last executing test programs: 3.976404551s ago: executing program 4 (id=460): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000300)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_encap(r2, 0x11, 0x64, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) getsockopt$IP_SET_OP_GET_BYNAME(r2, 0x1, 0x53, &(0x7f0000000080)={0x6, 0x7, 'syz2\x00'}, &(0x7f0000000200)=0x28) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r3}, &(0x7f0000000800)=0x600, &(0x7f0000000840)=r4}, 0x20) r5 = socket$packet(0x11, 0x3, 0x300) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'wg2\x00', 0x0}) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) unshare(0x20000400) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r9, 0x2103, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x4, 0x4, 0x7, 0x2, 0x2002, 0xffffffffffffffff, 0xfffffffd, '\x00', r8, 0xffffffffffffffff, 0x2}, 0xfffffffffffffef0) r10 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r10, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) sendto$packet(r5, &(0x7f0000000180)='7', 0x1, 0x0, &(0x7f0000000040)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @random="bf73a9e561c5"}, 0x14) r11 = syz_open_dev$loop(0x0, 0x7, 0x0) ioctl$BLKSECTGET(r11, 0x1267, &(0x7f0000003f80)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7ffc0001}]}) perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_bp={&(0x7f00000002c0), 0x1}, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0x0, r1, 0x0) 3.090538746s ago: executing program 4 (id=466): pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[], 0xfffffecc) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x906dd000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 2.547273493s ago: executing program 2 (id=470): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, 0xfffffffffffffffd, &(0x7f00000002c0)=0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = dup(r2) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x60, 0x2, 0x6, 0x3, 0x0, 0xf0ffff, {}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x2}, @IPSET_ATTR_HASHSIZE={0x8}]}]}, 0x60}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x6, 0x80, r3}, 0x48) fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f0000000180)='.-{(\x00', 0x0, r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e26, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, @in={0x2, 0x4e21, @rand_addr=0x64010100}], 0x2c) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r4, 0xc0189375, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x0, 0x20}, 0xc) 2.477565269s ago: executing program 2 (id=471): openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x5d, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x40}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r0 = socket(0xb, 0x6, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000040)=0x3, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x2, 0x6, 0x221, 0xc1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000001280), 0xb47, r1}, 0x38) bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000100)={r1, &(0x7f00000000c0), 0x20000000}, 0x20) 2.207882082s ago: executing program 1 (id=478): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000440)='rxrpc_local\x00', r0}, 0x10) r1 = socket$rxrpc(0x21, 0x2, 0xa) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==") r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) io_setup(0x200, &(0x7f0000000140)=0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000080), 0x208e24b) io_submit(r3, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r2, &(0x7f0000000000), 0x4000}]) r4 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00}, 0x0) sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00}, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000a1ad7d2c95"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r5}, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x1, 0x5, 0xfffffffd) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x8e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x2fe, 0x0, 0x0, 0x0, 0x0}) 2.207493822s ago: executing program 4 (id=479): socket(0x400000000010, 0x0, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001c80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010000000000000000000200000008000100", @ANYRES32=r1], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000001cc0)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x6, @b={0x3, 0x2, 0x1, 0x1f, {0x1, 'g'}, 0x2}}, 0xa) syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff) io_uring_setup(0x804822, &(0x7f00000004c0)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x307, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TYPE={0x8}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x5c}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x68060200) r6 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r6, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) socket$l2tp(0x2, 0x2, 0x73) syz_emit_ethernet(0xfe, &(0x7f0000000600)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @random="0027fef98049", @val={@void, {0x8100, 0x7, 0x1, 0x2}}, {@ipv4={0x800, @generic={{0x6, 0x4, 0x3, 0x2f, 0xec, 0x62, 0x0, 0x3, 0x1, 0x0, @local, @private=0xa010101, {[@ra={0x94, 0x4, 0x1}]}}, "214602062a2985c08be6e9f4729137dc87d7931f22d6e6e7abb324334e001f22940c6ada86a79beae0fdecdb84a4dc4f9fff7d1a77a80c9cedfa62b1664bb605855fba42eb1397d079a6c1caea1946030742547812b472304c3ce9c18a65b1fa9e94950e8d1985d29958bd6a60505159341b4a24cdfdfc9f4dd6aeea436a46d81e46d7bf06579316b650e0b144a3aba6db3de344558c1a79871986fc528ed5626ec8d53996c4ae12a131a0f8a5ec59af7211f128649f4fb32e7187c57dbcd24027689b7b53decbc454aa87d1fcb97fb980925be8"}}}}, 0x0) r7 = fsopen(&(0x7f00000000c0)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r7, 0x5, &(0x7f00000005c0)='fd', 0x0, r5) r8 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r8, 0x6, 0x19, &(0x7f0000000140)=0x100000001, 0x4) bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r8, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) r9 = fsmount(r7, 0x0, 0x0) mkdirat$cgroup(r9, &(0x7f0000000080)='syz0\x00', 0x1ff) 1.941393464s ago: executing program 1 (id=480): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x37}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000b7b9000000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYRES8=r0], &(0x7f00000003c0)='syzkaller\x00', 0x608f62ef, 0x0, 0x0, 0x41100, 0x14, '\x00', 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0xd8401, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5202) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x7fffd, 0x8, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x400000}, 0x48) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000280)={r3, 0x0, 0x0}, 0x20) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a300000000008000240000000032c000000030a01030000000000000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r5 = dup(r4) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a01010000000000000000020000000900010073797a3000000000090003"], 0x74}}, 0x0) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r6, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, "0f03c8c7e8da000000000000ffffff017f000000cce67e1d0000e565aa9a9d32c7627ffe7a54cdbd77b3000000000000000000060000000000000000deff00", 0x1b}, 0x60) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000e70000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) getsockname(0xffffffffffffffff, &(0x7f0000000280)=@xdp={0x2c, 0x0, 0x0}, &(0x7f0000000040)=0x80) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x7, 0x1, 0x9, 0x23, 0x1, 0x100, '\x00', r7, 0xffffffffffffffff, 0x0, 0x5}, 0x48) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x69, 0x4, 0x5, 0x0, r9}, 0x48) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r10}, &(0x7f0000000080), 0x0}, 0x20) sendmsg$nl_route(r8, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x5502000000000000}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r11 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001040)=ANY=[@ANYBLOB="380000000314010000000000000080000900020073797a30000000000800410073697700140033006c6f00"/56], 0x38}}, 0x0) r12 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r12, &(0x7f0000000080)={0x0, 0x9, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 1.941076754s ago: executing program 1 (id=481): fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES32=0x0], 0x12, 0xa10, &(0x7f00000001c0)="$eJzs3c1vXGe9B/Dv8UviulWStrm9vVGbTNKb1G19Hdu5TW7UxSWxJ4mLX5DtSI1YNKVxUBRDoQWprZBIJWBFBRKIBewqVqwqdUM3qDvYwYoFEuq/UCEWYWV0zoyTsT1jO2lsp+nnY83Mefmd5/mdOS+PZ3x8nrCzLj+y3twba6Ys7V0xtrRUPe5y/OLvPk/qfPGdHf/0gw/fLx/v3ciudOfF4vdJX5Ja0pPkyaR3bHx2ZmqDgq4nl5N8khRJdqfxuimXU/wsLYfBJyl+U9bb0a7NlsxGlvhS2+n9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7kfF2Pjw8EixKxPTF1+pNSS1NcbGZ2eKLC2tnbO8TMPHVa/fxccb1psU5SN9fctdfT+5//bsJ5LUjuSpxthTVYfk6cu7Dz+x76XHe7qWl++Uzeeye/PFvvXOu9dfW1xceHNLErn/na9PT8zNTEydOV+vTczN1E6fPDl8/MK5udq5icn63KW5+fpUbWy2fmZ+ZrY2MPZcbeT06RO1+tClmYvT58eHJuvLE0/9z+jw8Mnay0Nfq5+ZnZuZPv7y0NzYhYnJyYnp81VMObuMOVXuiF+dmK/N189M1WpXry0unFiVU3dW7b9l0MhGa1IGjW4UNDo8OjoyMjo68l6z9+xbE06+ePrFU8PDPcOrZE3EFu203F8e6ryZ7/1JHO5SV6P9TyYzkelczCuptf0Zy3hmM5OpDvObltv/o8fr69bb2v43W/meltkHyqcjOdic2Neh/e+Qy/b9vJV38m6u57UsZjELeXPHM9ren/OpZzoTmctMJjKVM9WUWnNKLadzMicznFdzIYcyl1rOZSKTqWculzKX+dSrPWoss6nnTOYzk9nUMpCxPJdaRnI6p3MitdQzlEuZycVM53zGc6Yq5WquVe/7iXVyvBU0spmg0XWC1jTmd9z+11f/csKXzlacxuGuLDXb/10bhw6MbUdCAAAAwD33X3/Knv2P/fHvSZGnq+/lz01M1od3Oi0AAADgHqou13uqfOkth55O4fM/AAAAPGiKHGx+C9CfQ42h5f+E8iUAAAAAPCCqv/8fTHHo9gSf/wEAAOAB89DyQMd77G94F/5icPn2v7UrjdcrzYjGWNF/bmKyPjQ2M/nSSI5Vdxmo/tNgTWndSdFb/fvB8znciDrc33jtv11iWWdfGTUy9NJIns+RRsSRgWfKl2cG2kSONiKfbUQ+2xrZnRWRJ8pIAHjQHWnfHhebbP97VxQ2eKBq8nsOtGmDh7WsAHC/OFJd/5/kX80uzdp8/m9GHOz0+f9/V33+77mysv1/LFcPNS4pGMrreSOLuZLBNK84ONSu1OXeCBqXIQxu8G1Af/OShb+c6srgmu8D+m6ta2vsQkYz2PYbgZZyi+UcTjTiurdoIwDANjuybju8ufZ/MIONiA6f//tdUggA95VbPdhv4cBOryMAsJJWGgAAAAAAAAAAAAAAAAAAAAAAAAAAAO69Td3A/8/HksXFhWQbOgu4NdB3JxmuP9CVbcp5xwe6k+xU7f+fO16q3Mb3y1v34A38+J+NI+juFt/JsxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbpUi6203vSnYnGU5yfPuz2jo3djqBe6W27tz3Os0obuZm3s6erUgJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODLrHn//640Xh9uTEpPV3I0yeUkX9/pHO+lmzudwI75VvXccv//rqQ3S7nR0+wAougdG5+dmSo3f7G7nP/pBx++Xz42LnttrwplAWUNKzqXaNbQMqV35VKPVkv1jy+8df17b3ynNn622jHPzp+bHJ86P/uV24FPFB81ukBo7QZhOd8fHP3Dz1sm72pW/lF6OuW/ut5zVb3ja+v9z3ZLd6h3E64tLoyWNc3XX5n//revvd0y67EcTp4ZSAZW1vTN8tGhpsOr38+Vis+KnxR78qtcrrZ/+W4US0W5ifZW6//Q1WuLC0Ovv7F45VZOP1yR074cSnIl6VuZ0/Jou5wOVeeTth6uau0tax2ugsqn/Rus47paShzp8L4+Wu0y/WvWYb06a53XobLB+97M6ETbjH7x3cdz7I639LENamyr+Kz4W3Ehf82PWvr/6Cq3/9G0PTrbFFFFtuwprfNWHF5djchqzUdbZ7y6usyORyVb4Kf5Rv7v1vbvWirK97/luNmm81FLje2Pi+TOj4vf7l3TotxWtUj7V7VIzbNPp2Waee5vRHXI8z/yQtJz4I7OKC9scEbZquP/18VA/pEb+v8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADuf0XS3W56V3I0yb4ke8vxWrK0OubGXdTX1V/cTZr3zN3k/MVTdFzR4mZu5u3s2e6MAAAAAAAAANgaZ8c//eDD98tH9ff47vx3V3NOLelJsq/4Ze/Y+OzM1AYF9SaXl/+k33dnOVwunx65Pf5JOfbkBgvt7OUDAPCF9u8AAAD//yjzadA=") (fail_nth: 14) 1.708239104s ago: executing program 1 (id=482): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00'}) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800900010069706970000000000c0002800500090029000000"], 0x3c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000140)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) socket(0x2c, 0x3, 0x0) r4 = socket(0x10, 0x3, 0x0) write(r4, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000003f0000000000000008000f0001000000", 0x24) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) r7 = socket$kcm(0x10, 0x3, 0x10) readv(r7, &(0x7f0000000400)=[{&(0x7f00000005c0)=""/53, 0x35}], 0x2) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000028000bff7f000000000000000024fc60", 0x14}], 0x1}, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="b722073c000000", @ANYRES16=r6, @ANYBLOB="010000000000000000001400000018000180140002006e65746465"], 0x3c}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x84}}, 0x4004000) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000540)=ANY=[@ANYRES64], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, 0x0, &(0x7f0000000300)) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f00000000c0), 0x4) 1.677225797s ago: executing program 2 (id=483): r0 = perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x50, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) r1 = epoll_create1(0x0) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, 0x1c) sendto$inet6(r2, &(0x7f00000001c0)='O', 0x1, 0x40040c0, &(0x7f0000000280)={0xa, 0xfffd, 0x0, @private2}, 0x1c) shutdown(r2, 0x1) setsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000000)={0x0, 0x167}, 0x8) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0xb0000000}) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000000), 0x4) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001280)=@newtaction={0x44c, 0x31, 0x3d, 0x0, 0x0, {}, [{0x438, 0x1, [@m_police={0x434, 0x0, 0x0, 0x0, {{0xb}, {0x408, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44c}}, 0x0) sendmsg$DEVLINK_CMD_RATE_DEL(r3, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x48, r4, 0x2, 0x70bd2b, 0x25dfdbfe, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @handle=@pci={{0x8}, {0x11}}]}, 0x48}, 0x1, 0x0, 0x0, 0x808}, 0x800) 1.401367621s ago: executing program 3 (id=486): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f00000000c0), 0x10) r2 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x1d, r3}, 0x10, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="0100"], 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@getstats={0x1c, 0x5e, 0x400, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, 0x1}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000044}, 0x10000000) set_mempolicy(0x4005, &(0x7f0000000000)=0x7e, 0x8) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) 1.381257842s ago: executing program 0 (id=487): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001bc0)=@newlink={0x48, 0x10, 0xffffff1f, 0x12000000, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x0, 0x35288}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @remote}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x4000080) 1.352627015s ago: executing program 3 (id=488): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)) syz_init_net_socket$x25(0x9, 0x5, 