T3890] netlink: 16 bytes leftover after parsing attributes in process `syz.2.192'. [ 50.044877][ T3900] netlink: 4 bytes leftover after parsing attributes in process `syz.0.193'. [ 50.290360][ T3938] loop2: detected capacity change from 0 to 512 [ 50.309558][ T3938] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.324866][ T3938] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.347786][ T3946] loop1: detected capacity change from 0 to 1024 [ 50.378618][ T3116] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.398292][ T3951] syz.2.212 (3951): /proc/3950/oom_adj is deprecated, please use /proc/3950/oom_score_adj instead. [ 50.449969][ T3954] loop0: detected capacity change from 0 to 2048 [ 50.459601][ T3954] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities [ 50.486060][ T3954] netlink: 10 bytes leftover after parsing attributes in process `syz.0.213'. [ 50.497178][ T3960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.217'. [ 50.520098][ T3966] loop0: detected capacity change from 0 to 512 [ 50.527024][ T3966] EXT4-fs: Ignoring removed i_version option [ 50.546901][ T3966] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 50.567828][ T3966] EXT4-fs (loop0): 1 truncate cleaned up [ 50.573977][ T3966] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.002586][ T3999] usb usb1: usbfs: process 3999 (syz.3.230) did not claim interface 0 before use [ 51.028519][ T4001] loop3: detected capacity change from 0 to 128 [ 51.267854][ T4002] ================================================================== [ 51.276005][ T4002] BUG: KCSAN: data-race in __mark_inode_dirty / __mark_inode_dirty [ 51.283969][ T4002] [ 51.286314][ T4002] write to 0xffff88810d4c8728 of 8 bytes by task 4001 on cpu 1: [ 51.293963][ T4002] __mark_inode_dirty+0x256/0x7e0 [ 51.299121][ T4002] fat_update_time+0x1f5/0x210 [ 51.303926][ T4002] touch_atime+0x14f/0x350 [ 51.308375][ T4002] filemap_splice_read+0x8b0/0x920 [ 51.313530][ T4002] splice_direct_to_actor+0x26c/0x670 [ 51.318934][ T4002] do_splice_direct+0xd7/0x150 [ 51.323726][ T4002] do_sendfile+0x3ab/0x950 [ 51.328178][ T4002] __x64_sys_sendfile64+0x110/0x150 [ 51.333413][ T4002] x64_sys_call+0xfc3/0x2e00 [ 51.338043][ T4002] do_syscall_64+0xc9/0x1c0 [ 51.342657][ T4002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.348597][ T4002] [ 51.350932][ T4002] read to 0xffff88810d4c8728 of 8 bytes by task 4002 on cpu 0: [ 51.358485][ T4002] __mark_inode_dirty+0x19f/0x7e0 [ 51.363523][ T4002] fat_update_time+0x1f5/0x210 [ 51.368313][ T4002] touch_atime+0x14f/0x350 [ 51.372729][ T4002] filemap_splice_read+0x8b0/0x920 [ 51.377849][ T4002] splice_direct_to_actor+0x26c/0x670 [ 51.383225][ T4002] do_splice_direct+0xd7/0x150 [ 51.387990][ T4002] do_sendfile+0x3ab/0x950 [ 51.392409][ T4002] __x64_sys_sendfile64+0x110/0x150 [ 51.397609][ T4002] x64_sys_call+0xfc3/0x2e00 [ 51.402300][ T4002] do_syscall_64+0xc9/0x1c0 [ 51.406799][ T4002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.412703][ T4002] [ 51.415049][ T4002] value changed: 0x0000000000000000 -> 0x0000000000000007 [ 51.422164][ T4002] [ 51.424478][ T4002] Reported by Kernel Concurrency Sanitizer on: [ 51.430615][ T4002] CPU: 0 UID: 0 PID: 4002 Comm: syz.3.231 Not tainted 6.10.0-syzkaller-12084-g28bbe4ea686a #0 [ 51.440850][ T4002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 51.450901][ T4002] ================================================================== [ 51.483469][ T3089] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.