0x0) (fail_nth: 12) 1.334822826s ago: executing program 2 (id=489): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async, rerun: 64) bpf$PROG_LOAD(0x5, 0x0, 0x0) (rerun: 64) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x403, &(0x7f0000000100)={[{@noblock_validity}, {@errors_continue}, {@errors_remount}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'ext4\x00'}}, {@fowner_lt}], 0x2c}, 0x0, 0x45a, &(0x7f0000000480)="$eJzs20tvG1UbAOB3xknv/ZKvlEsvQKAgIi5Jkxbogg0IpG6QkGBRliFJq9K0QU2QaFXRgFBZov4CYInEL2AFGwSsQGxhj5Aq1A2FBRo09kzrJnaIL6mT+nkkt+d4jn3e1zMnPjNnHEDfGsn/SSJ2RcQvETFUq97eYKT2343rl6b/un5pOokse/2PpNruz+uXpsum5et2FpXRNCL9KIkDDfpduHDxzNTc3Oz5oj6+ePad8YULF585fXbq1Oyp2XOTx44dPTLx/HOTz3Ylz915rPvfnz+47/ibV1+dPnH1re+/zOPdVWyvz6NmuOM+R2Lk9s+yzuMdv/vGsruunAz0MBBaUomIfHcNVsf/UFTi1s4bilc+7GlwwLrKsizbuuLZSllYyoC7WBK9jgDojfKLPj//LR93cPrRc9derJ0A5XnfKB61LQORFm0Gl53fdtNIRJxY+vvT/BENr0MAAHTX1/n85+lG87807qtr979ibWg4Iv4fEXsi4p6I2BsR90ZU294fEQ+02P/IsvrK+c9P29tKbI3y+d8LxdrW7fO/cvYXw5Witrua/2By8vTc7OHiMxmNwa15fWKVPr55+edPmm2rn//lj7z/ci5YxPH7wLILdDNTi1Od5Fzv2gcR+wca5Z/cXAlIImJfROxv4/23RcTpJ7842Gz7f+e/ii6sM2WfRzxR2/9LsSz/UrL6+uT4tpibPTxeHhUr/fDjldea9d9R/l2Q7/8dDY//m/kPJ/XrtQut93Hl14+bntO0e/xvSd6olrcUz703tbh4fiJiS7K08vnJW68t62X7PP/RQ43H/56Ifz4rXncgIvKD+MGIeCgiHi5ifyQiHo2IQ6vk/91Lj73dfv7rK89/pqX933qhcubbr5r1v7b9f7RaGi2emZnKsuzy6nmtNcDOPj0AAADYHNLqPfBJOnaznKZjY7V7+PfGjnRufmHxqZPz756bqd0rPxyDaXmla6jueuhEcW24rE8uqx+pXjfOsizbXq2PTc/PrdeaOrA2O5uM/9xvlV5HB6y7ltbRmv2iDdiU/F4T+pfxD/3L+If+ZfxD/2o0/i9H3OhBKMAd5vsf+pfxD/3L+If+1f74dzMQbGKd/K5/tcKe4+v1zndbobIxwmi5EOmGCKO9QroxwqgVtkbEWhtfjjsVWK//MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTHvwEAAP//H0rrgQ==") ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, 0x0) (async) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) (async) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000180)={'veth1_to_bridge\x00', 0x100}) (async) socket$kcm(0x10, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r0) (async, rerun: 64) socket$inet6(0x10, 0x3, 0x0) (async, rerun: 64) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000100)={0x0, 0x0}, 0x10) (async, rerun: 32) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) (rerun: 32) ioctl$TUNSETIFF(r5, 0x400454ca, 0x0) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) (async) unshare(0x20000400) r6 = epoll_create1(0x0) r7 = fcntl$dupfd(r6, 0x2, 0xffffffffffffffff) (async) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000db00000000000000000095"], &(0x7f0000000040)='GPL\x00'}, 0x90) bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000140)={@cgroup=r7, r8, 0x11}, 0x11) accept$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x0, @multicast1}, &(0x7f0000000300)=0x10) (async) write$cgroup_subtree(r5, &(0x7f0000000380)=ANY=[@ANYBLOB="8fedcb5d07081196f37538e486dd"], 0x280) (async) socket$inet6(0xa, 0x2, 0x0) 1.28193583s ago: executing program 4 (id=490): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000440)='rxrpc_local\x00', r0}, 0x10) r1 = socket$rxrpc(0x21, 0x2, 0xa) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==") r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0) io_setup(0x200, &(0x7f0000000140)=0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000080), 0x208e24b) io_submit(r3, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r2, &(0x7f0000000000), 0x4000}]) r4 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00}, 0x0) sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00}, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000a1ad7d2c95"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r5}, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x1, 0x5, 0xfffffffd) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x8e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x2fe, 0x0, 0x0, 0x0, 0x0}) 1.05482254s ago: executing program 3 (id=491): pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[], 0xfffffecc) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'bridge0\x00'}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x906dd000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 1.05450492s ago: executing program 0 (id=492): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x37}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000b7b9000000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYRES8=r0], &(0x7f00000003c0)='syzkaller\x00', 0x608f62ef, 0x0, 0x0, 0x41100, 0x14, '\x00', 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0xd8401, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5202) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x7fffd, 0x8, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x400000}, 0x48) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000280)={r3, 0x0, 0x0}, 0x20) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a300000000008000240000000032c000000030a01030000000000000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r5 = dup(r4) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a01010000000000000000020000000900010073797a3000000000090003"], 0x74}}, 0x0) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r6, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, "0f03c8c7e8da000000000000ffffff017f000000cce67e1d0000e565aa9a9d32c7627ffe7a54cdbd77b3000000000000000000060000000000000000deff00", 0x1b}, 0x60) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000e70000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) getsockname(0xffffffffffffffff, &(0x7f0000000280)=@xdp={0x2c, 0x0, 0x0}, &(0x7f0000000040)=0x80) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x7, 0x1, 0x9, 0x23, 0x1, 0x100, '\x00', r7, 0xffffffffffffffff, 0x0, 0x5}, 0x48) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x69, 0x4, 0x5, 0x0, r9}, 0x48) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r10}, &(0x7f0000000080), 0x0}, 0x20) sendmsg$nl_route(r8, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x5502000000000000}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r11 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001040)=ANY=[@ANYBLOB="380000000314010000000000000080000900020073797a30000000000800410073697700140033006c6f00"/56], 0x38}}, 0x0) r12 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r12, &(0x7f0000000080)={0x0, 0x9, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 962.451968ms ago: executing program 2 (id=493): openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x5d, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x40}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r0 = socket(0xb, 0x6, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000040)=0x3, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x2, 0x6, 0x221, 0xc1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000001280), 0xb47, r1}, 0x38) bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000100)={r1, &(0x7f00000000c0), 0x20000000}, 0x20) 956.045958ms ago: executing program 0 (id=494): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r1}, 0x10) r2 = epoll_create(0x0) epoll_wait(r2, 0x0, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r4, 0x402, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000016c0)={0x1, &(0x7f0000001680)=[{0x6}]}) socket$packet(0x11, 0x0, 0x300) write$binfmt_script(r0, &(0x7f00000002c0), 0x1000a) 857.178437ms ago: executing program 1 (id=495): socket$packet(0x11, 0x3, 0x300) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x803, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x20000000000001d1, &(0x7f0000000400)=ANY=[@ANYRES16=r0], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='freezer.parent_freezing\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x52, r2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@map, 0xffffffffffffffff, 0x0, 0x0, 0x4, @prog_fd}, 0x20) 801.387352ms ago: executing program 1 (id=496): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000004c0), 0x0, 0x802, 0x0, 0x0) iopl(0x3) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000027d1287cff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup(r1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xc, 0x810, 0xffffffffffffffff, 0xe683e000) r3 = dup3(r0, r2, 0x0) r4 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x13) connect$llc(r3, &(0x7f0000000280)={0x1a, 0x7, 0x2, 0x0, 0xf0, 0xe0, @broadcast}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0) ioctl$EVIOCGPROP(r5, 0x40047438, &(0x7f0000000180)=""/246) pwritev(r5, &(0x7f00000003c0)=[{&(0x7f00000010c0)="aabf", 0x2}, {&(0x7f0000000400)="3d9c", 0x2}, {&(0x7f0000000500)="ddbf", 0x2}, {&(0x7f0000000300)="9daa45392373bb5524c6112fcc059adebd3c0df1b565eec0a24cffebb7a7eabe2086ef8632c05bdb0955efe9501f4cd67c5fb962ac935bb1afad45422b787fdcd198188eab9c2adb776105806788b56408319dbd4142a9b24037844d5d0581c06f4163d215f61fc2327b8eb692b42df135d70fcd047dffb880f297e77f87bd3fb56aef346cee74b2d783bd76263106480c37b708470d202cba27d72bdd07fbdd4c8192d4", 0xa4}], 0x4, 0x0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r8 = dup(r7) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2200000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r9}, 0x2c, {'wfdno', 0x3d, r7}}) write$P9_RLERRORu(r8, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) write$binfmt_elf64(r8, &(0x7f0000000340)=ANY=[], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r8}, 0x2c, {[], [], 0x6b}}) 786.340583ms ago: executing program 4 (id=497): unshare(0x42000000) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000000140)=@allocspi={0x104, 0x16, 0x401, 0x0, 0x0, {{{@in6=@private0, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@remote, 0x0, 0x33}, @in=@remote, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x994}}, 0x8, 0xffffffff}, [@offload={0xc}]}, 0x104}}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) getsockopt$sock_buf(r1, 0x1, 0x37, &(0x7f0000000000)=""/156, &(0x7f00000000c0)=0x9c) 733.116297ms ago: executing program 4 (id=498): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a320000000005000500000000000500010006000000240007"], 0x6c}}, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x4) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x9e, 0x9e, 0x8, [@typedef={0x2}, @volatile={0x4, 0x0, 0x0, 0x9, 0x1}, @const={0xd, 0x0, 0x0, 0xa, 0x3}, @const={0xf, 0x0, 0x0, 0xa, 0x3}, @func={0xc, 0x0, 0x0, 0xc, 0x3}, @datasec={0xc, 0x5, 0x0, 0xf, 0x2, [{0x2, 0x3, 0x10000}, {0x1, 0x7fff, 0x9}, {0x4, 0x2, 0xfffffffc}, {0x2, 0xffffffff, 0x8000}, {0x2, 0x3, 0x5}], "a80a"}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x4}}]}, {0x0, [0x61, 0x61, 0x0, 0x5f, 0x30, 0x0]}}, &(0x7f0000000a40)=""/4096, 0xc0, 0x1000, 0x1, 0x9}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@bloom_filter={0x1e, 0xad37, 0x6, 0x0, 0x80, 0xffffffffffffffff, 0x8d5, '\x00', r2, r3, 0x1, 0x1, 0x5, 0x8}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES64=r1, @ANYRES64=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x34, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0xfff, 0x7, 0x1004}, 0x48) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="680000000301c9e1f7000000002000000000000308000740ffffffff080015400000000208000840000000012c001980050002"], 0x68}, 0x1, 0x0, 0x0, 0x4800}, 0x8080) getsockopt$bt_hci(r0, 0x0, 0x2, &(0x7f0000000600)=""/166, &(0x7f0000000400)=0xa6) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0xb635773f06ebbeee, 0x8031, r0, 0x0) r7 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r7, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r7, 0x29, 0x2c, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x8000, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, 0x108) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone(0x80300000, &(0x7f0000000780)="6c0b7296445a1e7d3aa4f032ff93e681624f22d035abdea869444683e41d7f1037dfc41d40d4833d17d3f9bd190b25d5d316f3636aef35a0730dc01c7bb3c27370b131bbf2dd3aff937c00a1c63938cd0878a0fe99777b17787e3d04c057a689755f65fe6b999274d345317dae40377fc0650f6a5e465569c98e36feab2f4c7fed2a1194a8b4935f3cb94da6d145cc9018f209256001c8bfdb26f202f70fe7a076e5307eaf71934df5511703984e99ca1eb740c3a25533f991b9476719", 0xbd, &(0x7f00000006c0), &(0x7f0000000700), &(0x7f0000000840)="1117d261cec50002509eec6c522714667d82b604fe6ec71ff38561e26ea10c5973f46b9e6a57216b600a42ac8ef2c718d8e32533286a266ecfc472424cffff2bc825883c4307203379cf3ed79c86d2dc3a7ec8d2ac8b12063fb029") connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') 244.935909ms ago: executing program 3 (id=499): perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x26020280) syz_clone(0x1100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0) 189.457524ms ago: executing program 3 (id=500): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002) socket$netlink(0x10, 0x3, 0xc) (async) r1 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket$inet_smc(0x2b, 0x1, 0x0) (async) r2 = socket$inet_smc(0x2b, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) (async) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000140), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000400)=@gcm_128={{0x303, 0x38}, "be00", "00000c70423a000000000000ffff00", "ec69d337", "df02000000000ece"}, 0x28) setsockopt$inet6_tcp_int(r3, 0x6, 0x25, &(0x7f0000000140)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000140), 0x16) (async) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000140), 0x16) write$sndseq(r0, 0x0, 0x0) r4 = dup(r0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}}) 159.407106ms ago: executing program 3 (id=501): socket(0x400000000010, 0x0, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001c80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010000000000000000000200000008000100", @ANYRES32=r1], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000001cc0)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x6, @b={0x3, 0x2, 0x1, 0x1f, {0x1, 'g'}, 0x2}}, 0xa) syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff) io_uring_setup(0x804822, &(0x7f00000004c0)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x307, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TYPE={0x8}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x5c}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x68060200) r6 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r6, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) socket$l2tp(0x2, 0x2, 0x73) syz_emit_ethernet(0xfe, &(0x7f0000000600)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @random="0027fef98049", @val={@void, {0x8100, 0x7, 0x1, 0x2}}, {@ipv4={0x800, @generic={{0x6, 0x4, 0x3, 0x2f, 0xec, 0x62, 0x0, 0x3, 0x1, 0x0, @local, @private=0xa010101, {[@ra={0x94, 0x4, 0x1}]}}, "214602062a2985c08be6e9f4729137dc87d7931f22d6e6e7abb324334e001f22940c6ada86a79beae0fdecdb84a4dc4f9fff7d1a77a80c9cedfa62b1664bb605855fba42eb1397d079a6c1caea1946030742547812b472304c3ce9c18a65b1fa9e94950e8d1985d29958bd6a60505159341b4a24cdfdfc9f4dd6aeea436a46d81e46d7bf06579316b650e0b144a3aba6db3de344558c1a79871986fc528ed5626ec8d53996c4ae12a131a0f8a5ec59af7211f128649f4fb32e7187c57dbcd24027689b7b53decbc454aa87d1fcb97fb980925be8"}}}}, 0x0) r7 = fsopen(&(0x7f00000000c0)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r7, 0x5, &(0x7f00000005c0)='fd', 0x0, r5) r8 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r8, 0x6, 0x19, &(0x7f0000000140)=0x100000001, 0x4) bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r8, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) r9 = fsmount(r7, 0x0, 0x0) mkdirat$cgroup(r9, &(0x7f0000000080)='syz0\x00', 0x1ff) 110.039ms ago: executing program 2 (id=502): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x2200000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[], 0x7c8) mount$9p_fd(0xfe, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) 105.274141ms ago: executing program 0 (id=503): syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) ptrace(0xffffffffffffffff, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newlink={0x44, 0x10, 0x401, 0x0, 0x3a, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0x3, r2}]}, 0x44}, 0x1, 0x8}, 0x0) 435.7µs ago: executing program 0 (id=504): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x37}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000b7b9000000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYRES8=r0], &(0x7f00000003c0)='syzkaller\x00', 0x608f62ef, 0x0, 0x0, 0x41100, 0x14, '\x00', 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0xd8401, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5202) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x7fffd, 0x8, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x400000}, 0x48) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000280)={r3, 0x0, 0x0}, 0x20) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01010000000000000000020000000900010073797a300000000008000240000000032c000000030a01030000000000000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r5 = dup(r4) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a01010000000000000000020000000900010073797a3000000000090003"], 0x74}}, 0x0) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r6, &(0x7f0000000000)={0x27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, "0f03c8c7e8da000000000000ffffff017f000000cce67e1d0000e565aa9a9d32c7627ffe7a54cdbd77b3000000000000000000060000000000000000deff00", 0x1b}, 0x60) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000e70000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) getsockname(0xffffffffffffffff, &(0x7f0000000280)=@xdp={0x2c, 0x0, 0x0}, &(0x7f0000000040)=0x80) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x7, 0x1, 0x9, 0x23, 0x1, 0x100, '\x00', r7, 0xffffffffffffffff, 0x0, 0x5}, 0x48) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x69, 0x4, 0x5, 0x0, r9}, 0x48) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r10}, &(0x7f0000000080), 0x0}, 0x20) sendmsg$nl_route(r8, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x5502000000000000}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r11 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001040)=ANY=[@ANYBLOB="380000000314010000000000000080000900020073797a30000000000800410073697700140033006c6f00"/56], 0x38}}, 0x0) r12 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r12, &(0x7f0000000080)={0x0, 0x9, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 0s ago: executing program 0 (id=505): syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) (async) r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) (async) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r3) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}]}, @NFT_MSG_NEWSETELEM={0x80, 0xc, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x54, 0x3, 0x0, 0x1, [{0x50, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x44, 0xb, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x1}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0xefffffff}, @NFTA_LIMIT_BURST={0x8, 0x3, 0x1, 0x0, 0x5f5}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x7}]}}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x104}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) (async) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syz_tun\x00'}]}]}]}], {0x14}}, 0x80}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f000001f8c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff88644500003c00000021"], 0x0) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2c, r0, 0x811, 0x0, 0x0, {}, [@NL802154_ATTR_SEC_LEVEL={0xc, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x2c}}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) ioctl$KDSKBLED(r6, 0x4b65, 0x5) (async) ioctl$KDSKBLED(r6, 0x4b65, 0x5) r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0)=0x0) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9) sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001c80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010000000000000000000200000008000100", @ANYRES32=r8], 0x1c}}, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000000240)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000280)) (async) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000280)=0x0) sendmsg$NFC_CMD_SE_IO(r1, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000440)={&(0x7f00000002c0)={0xd4, r10, 0x1, 0x70bd27, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r11}, @NFC_ATTR_SE_INDEX={0x8}, @NFC_ATTR_SE_APDU={0x96, 0x19, "665d65c6bc2527a5ea7a01f1fb96c18ba1da156e8e8a42fbe8cc0b10099d34d1cb298dab0c75ff07bb0dfacf411d182e714772f09231bd18e583d6498938050222904b32c4c9b2eb9cf24899cd919867855d24a4a6b06ff85acfaf84f77f5519010b05ba8e847ba5db8e654a5a61d9dac628bcbdc81787fa8e7c58067049ddc15cd4ed83ce2814198777e2e32a51c3a380f4"}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc2}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r12}]}, 0xd4}, 0x1, 0x0, 0x0, 0x4040080}, 0x4) (async) sendmsg$NFC_CMD_SE_IO(r1, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000440)={&(0x7f00000002c0)={0xd4, r10, 0x1, 0x70bd27, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r11}, @NFC_ATTR_SE_INDEX={0x8}, @NFC_ATTR_SE_APDU={0x96, 0x19, "665d65c6bc2527a5ea7a01f1fb96c18ba1da156e8e8a42fbe8cc0b10099d34d1cb298dab0c75ff07bb0dfacf411d182e714772f09231bd18e583d6498938050222904b32c4c9b2eb9cf24899cd919867855d24a4a6b06ff85acfaf84f77f5519010b05ba8e847ba5db8e654a5a61d9dac628bcbdc81787fa8e7c58067049ddc15cd4ed83ce2814198777e2e32a51c3a380f4"}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc2}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r12}]}, 0xd4}, 0x1, 0x0, 0x0, 0x4040080}, 0x4) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) kernel console output (not intermixed with test programs): atman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.814322][ T4066] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.825757][ T4066] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.832727][ T4066] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.858665][ T4066] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.886542][ T4066] hsr_slave_0: entered promiscuous mode [ 45.892553][ T4066] hsr_slave_1: entered promiscuous mode [ 45.898545][ T4066] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 45.906274][ T4066] Cannot create hsr debugfs directory [ 45.929616][ T29] kauditd_printk_skb: 22 callbacks suppressed [ 45.929628][ T29] audit: type=1400 audit(1724529368.912:340): avc: denied { ioctl } for pid=4195 comm="syz.2.152" path="socket:[6522]" dev="sockfs" ino=6522 ioctlcmd=0x8901 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 45.967424][ T4196] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.152'. [ 46.175965][ T4066] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.184506][ T4066] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.193218][ T4066] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 46.202717][ T4066] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 46.217377][ T4066] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.224440][ T4066] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.231903][ T4066] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.239003][ T4066] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.266533][ T4066] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.278710][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.287710][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.300720][ T4066] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.310871][ T4204] siw: device registration error -23 [ 46.311841][ T4104] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.323248][ T4104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.333426][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.340530][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.382029][ T4209] netlink: 88 bytes leftover after parsing attributes in process `syz.0.155'. [ 46.409913][ T4215] loop0: detected capacity change from 0 to 128 [ 46.417968][ T4066] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.428461][ T4215] FAULT_INJECTION: forcing a failure. [ 46.428461][ T4215] name failslab, interval 1, probability 0, space 0, times 0 [ 46.441156][ T4215] CPU: 0 UID: 0 PID: 4215 Comm: syz.0.156 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 46.454159][ T4215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 46.464210][ T4215] Call Trace: [ 46.467478][ T4215] [ 46.470409][ T4215] dump_stack_lvl+0xf2/0x150 [ 46.475029][ T4215] dump_stack+0x15/0x20 [ 46.479187][ T4215] should_fail_ex+0x229/0x230 [ 46.483933][ T4215] ? skb_clone+0x154/0x1f0 [ 46.488340][ T4215] should_failslab+0x8f/0xb0 [ 46.492925][ T4215] kmem_cache_alloc_noprof+0x4c/0x290 [ 46.498439][ T4215] skb_clone+0x154/0x1f0 [ 46.502671][ T4215] __netlink_deliver_tap+0x2bd/0x4c0 [ 46.507949][ T4215] netlink_unicast+0x64a/0x670 [ 46.512776][ T4215] netlink_sendmsg+0x5cc/0x6e0 [ 46.517528][ T4215] ? __pfx_netlink_sendmsg+0x10/0x10 [ 46.522801][ T4215] __sock_sendmsg+0x140/0x180 [ 46.527527][ T4215] ____sys_sendmsg+0x312/0x410 [ 46.532342][ T4215] __sys_sendmsg+0x1e9/0x280 [ 46.536927][ T4215] __x64_sys_sendmsg+0x46/0x50 [ 46.541765][ T4215] x64_sys_call+0x2689/0x2d60 [ 46.546432][ T4215] do_syscall_64+0xc9/0x1c0 [ 46.550929][ T4215] ? clear_bhb_loop+0x55/0xb0 [ 46.555657][ T4215] ? clear_bhb_loop+0x55/0xb0 [ 46.560336][ T4215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 46.566223][ T4215] RIP: 0033:0x7f2f1f049e79 [ 46.570672][ T4215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 46.590326][ T4215] RSP: 002b:00007f2f1dcc1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 46.598728][ T4215] RAX: ffffffffffffffda RBX: 00007f2f1f1e5f80 RCX: 00007f2f1f049e79 [ 46.606682][ T4215] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000006 [ 46.614717][ T4215] RBP: 00007f2f1dcc1090 R08: 0000000000000000 R09: 0000000000000000 [ 46.622671][ T4215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 46.630716][ T4215] R13: 0000000000000000 R14: 00007f2f1f1e5f80 R15: 00007ffea51a0858 [ 46.638673][ T4215] [ 46.690343][ T4066] veth0_vlan: entered promiscuous mode [ 46.698943][ T4066] veth1_vlan: entered promiscuous mode [ 46.716015][ T4066] veth0_macvtap: entered promiscuous mode [ 46.724219][ T4066] veth1_macvtap: entered promiscuous mode [ 46.735509][ T4066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.746045][ T4066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.756002][ T4066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.766561][ T4066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.776425][ T4066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.786842][ T4066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.797508][ T4066] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.806994][ T4066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.817536][ T4066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.827406][ T4066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.837835][ T4066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.847745][ T4066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.858231][ T4066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.869418][ T4066] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.882822][ T4066] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.891629][ T4066] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.900336][ T4066] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.909065][ T4066] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.023832][ T4251] FAULT_INJECTION: forcing a failure. [ 47.023832][ T4251] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 47.036921][ T4251] CPU: 1 UID: 0 PID: 4251 Comm: syz.1.162 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 47.047562][ T4251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 47.057659][ T4251] Call Trace: [ 47.061018][ T4251] [ 47.063948][ T4251] dump_stack_lvl+0xf2/0x150 [ 47.068612][ T4251] dump_stack+0x15/0x20 [ 47.072784][ T4251] should_fail_ex+0x229/0x230 [ 47.077475][ T4251] should_fail+0xb/0x10 [ 47.081698][ T4251] should_fail_usercopy+0x1a/0x20 [ 47.086740][ T4251] _copy_from_user+0x1e/0xd0 [ 47.091474][ T4251] do_fcntl+0x5f6/0xe20 [ 47.095651][ T4251] ? selinux_file_fcntl+0x1ca/0x1e0 [ 47.100928][ T4251] __se_sys_fcntl+0xc4/0x190 [ 47.105541][ T4251] __x64_sys_fcntl+0x43/0x50 [ 47.110205][ T4251] x64_sys_call+0x209e/0x2d60 [ 47.114940][ T4251] do_syscall_64+0xc9/0x1c0 [ 47.119450][ T4251] ? clear_bhb_loop+0x55/0xb0 [ 47.124138][ T4251] ? clear_bhb_loop+0x55/0xb0 [ 47.128848][ T4251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.134747][ T4251] RIP: 0033:0x7f8676199e79 [ 47.139153][ T4251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 47.158853][ T4251] RSP: 002b:00007f8674df0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 47.167309][ T4251] RAX: ffffffffffffffda RBX: 00007f8676336058 RCX: 00007f8676199e79 [ 47.175283][ T4251] RDX: 0000000020000000 RSI: 0000000000000026 RDI: 0000000000000005 [ 47.183255][ T4251] RBP: 00007f8674df0090 R08: 0000000000000000 R09: 0000000000000000 [ 47.191301][ T4251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 47.199279][ T4251] R13: 0000000000000001 R14: 00007f8676336058 R15: 00007ffcd1c73fb8 [ 47.207261][ T4251] [ 47.216799][ T4253] loop3: detected capacity change from 0 to 512 [ 47.246822][ T4253] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.259946][ T4256] siw: device registration error -23 [ 47.271965][ T4253] ext4 filesystem being mounted at /42/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 47.288436][ T29] audit: type=1400 audit(1724529370.272:341): avc: denied { append } for pid=4252 comm="syz.3.163" path="/42/bus/cgroup.controllers" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 47.346776][ T3257] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.398863][ T29] audit: type=1400 audit(1724529370.382:342): avc: denied { getopt } for pid=4262 comm="syz.3.166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 47.420597][ T4264] xt_recent: hitcount (134217728) is larger than allowed maximum (65535) [ 47.428265][ T29] audit: type=1400 audit(1724529370.402:343): avc: denied { setopt } for pid=4260 comm="syz.1.165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 47.571687][ T29] audit: type=1400 audit(1724529370.552:344): avc: denied { connect } for pid=4265 comm="syz.3.167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 47.580000][ T4269] loop0: detected capacity change from 0 to 128 [ 47.597987][ T4269] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 47.610444][ T29] audit: type=1326 audit(1724529370.602:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4265 comm="syz.3.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd01fca9e79 code=0x7ffc0000 [ 47.610492][ T4269] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 47.633894][ T29] audit: type=1326 audit(1724529370.622:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4265 comm="syz.3.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd01fca9e79 code=0x7ffc0000 [ 47.686789][ T29] audit: type=1400 audit(1724529370.672:347): avc: denied { write } for pid=4271 comm="syz.0.169" name="ppp" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 47.699056][ T4274] FAULT_INJECTION: forcing a failure. [ 47.699056][ T4274] name failslab, interval 1, probability 0, space 0, times 0 [ 47.722238][ T4274] CPU: 0 UID: 0 PID: 4274 Comm: syz.3.170 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 47.732812][ T4274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 47.742854][ T4274] Call Trace: [ 47.746114][ T4274] [ 47.749025][ T4274] dump_stack_lvl+0xf2/0x150 [ 47.753752][ T4274] dump_stack+0x15/0x20 [ 47.757930][ T4274] should_fail_ex+0x229/0x230 [ 47.762703][ T4274] ? iovec_from_user+0x84/0x210 [ 47.767535][ T4274] should_failslab+0x8f/0xb0 [ 47.772110][ T4274] __kmalloc_noprof+0xa5/0x370 [ 47.777012][ T4274] iovec_from_user+0x84/0x210 [ 47.781734][ T4274] __import_iovec+0xd8/0x520 [ 47.786314][ T4274] import_iovec+0xbc/0xd0 [ 47.790638][ T4274] vfs_writev+0xf0/0x880 [ 47.794889][ T4274] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 47.800522][ T4274] ? vfs_write+0x5a5/0x900 [ 47.804928][ T4274] __x64_sys_pwritev+0x100/0x1c0 [ 47.809846][ T4274] x64_sys_call+0x2a03/0x2d60 [ 47.814503][ T4274] do_syscall_64+0xc9/0x1c0 [ 47.819057][ T4274] ? clear_bhb_loop+0x55/0xb0 [ 47.823754][ T4274] ? clear_bhb_loop+0x55/0xb0 [ 47.828475][ T4274] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.834355][ T4274] RIP: 0033:0x7fd01fca9e79 [ 47.838876][ T4274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 47.858496][ T4274] RSP: 002b:00007fd01e927038 EFLAGS: 00000246 ORIG_RAX: 0000000000000128 [ 47.866883][ T4274] RAX: ffffffffffffffda RBX: 00007fd01fe45f80 RCX: 00007fd01fca9e79 [ 47.874896][ T4274] RDX: 1000000000000011 RSI: 00000000200001c0 RDI: 0000000000000004 [ 47.882848][ T4274] RBP: 00007fd01e927090 R08: 0000000000000001 R09: 0000000000000000 [ 47.890843][ T4274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 47.898807][ T4274] R13: 0000000000000000 R14: 00007fd01fe45f80 R15: 00007ffe8af60f98 [ 47.906762][ T4274] [ 47.998473][ T4278] lo speed is unknown, defaulting to 1000 [ 48.184172][ T29] audit: type=1326 audit(1724529371.172:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4284 comm="syz.3.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd01fca9e79 code=0x7ffc0000 [ 48.208129][ T4285] ÿÿÿÿÿÿ: renamed from vlan0 [ 48.213065][ T29] audit: type=1326 audit(1724529371.192:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4284 comm="syz.3.174" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fd01fca9e79 code=0x7ffc0000 [ 48.248123][ T4285] loop3: detected capacity change from 0 to 512 [ 48.266087][ T4285] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.279567][ T4285] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.425954][ T4292] loop1: detected capacity change from 0 to 128 [ 48.433881][ T4292] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 48.447309][ T4292] ext4 filesystem being mounted at /4/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 48.458158][ T4292] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.175: No space for directory leaf checksum. Please run e2fsck -D. [ 48.473388][ T4292] EXT4-fs error (device loop1): __ext4_find_entry:1652: inode #2: comm syz.1.175: checksumming directory block 0 [ 48.486101][ T4292] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.175: No space for directory leaf checksum. Please run e2fsck -D. [ 48.501516][ T4292] EXT4-fs error (device loop1): __ext4_find_entry:1652: inode #2: comm syz.1.175: checksumming directory block 0 [ 48.514118][ T4292] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.175: No space for directory leaf checksum. Please run e2fsck -D. [ 48.529469][ T4292] EXT4-fs error (device loop1): __ext4_find_entry:1652: inode #2: comm syz.1.175: checksumming directory block 0 [ 48.541923][ T4292] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.175: No space for directory leaf checksum. Please run e2fsck -D. [ 48.557328][ T4292] EXT4-fs error (device loop1): __ext4_find_entry:1652: inode #2: comm syz.1.175: checksumming directory block 0 [ 48.570778][ T4292] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.175: No space for directory leaf checksum. Please run e2fsck -D. [ 48.586059][ T4292] EXT4-fs error (device loop1): __ext4_find_entry:1652: inode #2: comm syz.1.175: checksumming directory block 0 [ 48.598862][ T4292] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.175: No space for directory leaf checksum. Please run e2fsck -D. [ 48.614258][ T4292] EXT4-fs error (device loop1): __ext4_find_entry:1652: inode #2: comm syz.1.175: checksumming directory block 0 [ 48.626761][ T4292] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.175: No space for directory leaf checksum. Please run e2fsck -D. [ 48.641972][ T4292] EXT4-fs error (device loop1): __ext4_find_entry:1652: inode #2: comm syz.1.175: checksumming directory block 0 [ 48.654341][ T4292] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.175: No space for directory leaf checksum. Please run e2fsck -D. [ 48.669579][ T4292] EXT4-fs error (device loop1): __ext4_find_entry:1652: inode #2: comm syz.1.175: checksumming directory block 0 [ 48.682945][ T4292] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.175: No space for directory leaf checksum. Please run e2fsck -D. [ 48.698209][ T4292] EXT4-fs error (device loop1): __ext4_find_entry:1652: inode #2: comm syz.1.175: checksumming directory block 0 [ 48.710789][ T4292] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz.1.175: No space for directory leaf checksum. Please run e2fsck -D. [ 48.726134][ T4292] EXT4-fs error (device loop1): __ext4_find_entry:1652: inode #2: comm syz.1.175: checksumming directory block 0 [ 48.825840][ T4298] siw: device registration error -23 [ 48.859545][ T4300] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1107 sclass=netlink_route_socket pid=4300 comm=syz.0.177 [ 48.872366][ T4300] netlink: 12 bytes leftover after parsing attributes in process `syz.0.177'. [ 48.898429][ T4302] loop0: detected capacity change from 0 to 512 [ 48.906008][ T4302] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.178: bad orphan inode 4 [ 48.916490][ T4302] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.027767][ T3257] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.037842][ T3262] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.080363][ T4319] loop0: detected capacity change from 0 to 1024 [ 49.090600][ T4319] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.115318][ T4319] netlink: 4 bytes leftover after parsing attributes in process `syz.0.183'. [ 49.125435][ T4319] netlink: 72 bytes leftover after parsing attributes in process `syz.0.183'. [ 49.134399][ T4319] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 49.175955][ T4066] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 49.204400][ T3262] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.265191][ T4327] loop0: detected capacity change from 0 to 1024 [ 49.272614][ T4327] EXT4-fs: Ignoring removed mblk_io_submit option [ 49.287330][ T4327] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.922398][ T4336] loop4: detected capacity change from 0 to 512 [ 49.935993][ T4336] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.949106][ T4336] ext4 filesystem being mounted at /6/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 50.005697][ T4341] siw: device registration error -23 [ 50.024897][ T3850] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.044896][ T4350] loop4: detected capacity change from 0 to 128 [ 50.053160][ T4350] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 50.066906][ T4350] ext4 filesystem being mounted at /7/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 50.108253][ T3262] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.160898][ T4361] loop0: detected capacity change from 0 to 1024 [ 50.168755][ T4357] netlink: 4 bytes leftover after parsing attributes in process `syz.1.194'. [ 50.169459][ T4361] EXT4-fs: Ignoring removed nobh option [ 50.185160][ T3850] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 50.194412][ T4361] EXT4-fs: Ignoring removed bh option [ 50.205601][ T4361] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.225270][ T4366] netlink: 12 bytes leftover after parsing attributes in process `syz.4.197'. [ 50.310372][ T3262] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.348878][ T4374] netlink: 'syz.3.201': attribute type 15 has an invalid length. [ 50.356816][ T4374] netlink: 11386 bytes leftover after parsing attributes in process `syz.3.201'. [ 50.367356][ T4376] netlink: 4 bytes leftover after parsing attributes in process `syz.0.200'. [ 50.434156][ T4379] siw: device registration error -23 [ 50.460717][ T4387] FAULT_INJECTION: forcing a failure. [ 50.460717][ T4387] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 50.473831][ T4387] CPU: 0 UID: 0 PID: 4387 Comm: syz.1.205 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 50.484498][ T4387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 50.494559][ T4387] Call Trace: [ 50.497835][ T4387] [ 50.500761][ T4387] dump_stack_lvl+0xf2/0x150 [ 50.505368][ T4387] dump_stack+0x15/0x20 [ 50.509612][ T4387] should_fail_ex+0x229/0x230 [ 50.514347][ T4387] should_fail+0xb/0x10 [ 50.518597][ T4387] should_fail_usercopy+0x1a/0x20 [ 50.523710][ T4387] _copy_from_user+0x1e/0xd0 [ 50.528376][ T4387] usbdev_ioctl+0x1680/0x3e10 [ 50.533061][ T4387] ? do_vfs_ioctl+0x99e/0x1560 [ 50.537882][ T4387] ? selinux_file_ioctl+0x2f7/0x380 [ 50.543219][ T4387] ? __fget_files+0x1da/0x210 [ 50.547934][ T4387] ? __pfx_usbdev_ioctl+0x10/0x10 [ 50.552968][ T4387] __se_sys_ioctl+0xd3/0x150 [ 50.557639][ T4387] __x64_sys_ioctl+0x43/0x50 [ 50.562249][ T4387] x64_sys_call+0x15cc/0x2d60 [ 50.567003][ T4387] do_syscall_64+0xc9/0x1c0 [ 50.571549][ T4387] ? clear_bhb_loop+0x55/0xb0 [ 50.576240][ T4387] ? clear_bhb_loop+0x55/0xb0 [ 50.580993][ T4387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.586891][ T4387] RIP: 0033:0x7f8676199e79 [ 50.591308][ T4387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.611105][ T4387] RSP: 002b:00007f8674e11038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 50.619523][ T4387] RAX: ffffffffffffffda RBX: 00007f8676335f80 RCX: 00007f8676199e79 [ 50.627497][ T4387] RDX: 0000000020000000 RSI: 00000000c0105500 RDI: 0000000000000005 [ 50.635556][ T4387] RBP: 00007f8674e11090 R08: 0000000000000000 R09: 0000000000000000 [ 50.643531][ T4387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 50.651636][ T4387] R13: 0000000000000000 R14: 00007f8676335f80 R15: 00007ffcd1c73fb8 [ 50.659612][ T4387] [ 50.730403][ T4392] loop4: detected capacity change from 0 to 2048 [ 50.905152][ T4384] loop3: detected capacity change from 0 to 65536 [ 51.204385][ T4404] loop0: detected capacity change from 0 to 512 [ 51.215793][ T4404] __quota_error: 64 callbacks suppressed [ 51.215807][ T4404] Quota error (device loop0): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 51.231467][ T4404] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 51.241407][ T4404] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.211: Failed to acquire dquot type 1 [ 51.255095][ T4404] EXT4-fs (loop0): 1 truncate cleaned up [ 51.261286][ T4404] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.276082][ T4404] ext4 filesystem being mounted at /44/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 51.332320][ T3262] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.351252][ T29] audit: type=1400 audit(1724529374.332:414): avc: denied { execute } for pid=4407 comm="syz.0.212" path="/45/blkio.throttle.io_serviced_recursive" dev="tmpfs" ino=265 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 51.379473][ T4408] loop0: detected capacity change from 0 to 512 [ 51.387252][ T4408] EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2812: inode #11: comm syz.0.212: corrupted xattr block 95: invalid header [ 51.402095][ T4408] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.212: bg 0: block 7: invalid block bitmap [ 51.415091][ T4408] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 51.423937][ T4408] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2978: inode #11: comm syz.0.212: corrupted xattr block 95: invalid header [ 51.438591][ T4408] EXT4-fs warning (device loop0): ext4_evict_inode:271: xattr delete (err -117) [ 51.447791][ T4408] EXT4-fs (loop0): 1 orphan inode deleted [ 51.454655][ T4408] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.467381][ T4408] FAULT_INJECTION: forcing a failure. [ 51.467381][ T4408] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 51.480457][ T4408] CPU: 0 UID: 0 PID: 4408 Comm: syz.0.212 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 51.491092][ T4408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 51.501231][ T4408] Call Trace: [ 51.504515][ T4408] [ 51.507444][ T4408] dump_stack_lvl+0xf2/0x150 [ 51.512172][ T4408] dump_stack+0x15/0x20 [ 51.516371][ T4408] should_fail_ex+0x229/0x230 [ 51.521127][ T4408] should_fail+0xb/0x10 [ 51.525316][ T4408] should_fail_usercopy+0x1a/0x20 [ 51.530460][ T4408] _copy_from_iter+0xd3/0xb00 [ 51.535142][ T4408] ? kernel_fpu_begin_mask+0x19d/0x200 [ 51.540705][ T4408] ? kernel_fpu_end+0x5e/0x80 [ 51.545409][ T4408] ? blake2s_compress+0xab/0xd0 [ 51.550310][ T4408] ? blake2s_update+0x120/0x140 [ 51.555219][ T4408] write_pool_user+0x80/0x1e0 [ 51.559901][ T4408] ? import_ubuf+0xe9/0x120 [ 51.564437][ T4408] random_ioctl+0x2c6/0x3f0 [ 51.568964][ T4408] ? __pfx_random_ioctl+0x10/0x10 [ 51.573998][ T4408] __se_sys_ioctl+0xd3/0x150 [ 51.578643][ T4408] __x64_sys_ioctl+0x43/0x50 [ 51.583270][ T4408] x64_sys_call+0x15cc/0x2d60 [ 51.587954][ T4408] do_syscall_64+0xc9/0x1c0 [ 51.592469][ T4408] ? clear_bhb_loop+0x55/0xb0 [ 51.597154][ T4408] ? clear_bhb_loop+0x55/0xb0 [ 51.601839][ T4408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.607806][ T4408] RIP: 0033:0x7f2f1f049e79 [ 51.612292][ T4408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.631903][ T4408] RSP: 002b:00007f2f1dcc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 51.640390][ T4408] RAX: ffffffffffffffda RBX: 00007f2f1f1e5f80 RCX: 00007f2f1f049e79 [ 51.648365][ T4408] RDX: 0000000020000000 RSI: 0000000040085203 RDI: 0000000000000005 [ 51.656408][ T4408] RBP: 00007f2f1dcc1090 R08: 0000000000000000 R09: 0000000000000000 [ 51.664370][ T4408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 51.672590][ T4408] R13: 0000000000000000 R14: 00007f2f1f1e5f80 R15: 00007ffea51a0858 [ 51.680560][ T4408] [ 51.729383][ T3262] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.732391][ T4411] capability: warning: `syz.1.213' uses 32-bit capabilities (legacy support in use) [ 51.751141][ T4411] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 51.758717][ T4411] vhci_hcd: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub [ 51.786117][ T4415] netlink: 32 bytes leftover after parsing attributes in process `syz.4.215'. [ 51.786321][ T29] audit: type=1326 audit(1724529374.762:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4416 comm="syz.1.216" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8676199e79 code=0x0 [ 51.803296][ T4415] loop4: detected capacity change from 0 to 512 [ 51.839730][ T4415] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 51.841813][ T4425] loop1: detected capacity change from 0 to 512 [ 51.856922][ T4415] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.215: bg 0: block 64: padding at end of block bitmap is not set [ 51.872260][ T4425] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 51.874649][ T4415] Quota error (device loop4): write_blk: dquota write failed [ 51.882145][ T4425] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 51.890775][ T4415] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 51.911273][ T4415] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.215: Failed to acquire dquot type 0 [ 51.926103][ T4423] siw: device registration error -23 [ 51.940637][ T4425] netlink: 140 bytes leftover after parsing attributes in process `syz.1.218'. [ 51.949631][ T4425] netlink: 12 bytes leftover after parsing attributes in process `syz.1.218'. [ 51.960396][ T4415] EXT4-fs (loop4): 1 truncate cleaned up [ 51.966562][ T4415] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.033278][ T4433] autofs4:pid:4433:validate_dev_ioctl: path string terminator missing for cmd(0xc018937c) [ 52.048324][ T4415] syz.4.215 (4415) used greatest stack depth: 9392 bytes left [ 52.059058][ T3850] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.093207][ T4437] loop4: detected capacity change from 0 to 512 [ 52.101032][ T4437] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.222: casefold flag without casefold feature [ 52.114684][ T4437] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.222: couldn't read orphan inode 15 (err -117) [ 52.128688][ T4437] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.156476][ T29] audit: type=1400 audit(1724529375.142:416): avc: denied { mounton } for pid=4436 comm="syz.4.222" path="/15/file0/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 52.157857][ T4441] lo speed is unknown, defaulting to 1000 [ 52.290559][ T4441] Process accounting resumed [ 52.298389][ T29] audit: type=1400 audit(1724529375.282:417): avc: denied { unmount } for pid=3850 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 52.332080][ T3850] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.373808][ T29] audit: type=1400 audit(1724529375.312:418): avc: denied { unlink } for pid=3850 comm="syz-executor" name="bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 52.589600][ T29] audit: type=1400 audit(1724529375.572:419): avc: denied { mount } for pid=4448 comm="syz.1.226" name="/" dev="ramfs" ino=6997 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 52.876353][ T4458] FAULT_INJECTION: forcing a failure. [ 52.876353][ T4458] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 52.889618][ T4458] CPU: 0 UID: 0 PID: 4458 Comm: syz.3.228 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 52.900290][ T4458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 52.910340][ T4458] Call Trace: [ 52.913642][ T4458] [ 52.916591][ T4458] dump_stack_lvl+0xf2/0x150 [ 52.921217][ T4458] dump_stack+0x15/0x20 [ 52.925380][ T4458] should_fail_ex+0x229/0x230 [ 52.930074][ T4458] should_fail_alloc_page+0xfd/0x110 [ 52.935407][ T4458] __alloc_pages_noprof+0x109/0x360 [ 52.940620][ T4458] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 52.946007][ T4458] vma_alloc_folio_noprof+0x1a0/0x2f0 [ 52.951444][ T4458] do_wp_page+0x62b/0x22c0 [ 52.955915][ T4458] ? __rcu_read_lock+0x36/0x50 [ 52.960686][ T4458] handle_mm_fault+0xbf0/0x2940 [ 52.965546][ T4458] ? mas_walk+0x204/0x320 [ 52.969880][ T4458] exc_page_fault+0x3b9/0x650 [ 52.974562][ T4458] asm_exc_page_fault+0x26/0x30 [ 52.979422][ T4458] RIP: 0033:0x7fd01fb6dca0 [ 52.983827][ T4458] Code: 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 47 0f b6 0c 08 45 84 c9 74 08 <45> 88 0c 00 49 8b 47 10 48 83 c0 01 49 89 47 10 83 e9 01 73 d3 41 [ 53.003496][ T4458] RSP: 002b:00007fd01e9264a0 EFLAGS: 00010202 [ 53.009608][ T4458] RAX: 0000000000003005 RBX: 00007fd01e926540 RCX: 0000000000000020 [ 53.017558][ T4458] RDX: 00000000000001ff RSI: 0000000000000800 RDI: 00007fd01e9265e0 [ 53.025539][ T4458] RBP: 0000000000000021 R08: 00007fd016507000 R09: 0000000000000008 [ 53.033491][ T4458] R10: 0000000020000b82 R11: 00000000000004e0 R12: 0000000000000601 [ 53.041502][ T4458] R13: 00007fd01fd2b880 R14: 0000000000000015 R15: 00007fd01e9265e0 [ 53.049478][ T4458] [ 53.052645][ T4458] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 53.081708][ T4458] loop3: detected capacity change from 0 to 512 [ 53.095693][ T4458] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.109188][ T4458] ext4 filesystem being mounted at /57/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.138827][ T4460] loop0: detected capacity change from 0 to 1024 [ 53.148337][ T4460] EXT4-fs: Ignoring removed oldalloc option [ 53.154835][ T4460] EXT4-fs: Mount option(s) incompatible with ext2 [ 53.163414][ T3257] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.408130][ T4110] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.466821][ T4110] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.528725][ T4110] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.589470][ T4480] lo speed is unknown, defaulting to 1000 [ 53.608246][ T4110] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.676656][ T4496] loop4: detected capacity change from 0 to 128 [ 53.703397][ T4496] EXT4-fs: Ignoring removed nobh option [ 53.710624][ T4110] bridge_slave_1: left allmulticast mode [ 53.716394][ T4110] bridge_slave_1: left promiscuous mode [ 53.722021][ T4110] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.731506][ T4496] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 53.744376][ T4110] bridge_slave_0: left allmulticast mode [ 53.750022][ T4110] bridge_slave_0: left promiscuous mode [ 53.755757][ T4110] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.757348][ T4496] ext4 filesystem being mounted at /20/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 53.764674][ T4494] FAULT_INJECTION: forcing a failure. [ 53.764674][ T4494] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 53.786051][ T4494] CPU: 0 UID: 0 PID: 4494 Comm: syz.0.238 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 53.790842][ T3850] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path /20/mnt/lost+found: directory fails checksum at offset 1024 [ 53.796630][ T4494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 53.796642][ T4494] Call Trace: [ 53.796649][ T4494] [ 53.796656][ T4494] dump_stack_lvl+0xf2/0x150 [ 53.812965][ T3850] EXT4-fs error (device loop4): ext4_empty_dir:3115: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 53.821352][ T4494] dump_stack+0x15/0x20 [ 53.821384][ T4494] should_fail_ex+0x229/0x230 [ 53.825579][ T3850] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path /20/mnt/lost+found: directory fails checksum at offset 1024 [ 53.827552][ T4494] should_fail+0xb/0x10 [ 53.827579][ T4494] should_fail_usercopy+0x1a/0x20 [ 53.827607][ T4494] _copy_from_user+0x1e/0xd0 [ 53.832440][ T3850] EXT4-fs error (device loop4): ext4_empty_dir:3115: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 53.844969][ T4494] kstrtouint_from_user+0x76/0xe0 [ 53.850477][ T3850] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path /20/mnt/lost+found: directory fails checksum at offset 1024 [ 53.853786][ T4494] proc_fail_nth_write+0x4f/0x160 [ 53.853814][ T4494] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 53.869583][ T3850] EXT4-fs error (device loop4): ext4_empty_dir:3115: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 53.872627][ T4494] vfs_write+0x28b/0x900 [ 53.877863][ T3850] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path /20/mnt/lost+found: directory fails checksum at offset 1024 [ 53.882189][ T4494] ? __fget_files+0x1da/0x210 [ 53.882211][ T4494] ksys_write+0xeb/0x1b0 [ 53.896763][ T3850] EXT4-fs error (device loop4): ext4_empty_dir:3115: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 53.900006][ T4494] __x64_sys_write+0x42/0x50 [ 53.915633][ T3850] EXT4-fs error (device loop4): ext4_readdir:220: inode #11: comm syz-executor: path /20/mnt/lost+found: directory fails checksum at offset 1024 [ 53.919636][ T4494] x64_sys_call+0x27dd/0x2d60 [ 53.925517][ T3850] EXT4-fs error (device loop4): ext4_empty_dir:3115: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 53.938048][ T4494] do_syscall_64+0xc9/0x1c0 [ 53.938079][ T4494] ? clear_bhb_loop+0x55/0xb0 [ 54.024556][ T4494] ? clear_bhb_loop+0x55/0xb0 [ 54.029221][ T4494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.035215][ T4494] RIP: 0033:0x7f2f1f04895f [ 54.039608][ T4494] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 54.059219][ T4494] RSP: 002b:00007f2f1dcc1030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 54.067611][ T4494] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2f1f04895f [ 54.075621][ T4494] RDX: 0000000000000001 RSI: 00007f2f1dcc10a0 RDI: 0000000000000003 [ 54.083660][ T4494] RBP: 00007f2f1dcc1090 R08: 0000000000000000 R09: 0000000000000000 [ 54.091607][ T4494] R10: 0000000020001000 R11: 0000000000000293 R12: 0000000000000001 [ 54.099555][ T4494] R13: 0000000000000000 R14: 00007f2f1f1e5f80 R15: 00007ffea51a0858 [ 54.107599][ T4494] [ 54.161031][ T4502] syz.3.241 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 54.217050][ T4110] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 54.227196][ T4110] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 54.237412][ T4110] bond0 (unregistering): Released all slaves [ 54.255945][ T4480] chnl_net:caif_netlink_parms(): no params data found [ 54.278753][ T4507] siw: device registration error -23 [ 54.296646][ T4480] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.303816][ T4480] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.311090][ T4480] bridge_slave_0: entered allmulticast mode [ 54.317593][ T4480] bridge_slave_0: entered promiscuous mode [ 54.324563][ T4480] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.331702][ T4480] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.339406][ T4480] bridge_slave_1: entered allmulticast mode [ 54.346361][ T4480] bridge_slave_1: entered promiscuous mode [ 54.361235][ T4513] loop0: detected capacity change from 0 to 164 [ 54.369873][ T4480] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.385581][ T4110] hsr_slave_0: left promiscuous mode [ 54.391372][ T4110] hsr_slave_1: left promiscuous mode [ 54.397876][ T4110] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 54.405374][ T4110] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 54.413955][ T4110] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 54.421471][ T4110] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 54.432599][ T4110] veth1_macvtap: left promiscuous mode [ 54.438100][ T4110] veth0_macvtap: left promiscuous mode [ 54.443665][ T4110] veth1_vlan: left promiscuous mode [ 54.448933][ T4110] veth0_vlan: left promiscuous mode [ 54.529018][ T4110] team0 (unregistering): Port device team_slave_1 removed [ 54.540774][ T4110] team0 (unregistering): Port device team_slave_0 removed [ 54.584105][ T4480] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.614580][ T4480] team0: Port device team_slave_0 added [ 54.627048][ T4480] team0: Port device team_slave_1 added [ 54.651100][ T4480] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.658148][ T4480] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.684045][ T4480] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.696461][ T4480] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.703383][ T4535] loop0: detected capacity change from 0 to 1024 [ 54.703419][ T4480] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.713895][ T4535] journal_path: Lookup failure for './file1' [ 54.735695][ T4480] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.752294][ T4535] EXT4-fs: error: could not find journal device path [ 54.761815][ T4518] lo speed is unknown, defaulting to 1000 [ 54.775494][ T4480] hsr_slave_0: entered promiscuous mode [ 54.781725][ T4480] hsr_slave_1: entered promiscuous mode [ 54.787819][ T4480] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.796295][ T4480] Cannot create hsr debugfs directory [ 54.891154][ T4518] chnl_net:caif_netlink_parms(): no params data found [ 54.926351][ T4518] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.933501][ T4518] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.940711][ T4518] bridge_slave_0: entered allmulticast mode [ 54.947329][ T4518] bridge_slave_0: entered promiscuous mode [ 54.954024][ T4518] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.961084][ T4518] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.969331][ T4518] bridge_slave_1: entered allmulticast mode [ 54.975903][ T4518] bridge_slave_1: entered promiscuous mode [ 55.015187][ T4518] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.025968][ T4547] FAULT_INJECTION: forcing a failure. [ 55.025968][ T4547] name failslab, interval 1, probability 0, space 0, times 0 [ 55.038673][ T4547] CPU: 1 UID: 0 PID: 4547 Comm: syz.0.251 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 55.049259][ T4547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 55.059370][ T4547] Call Trace: [ 55.062644][ T4547] [ 55.065570][ T4547] dump_stack_lvl+0xf2/0x150 [ 55.070167][ T4547] dump_stack+0x15/0x20 [ 55.074337][ T4547] should_fail_ex+0x229/0x230 [ 55.079103][ T4547] ? security_inode_alloc+0x32/0xd0 [ 55.084334][ T4547] should_failslab+0x8f/0xb0 [ 55.088993][ T4547] kmem_cache_alloc_noprof+0x4c/0x290 [ 55.094409][ T4547] security_inode_alloc+0x32/0xd0 [ 55.099497][ T4547] inode_init_always+0x439/0x480 [ 55.104476][ T4547] ? __pfx_proc_alloc_inode+0x10/0x10 [ 55.109847][ T4547] alloc_inode+0x7d/0x160 [ 55.114302][ T4547] new_inode+0x1e/0x100 [ 55.118448][ T4547] proc_pid_make_inode+0x1d/0xd0 [ 55.123397][ T4547] proc_fd_instantiate+0x36/0x170 [ 55.128507][ T4547] proc_fill_cache+0x1bf/0x240 [ 55.133319][ T4547] ? __pfx_proc_fd_instantiate+0x10/0x10 [ 55.138962][ T4547] proc_readfd_common+0x2a9/0x3e0 [ 55.143992][ T4547] ? __pfx_proc_fd_instantiate+0x10/0x10 [ 55.149622][ T4547] proc_readfd+0x24/0x30 [ 55.153911][ T4547] iterate_dir+0x12c/0x330 [ 55.158367][ T4547] __se_sys_getdents+0x88/0x1a0 [ 55.163239][ T4547] ? __pfx_filldir+0x10/0x10 [ 55.167896][ T4547] __x64_sys_getdents+0x43/0x50 [ 55.172750][ T4547] x64_sys_call+0x2bbb/0x2d60 [ 55.177511][ T4547] do_syscall_64+0xc9/0x1c0 [ 55.182021][ T4547] ? clear_bhb_loop+0x55/0xb0 [ 55.186706][ T4547] ? clear_bhb_loop+0x55/0xb0 [ 55.191379][ T4547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.197276][ T4547] RIP: 0033:0x7f2f1f049e79 [ 55.201683][ T4547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.221342][ T4547] RSP: 002b:00007f2f1dc7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 55.227724][ T4518] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.229746][ T4547] RAX: ffffffffffffffda RBX: 00007f2f1f1e6130 RCX: 00007f2f1f049e79 [ 55.246755][ T4547] RDX: 00000000000000e4 RSI: 0000000020001440 RDI: 0000000000000008 [ 55.254708][ T4547] RBP: 00007f2f1dc7f090 R08: 0000000000000000 R09: 0000000000000000 [ 55.262654][ T4547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 55.270602][ T4547] R13: 0000000000000000 R14: 00007f2f1f1e6130 R15: 00007ffea51a0858 [ 55.278554][ T4547] [ 55.289262][ T4518] team0: Port device team_slave_0 added [ 55.295766][ T4518] team0: Port device team_slave_1 added [ 55.309479][ T4518] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.316553][ T4518] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.342666][ T4518] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.361439][ T4518] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.368485][ T4518] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.394373][ T4518] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.407612][ T4110] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.434140][ T4518] hsr_slave_0: entered promiscuous mode [ 55.440137][ T4518] hsr_slave_1: entered promiscuous mode [ 55.446060][ T4518] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.454022][ T4518] Cannot create hsr debugfs directory [ 55.461773][ T4110] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.523515][ T4480] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.531769][ T4480] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.542406][ T4110] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.553382][ T4480] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.561987][ T4480] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.586574][ T4110] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.608353][ T4480] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.620734][ T4480] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.629898][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.636982][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.648705][ T4104] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.655811][ T4104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.693602][ T4480] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.703989][ T4480] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.717633][ T4110] bridge_slave_1: left allmulticast mode [ 55.723284][ T4110] bridge_slave_1: left promiscuous mode [ 55.729084][ T4110] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.737252][ T4110] bridge_slave_0: left allmulticast mode [ 55.742923][ T4110] bridge_slave_0: left promiscuous mode [ 55.748639][ T4110] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.856045][ T4110] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 55.866037][ T4110] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 55.875832][ T4110] bond0 (unregistering): Released all slaves [ 55.908101][ T4480] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.970291][ T4480] veth0_vlan: entered promiscuous mode [ 55.978414][ T4480] veth1_vlan: entered promiscuous mode [ 55.986514][ T4110] hsr_slave_0: left promiscuous mode [ 55.992292][ T4110] hsr_slave_1: left promiscuous mode [ 55.999161][ T4110] veth1_macvtap: left promiscuous mode [ 56.004648][ T4110] veth0_macvtap: left promiscuous mode [ 56.010115][ T4110] veth1_vlan: left promiscuous mode [ 56.015366][ T4110] veth0_vlan: left promiscuous mode [ 56.082784][ T4110] team0 (unregistering): Port device team_slave_1 removed [ 56.092358][ T4110] team0 (unregistering): Port device team_slave_0 removed [ 56.132063][ T4480] veth0_macvtap: entered promiscuous mode [ 56.139241][ T4480] veth1_macvtap: entered promiscuous mode [ 56.149122][ T4480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.159625][ T4480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.169509][ T4480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.179923][ T4480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.189730][ T4480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.200128][ T4480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.210902][ T4480] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.221418][ T4480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.231954][ T4480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.241747][ T4480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.252157][ T4480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.262032][ T4480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.272432][ T4480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.282980][ T4480] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.292729][ T4480] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.301494][ T4480] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.310285][ T4480] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.319090][ T4480] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.349099][ T4518] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 56.358956][ T4566] loop1: detected capacity change from 0 to 512 [ 56.372182][ T4566] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 56.383814][ T4518] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 56.391728][ T4566] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR [ 56.391769][ T4566] EXT4-fs: failed to create workqueue [ 56.406746][ T4566] EXT4-fs (loop1): mount failed [ 56.435205][ T4518] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 56.443782][ T4576] loop1: detected capacity change from 0 to 512 [ 56.450920][ T4576] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.256: iget: bad extended attribute block 1 [ 56.457231][ T4518] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 56.471255][ T4576] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.256: couldn't read orphan inode 15 (err -117) [ 56.517727][ T4518] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.530675][ T4518] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.547290][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.554458][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.555151][ T4104] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 56.568049][ T4571] lo speed is unknown, defaulting to 1000 [ 56.580755][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.580839][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.593474][ T4518] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.614872][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 56.614922][ T29] audit: type=1400 audit(1724529379.602:432): avc: denied { bind } for pid=4575 comm="syz.1.256" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 56.678790][ T4594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 56.689118][ T4594] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 56.698812][ T4518] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.708095][ T4571] chnl_net:caif_netlink_parms(): no params data found [ 56.741304][ T4571] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.748502][ T4571] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.755672][ T4571] bridge_slave_0: entered allmulticast mode [ 56.761866][ T4571] bridge_slave_0: entered promiscuous mode [ 56.769109][ T4571] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.776296][ T4571] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.783483][ T4571] bridge_slave_1: entered allmulticast mode [ 56.789862][ T4571] bridge_slave_1: entered promiscuous mode [ 56.810043][ T4571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.820581][ T4571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.840717][ T4571] team0: Port device team_slave_0 added [ 56.847711][ T4571] team0: Port device team_slave_1 added [ 56.864670][ T4571] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.871632][ T4571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.897701][ T4571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.912345][ T4571] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.919437][ T4571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.945493][ T4571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.975461][ T4571] hsr_slave_0: entered promiscuous mode [ 56.981572][ T4571] hsr_slave_1: entered promiscuous mode [ 57.047532][ T4571] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.061701][ T4518] veth0_vlan: entered promiscuous mode [ 57.070389][ T4518] veth1_vlan: entered promiscuous mode [ 57.085479][ T4518] veth0_macvtap: entered promiscuous mode [ 57.092986][ T4518] veth1_macvtap: entered promiscuous mode [ 57.101895][ T4571] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.117881][ T4518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.128358][ T4518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.138248][ T4518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.148663][ T4518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.158471][ T4518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.168945][ T4518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.178934][ T4518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.189360][ T4518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.200754][ T4518] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.212449][ T4518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.223000][ T4518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.232902][ T4518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.243342][ T4518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.253285][ T4518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.263745][ T4518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.263761][ T4518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.284044][ T4518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.295198][ T4518] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.302738][ T29] audit: type=1326 audit(1724529380.262:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4612 comm="syz.3.259" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd01fca9e79 code=0x0 [ 57.319110][ T4518] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.334100][ T4518] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.342968][ T4518] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.351773][ T4518] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.382345][ T4614] loop0: detected capacity change from 0 to 2048 [ 57.387142][ T4616] loop3: detected capacity change from 0 to 512 [ 57.396088][ T4571] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.413238][ T29] audit: type=1400 audit(1724529380.392:434): avc: denied { write } for pid=4618 comm="syz.1.260" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 57.438590][ T4614] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 57.457753][ T4614] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 57.470109][ T4614] EXT4-fs (loop0): This should not happen!! Data will be lost [ 57.470109][ T4614] [ 57.479777][ T4614] EXT4-fs (loop0): Total free blocks count 0 [ 57.485820][ T4614] EXT4-fs (loop0): Free/Dirty block details [ 57.491122][ T4616] ext4 filesystem being mounted at /62/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.491695][ T4614] EXT4-fs (loop0): free_blocks=2415919104 [ 57.507867][ T4614] EXT4-fs (loop0): dirty_blocks=16 [ 57.513273][ T4614] EXT4-fs (loop0): Block reservation details [ 57.519385][ T4614] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 57.539141][ T4571] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.572950][ T29] audit: type=1400 audit(1724529380.552:435): avc: denied { watch } for pid=4628 comm="syz.1.261" path="/3" dev="tmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 57.594722][ T29] audit: type=1326 audit(1724529380.582:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4628 comm="syz.1.261" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa65c419e79 code=0x0 [ 57.620446][ T4631] __nla_validate_parse: 3 callbacks suppressed [ 57.620460][ T4631] netlink: 4 bytes leftover after parsing attributes in process `syz.4.254'. [ 57.636259][ T4631] veth1_macvtap: left promiscuous mode [ 57.676163][ T4571] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 57.685157][ T4571] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 57.693383][ T4571] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 57.702787][ T4571] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 57.716824][ T4635] loop0: detected capacity change from 0 to 1024 [ 57.724602][ T4635] EXT4-fs: Ignoring removed orlov option [ 57.730303][ T4635] EXT4-fs: Ignoring removed nomblk_io_submit option [ 57.747413][ T4571] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.754894][ T29] audit: type=1400 audit(1724529380.732:437): avc: denied { ioctl } for pid=4634 comm="syz.0.262" path="socket:[9923]" dev="sockfs" ino=9923 ioctlcmd=0x48d2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 57.766038][ T4571] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.795756][ T3372] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.802838][ T3372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.813812][ T3372] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.820933][ T3372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.866833][ T3372] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 57.875128][ T4646] netlink: 4 bytes leftover after parsing attributes in process `syz.0.263'. [ 57.892665][ T4571] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.912235][ T4646] lo speed is unknown, defaulting to 1000 [ 57.968357][ T4571] veth0_vlan: entered promiscuous mode [ 57.976985][ T4571] veth1_vlan: entered promiscuous mode [ 57.992515][ T4571] veth0_macvtap: entered promiscuous mode [ 58.000234][ T4571] veth1_macvtap: entered promiscuous mode [ 58.010178][ T4571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.020680][ T4571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.030522][ T4571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.040974][ T4571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.050921][ T4571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.061329][ T4571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.071183][ T4571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.081605][ T4571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.091467][ T4571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.101893][ T4571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.112702][ T4571] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.124315][ T4571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.134758][ T4571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.144681][ T4571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.155137][ T4571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.164982][ T4571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.175522][ T4571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.185382][ T4571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.195808][ T4571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.205690][ T4571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.216124][ T4571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.228552][ T4571] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.238950][ T4571] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.247750][ T4571] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.256487][ T4571] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.265259][ T4571] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.355048][ T4661] loop2: detected capacity change from 0 to 8192 [ 58.362324][ T4661] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 58.425430][ T4672] loop1: detected capacity change from 0 to 512 [ 58.432262][ T4672] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 58.443332][ T4672] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #16: comm syz.1.269: invalid indirect mapped block 4294967295 (level 0) [ 58.457848][ T29] audit: type=1400 audit(1724529381.442:438): avc: denied { ioctl } for pid=4666 comm="syz.2.267" path="socket:[9094]" dev="sockfs" ino=9094 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 58.462961][ T4672] EXT4-fs (loop1): Remounting filesystem read-only [ 58.482833][ T4674] netlink: 12 bytes leftover after parsing attributes in process `syz.2.267'. [ 58.490237][ T4672] EXT4-fs (loop1): 1 orphan inode deleted [ 58.503456][ T4672] EXT4-fs (loop1): 1 truncate cleaned up [ 58.509579][ T4672] SELinux: (dev loop1, type ext4) getxattr errno 5 [ 58.540730][ T29] audit: type=1400 audit(1724529381.522:439): avc: denied { watch watch_reads } for pid=4675 comm="syz.1.270" path="/proc/19" dev="proc" ino=10044 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 58.565065][ T4676] loop1: detected capacity change from 0 to 1024 [ 58.593962][ T4679] loop1: detected capacity change from 0 to 2048 [ 58.607148][ T4679] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 58.622052][ T4679] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 58.634352][ T4679] EXT4-fs (loop1): This should not happen!! Data will be lost [ 58.634352][ T4679] [ 58.644072][ T4679] EXT4-fs (loop1): Total free blocks count 0 [ 58.650043][ T4679] EXT4-fs (loop1): Free/Dirty block details [ 58.655995][ T4679] EXT4-fs (loop1): free_blocks=2415919104 [ 58.661716][ T4679] EXT4-fs (loop1): dirty_blocks=16 [ 58.666903][ T4679] EXT4-fs (loop1): Block reservation details [ 58.672888][ T4679] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 58.709289][ T29] audit: type=1326 audit(1724529381.692:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4686 comm="syz.0.273" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2f1f049e79 code=0x0 [ 58.754117][ T4691] siw: device registration error -23 [ 58.775161][ T4692] loop0: detected capacity change from 0 to 512 [ 58.815257][ T4692] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.860797][ T29] audit: type=1326 audit(1724529381.842:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.2.279" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3037359e79 code=0x0 [ 59.225565][ T4711] loop3: detected capacity change from 0 to 512 [ 59.235200][ T4711] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.302244][ T983] kernel read not supported for file inotify (pid: 983 comm: kworker/0:2) [ 59.481334][ T4717] loop3: detected capacity change from 0 to 1024 [ 59.489926][ T4717] EXT4-fs (loop3): invalid inodes per group: 0 [ 59.489926][ T4717] [ 59.520625][ T4720] netlink: 56 bytes leftover after parsing attributes in process `syz.1.282'. [ 59.560165][ T4729] mmap: syz.0.285 (4729): VmData 20688896 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 59.563325][ T4727] lo speed is unknown, defaulting to 1000 [ 59.582893][ T50] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 59.592675][ T4730] netlink: 4 bytes leftover after parsing attributes in process `syz.3.283'. [ 59.627656][ T4730] lo speed is unknown, defaulting to 1000 [ 59.685819][ T4733] loop1: detected capacity change from 0 to 2048 [ 59.713258][ T4733] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 59.743953][ T4737] siw: device registration error -23 [ 59.751031][ T4733] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 59.763425][ T4733] EXT4-fs (loop1): This should not happen!! Data will be lost [ 59.763425][ T4733] [ 59.773074][ T4733] EXT4-fs (loop1): Total free blocks count 0 [ 59.779186][ T4733] EXT4-fs (loop1): Free/Dirty block details [ 59.785156][ T4733] EXT4-fs (loop1): free_blocks=2415919104 [ 59.790919][ T4733] EXT4-fs (loop1): dirty_blocks=16 [ 59.796055][ T4733] EXT4-fs (loop1): Block reservation details [ 59.802021][ T4733] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 60.024476][ T4745] loop1: detected capacity change from 0 to 1024 [ 60.031381][ T4745] EXT4-fs: Ignoring removed oldalloc option [ 60.043694][ T4745] EXT4-fs: Mount option(s) incompatible with ext2 [ 60.492429][ T4773] loop1: detected capacity change from 0 to 512 [ 60.510491][ T4777] lo speed is unknown, defaulting to 1000 [ 60.517050][ T4776] lo speed is unknown, defaulting to 1000 [ 60.519842][ T4773] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.626674][ T4787] loop3: detected capacity change from 0 to 2048 [ 60.658315][ T4787] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 60.673203][ T4787] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 60.685445][ T4787] EXT4-fs (loop3): This should not happen!! Data will be lost [ 60.685445][ T4787] [ 60.695164][ T4787] EXT4-fs (loop3): Total free blocks count 0 [ 60.701148][ T4787] EXT4-fs (loop3): Free/Dirty block details [ 60.707076][ T4787] EXT4-fs (loop3): free_blocks=2415919104 [ 60.712812][ T4787] EXT4-fs (loop3): dirty_blocks=16 [ 60.718014][ T4787] EXT4-fs (loop3): Block reservation details [ 60.724050][ T4787] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 60.794914][ T4104] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 60.795754][ T4802] netlink: 4 bytes leftover after parsing attributes in process `syz.2.302'. [ 60.823396][ T4802] lo speed is unknown, defaulting to 1000 [ 61.112472][ T4809] loop0: detected capacity change from 0 to 512 [ 61.119401][ T4809] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 61.130605][ T4809] EXT4-fs (loop0): 1 truncate cleaned up [ 61.264137][ T4820] netlink: 4 bytes leftover after parsing attributes in process `syz.0.308'. [ 61.294344][ T4824] siw: device registration error -23 [ 61.333198][ T4827] loop1: detected capacity change from 0 to 512 [ 61.340250][ T4827] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 61.351155][ T4827] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.311: bg 0: block 264: padding at end of block bitmap is not set [ 61.365755][ T4827] EXT4-fs (loop1): Remounting filesystem read-only [ 61.372452][ T4827] EXT4-fs (loop1): 1 truncate cleaned up [ 61.378540][ T4827] SELinux: (dev loop1, type ext4) getxattr errno 5 [ 61.399568][ T4831] loop4: detected capacity change from 0 to 128 [ 61.408986][ T4831] netlink: 132 bytes leftover after parsing attributes in process `syz.4.312'. [ 61.420381][ T4831] netlink: 'syz.4.312': attribute type 10 has an invalid length. [ 61.434704][ T4831] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 61.444983][ T4831] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 61.452363][ T4831] vhci_hcd: invalid port number 219 [ 61.457683][ T4831] vhci_hcd: default hub control req: ecdb v6ab1 i00db l1556 [ 61.522540][ T4835] loop4: detected capacity change from 0 to 2048 [ 61.536188][ T4835] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 61.551136][ T4835] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 61.563445][ T4835] EXT4-fs (loop4): This should not happen!! Data will be lost [ 61.563445][ T4835] [ 61.573830][ T4835] EXT4-fs (loop4): Total free blocks count 0 [ 61.579962][ T4835] EXT4-fs (loop4): Free/Dirty block details [ 61.585873][ T4835] EXT4-fs (loop4): free_blocks=2415919104 [ 61.591591][ T4835] EXT4-fs (loop4): dirty_blocks=16 [ 61.596727][ T4835] EXT4-fs (loop4): Block reservation details [ 61.602747][ T4835] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 61.633444][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 61.633458][ T29] audit: type=1400 audit(1724529384.612:465): avc: denied { checkpoint_restore } for pid=4842 comm="syz.2.315" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 61.675014][ T29] audit: type=1400 audit(1724529384.662:466): avc: denied { sqpoll } for pid=4844 comm="syz.1.316" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 61.696151][ T4854] FAULT_INJECTION: forcing a failure. [ 61.696151][ T4854] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 61.709275][ T4854] CPU: 0 UID: 0 PID: 4854 Comm: syz.2.317 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 61.719915][ T4854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 61.729977][ T4854] Call Trace: [ 61.733256][ T4854] [ 61.736233][ T4854] dump_stack_lvl+0xf2/0x150 [ 61.740952][ T4854] dump_stack+0x15/0x20 [ 61.745148][ T4854] should_fail_ex+0x229/0x230 [ 61.749850][ T4854] should_fail+0xb/0x10 [ 61.754006][ T4854] should_fail_usercopy+0x1a/0x20 [ 61.759129][ T4854] _copy_from_user+0x1e/0xd0 [ 61.763739][ T4854] user_termios_to_kernel_termios_1+0x22/0x30 [ 61.769839][ T4854] tty_mode_ioctl+0x542/0x5d0 [ 61.774545][ T4854] ? security_capable+0x64/0x80 [ 61.779411][ T4854] n_tty_ioctl_helper+0x8d/0x240 [ 61.784352][ T4854] n_tty_ioctl+0xfd/0x200 [ 61.788716][ T4854] ? __pfx_n_tty_ioctl+0x10/0x10 [ 61.793666][ T4854] tty_ioctl+0x886/0xbe0 [ 61.797913][ T4854] ? __pfx_tty_ioctl+0x10/0x10 [ 61.802683][ T4854] __se_sys_ioctl+0xd3/0x150 [ 61.807284][ T4854] __x64_sys_ioctl+0x43/0x50 [ 61.811882][ T4854] x64_sys_call+0x15cc/0x2d60 [ 61.816565][ T4854] do_syscall_64+0xc9/0x1c0 [ 61.821146][ T4854] ? clear_bhb_loop+0x55/0xb0 [ 61.825970][ T4854] ? clear_bhb_loop+0x55/0xb0 [ 61.830698][ T4854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.836597][ T4854] RIP: 0033:0x7f3037359e79 [ 61.841011][ T4854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.848735][ T4859] loop1: detected capacity change from 0 to 2048 [ 61.860618][ T4854] RSP: 002b:00007f3035fd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 61.860639][ T4854] RAX: ffffffffffffffda RBX: 00007f30374f5f80 RCX: 00007f3037359e79 [ 61.860651][ T4854] RDX: 0000000020000340 RSI: 0000000000005457 RDI: 0000000000000003 [ 61.860662][ T4854] RBP: 00007f3035fd7090 R08: 0000000000000000 R09: 0000000000000000 [ 61.860673][ T4854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 61.907210][ T4854] R13: 0000000000000000 R14: 00007f30374f5f80 R15: 00007ffe2078acc8 [ 61.915257][ T4854] [ 61.944360][ T4863] siw: device registration error -23 [ 61.946797][ T29] audit: type=1326 audit(1724529384.932:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4864 comm="syz.4.319" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f41f0729e79 code=0x0 [ 61.954988][ T50] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 61.987601][ T50] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 61.999835][ T50] EXT4-fs (loop1): This should not happen!! Data will be lost [ 61.999835][ T50] [ 62.009566][ T50] EXT4-fs (loop1): Total free blocks count 0 [ 62.015602][ T50] EXT4-fs (loop1): Free/Dirty block details [ 62.021488][ T50] EXT4-fs (loop1): free_blocks=2415919104 [ 62.027219][ T50] EXT4-fs (loop1): dirty_blocks=16 [ 62.032304][ T50] EXT4-fs (loop1): Block reservation details [ 62.038263][ T50] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 62.058778][ T29] audit: type=1326 audit(1724529385.042:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4868 comm="syz.1.322" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa65c419e79 code=0x0 [ 62.087181][ T29] audit: type=1326 audit(1724529385.072:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4870 comm="syz.0.323" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f1f049e79 code=0x0 [ 62.101561][ T4873] loop2: detected capacity change from 0 to 2048 [ 62.210909][ T57] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 62.211580][ T4885] netlink: 4 bytes leftover after parsing attributes in process `syz.2.326'. [ 62.239165][ T4885] lo speed is unknown, defaulting to 1000 [ 62.906829][ T4892] loop4: detected capacity change from 0 to 256 [ 62.920855][ T4894] loop1: detected capacity change from 0 to 2048 [ 62.928004][ T29] audit: type=1400 audit(1724529385.912:470): avc: denied { watch watch_reads } for pid=4895 comm="syz.0.330" path="/78/file1" dev="tmpfs" ino=450 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 62.951662][ T4896] process 'syz.0.330' launched './file1' with NULL argv: empty string added [ 62.961049][ T29] audit: type=1400 audit(1724529385.942:471): avc: denied { execute_no_trans } for pid=4895 comm="syz.0.330" path="/78/file1" dev="tmpfs" ino=450 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 62.984579][ T4894] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 62.999885][ T4894] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 63.012484][ T4894] EXT4-fs (loop1): This should not happen!! Data will be lost [ 63.012484][ T4894] [ 63.022380][ T4894] EXT4-fs (loop1): Total free blocks count 0 [ 63.028410][ T4894] EXT4-fs (loop1): Free/Dirty block details [ 63.034365][ T4894] EXT4-fs (loop1): free_blocks=2415919104 [ 63.040093][ T4894] EXT4-fs (loop1): dirty_blocks=16 [ 63.045249][ T4894] EXT4-fs (loop1): Block reservation details [ 63.051223][ T4894] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 63.162254][ T4912] netlink: 4 bytes leftover after parsing attributes in process `syz.3.333'. [ 63.181262][ T4915] siw: device registration error -23 [ 63.393501][ T4913] loop2: detected capacity change from 0 to 8192 [ 63.671736][ T29] audit: type=1326 audit(1724529386.652:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4927 comm="syz.4.339" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f41f0729e79 code=0x0 [ 63.787418][ T29] audit: type=1326 audit(1724529386.772:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4931 comm="syz.0.340" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f1f049e79 code=0x0 [ 63.969916][ T40] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 63.970449][ T4941] netlink: 4 bytes leftover after parsing attributes in process `syz.2.341'. [ 64.001718][ T4941] lo speed is unknown, defaulting to 1000 [ 64.128631][ T4943] mmap: syz.1.343 (4943) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 64.182662][ T4945] loop1: detected capacity change from 0 to 2048 [ 64.196639][ T4945] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 64.213126][ T4945] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 64.225438][ T4945] EXT4-fs (loop1): This should not happen!! Data will be lost [ 64.225438][ T4945] [ 64.235101][ T4945] EXT4-fs (loop1): Total free blocks count 0 [ 64.241223][ T4945] EXT4-fs (loop1): Free/Dirty block details [ 64.247227][ T4945] EXT4-fs (loop1): free_blocks=2415919104 [ 64.252939][ T4945] EXT4-fs (loop1): dirty_blocks=16 [ 64.258080][ T4945] EXT4-fs (loop1): Block reservation details [ 64.264154][ T4945] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 64.416681][ T4951] siw: device registration error -23 [ 64.453190][ T29] audit: type=1400 audit(1724529387.432:474): avc: denied { mounton } for pid=4954 comm="syz.1.347" path="/30/bus" dev="tmpfs" ino=188 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 64.460678][ T4955] loop1: detected capacity change from 0 to 1764 [ 64.488132][ T4957] loop3: detected capacity change from 0 to 2048 [ 64.526817][ T50] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 64.528840][ T4955] netlink: 'syz.1.347': attribute type 21 has an invalid length. [ 64.544812][ T50] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 64.549420][ T4955] netlink: 128 bytes leftover after parsing attributes in process `syz.1.347'. [ 64.561520][ T50] EXT4-fs (loop3): This should not happen!! Data will be lost [ 64.561520][ T50] [ 64.580165][ T50] EXT4-fs (loop3): Total free blocks count 0 [ 64.586158][ T50] EXT4-fs (loop3): Free/Dirty block details [ 64.588725][ T4955] netlink: 'syz.1.347': attribute type 4 has an invalid length. [ 64.592035][ T50] EXT4-fs (loop3): free_blocks=2415919104 [ 64.592050][ T50] EXT4-fs (loop3): dirty_blocks=16 [ 64.599700][ T4955] netlink: 3 bytes leftover after parsing attributes in process `syz.1.347'. [ 64.605419][ T50] EXT4-fs (loop3): Block reservation details [ 64.625313][ T50] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 64.668980][ T4972] loop3: detected capacity change from 0 to 1024 [ 64.676233][ T4972] EXT4-fs: Ignoring removed orlov option [ 64.681955][ T4972] EXT4-fs: test_dummy_encryption option not supported [ 64.694565][ T4976] loop1: detected capacity change from 0 to 764 [ 64.713803][ T4980] netlink: 4 bytes leftover after parsing attributes in process `syz.4.352'. [ 64.727555][ T4979] loop3: detected capacity change from 0 to 2048 [ 64.817704][ T4979] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 64.844784][ T4979] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 64.857065][ T4979] EXT4-fs (loop3): This should not happen!! Data will be lost [ 64.857065][ T4979] [ 64.866741][ T4979] EXT4-fs (loop3): Total free blocks count 0 [ 64.872760][ T4979] EXT4-fs (loop3): Free/Dirty block details [ 64.878752][ T4979] EXT4-fs (loop3): free_blocks=2415919104 [ 64.884574][ T4979] EXT4-fs (loop3): dirty_blocks=16 [ 64.889692][ T4979] EXT4-fs (loop3): Block reservation details [ 64.895705][ T4979] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 65.020123][ T4992] siw: device registration error -23 [ 65.162457][ T5002] loop3: detected capacity change from 0 to 512 [ 65.171861][ T5002] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.360: bg 0: block 393: padding at end of block bitmap is not set [ 65.187411][ T5002] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 65.196622][ T5002] EXT4-fs (loop3): 2 truncates cleaned up [ 65.542898][ T5008] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5008 comm=syz.4.362 [ 65.639544][ T5027] loop0: detected capacity change from 0 to 512 [ 65.656185][ T57] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 65.665819][ T5028] netlink: 4 bytes leftover after parsing attributes in process `syz.4.367'. [ 65.677931][ T5027] EXT4-fs mount: 43 callbacks suppressed [ 65.677946][ T5027] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 65.707313][ T5028] lo speed is unknown, defaulting to 1000 [ 65.715782][ T5027] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 65.866553][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 65.899076][ T5037] siw: device registration error -23 [ 65.918804][ T5039] loop2: detected capacity change from 0 to 2048 [ 65.935972][ T5039] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 65.949901][ T5039] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 65.964736][ T5039] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 65.977035][ T5039] EXT4-fs (loop2): This should not happen!! Data will be lost [ 65.977035][ T5039] [ 65.986779][ T5039] EXT4-fs (loop2): Total free blocks count 0 [ 65.989038][ T5044] netlink: 4 bytes leftover after parsing attributes in process `syz.1.372'. [ 65.992746][ T5039] EXT4-fs (loop2): Free/Dirty block details [ 65.992760][ T5039] EXT4-fs (loop2): free_blocks=2415919104 [ 65.992809][ T5039] EXT4-fs (loop2): dirty_blocks=16 [ 65.992819][ T5039] EXT4-fs (loop2): Block reservation details [ 65.992828][ T5039] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 66.032618][ T5044] veth1_macvtap: left promiscuous mode [ 66.119665][ T4571] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.144142][ T5051] loop2: detected capacity change from 0 to 1024 [ 66.152260][ T5051] EXT4-fs: Ignoring removed nobh option [ 66.157956][ T5051] EXT4-fs: Ignoring removed orlov option [ 66.175239][ T5051] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 66.228482][ T4571] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.247840][ T5058] loop2: detected capacity change from 0 to 512 [ 66.256450][ T5058] EXT4-fs error (device loop2): ext4_expand_extra_isize_ea:2812: inode #11: comm syz.2.375: corrupted xattr block 95: invalid header [ 66.270393][ T5058] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.375: bg 0: block 7: invalid block bitmap [ 66.282773][ T5058] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 66.291705][ T5058] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2978: inode #11: comm syz.2.375: corrupted xattr block 95: invalid header [ 66.305181][ T5058] EXT4-fs warning (device loop2): ext4_evict_inode:271: xattr delete (err -117) [ 66.314232][ T5058] EXT4-fs (loop2): 1 orphan inode deleted [ 66.320321][ T5058] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 66.332937][ T5058] FAULT_INJECTION: forcing a failure. [ 66.332937][ T5058] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 66.345968][ T5058] CPU: 0 UID: 0 PID: 5058 Comm: syz.2.375 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 66.356605][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 66.366655][ T5058] Call Trace: [ 66.369929][ T5058] [ 66.372875][ T5058] dump_stack_lvl+0xf2/0x150 [ 66.377474][ T5058] dump_stack+0x15/0x20 [ 66.381719][ T5058] should_fail_ex+0x229/0x230 [ 66.386387][ T5058] should_fail+0xb/0x10 [ 66.390558][ T5058] should_fail_usercopy+0x1a/0x20 [ 66.395623][ T5058] _copy_from_iter+0xd3/0xb00 [ 66.400309][ T5058] ? kernel_fpu_begin_mask+0x19d/0x200 [ 66.405753][ T5058] ? kernel_fpu_end+0x5e/0x80 [ 66.410454][ T5058] ? blake2s_compress+0xab/0xd0 [ 66.415285][ T5058] ? blake2s_update+0x120/0x140 [ 66.420264][ T5058] write_pool_user+0x80/0x1e0 [ 66.424998][ T5058] ? import_ubuf+0xe9/0x120 [ 66.429484][ T5058] random_ioctl+0x2c6/0x3f0 [ 66.433970][ T5058] ? __pfx_random_ioctl+0x10/0x10 [ 66.439083][ T5058] __se_sys_ioctl+0xd3/0x150 [ 66.443658][ T5058] __x64_sys_ioctl+0x43/0x50 [ 66.448258][ T5058] x64_sys_call+0x15cc/0x2d60 [ 66.452921][ T5058] do_syscall_64+0xc9/0x1c0 [ 66.457446][ T5058] ? clear_bhb_loop+0x55/0xb0 [ 66.462149][ T5058] ? clear_bhb_loop+0x55/0xb0 [ 66.466817][ T5058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.472795][ T5058] RIP: 0033:0x7f3037359e79 [ 66.472810][ T5058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.472827][ T5058] RSP: 002b:00007f3035fd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 66.505227][ T5058] RAX: ffffffffffffffda RBX: 00007f30374f5f80 RCX: 00007f3037359e79 [ 66.513177][ T5058] RDX: 0000000020000000 RSI: 0000000040085203 RDI: 0000000000000005 [ 66.521201][ T5058] RBP: 00007f3035fd7090 R08: 0000000000000000 R09: 0000000000000000 [ 66.529201][ T5058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 66.537161][ T5058] R13: 0000000000000000 R14: 00007f30374f5f80 R15: 00007ffe2078acc8 [ 66.545125][ T5058] [ 66.561511][ T3262] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.572170][ T4571] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.639692][ T5064] loop0: detected capacity change from 0 to 8192 [ 66.657945][ T5068] loop2: detected capacity change from 0 to 8192 [ 66.675098][ T5068] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 72.487761][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 72.487777][ T29] audit: type=1326 audit(1724529395.472:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5080 comm="syz.3.385" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd01fca9e79 code=0x0 [ 72.533484][ T5085] loop1: detected capacity change from 0 to 2048 [ 72.544631][ T29] audit: type=1326 audit(1724529395.532:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5082 comm="syz.0.383" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f1f049e79 code=0x0 [ 72.548249][ T5079] siw: device registration error -23 [ 72.576066][ T5085] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.591341][ T5085] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 72.606558][ T5085] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 72.618831][ T5085] EXT4-fs (loop1): This should not happen!! Data will be lost [ 72.618831][ T5085] [ 72.628545][ T5085] EXT4-fs (loop1): Total free blocks count 0 [ 72.634540][ T5085] EXT4-fs (loop1): Free/Dirty block details [ 72.640472][ T5085] EXT4-fs (loop1): free_blocks=2415919104 [ 72.646216][ T5085] EXT4-fs (loop1): dirty_blocks=16 [ 72.651444][ T5085] EXT4-fs (loop1): Block reservation details [ 72.657493][ T5085] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 72.666765][ T5095] loop4: detected capacity change from 0 to 512 [ 72.674406][ T5095] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e01c, mo2=0002] [ 72.682329][ T5095] System zones: 1-12 [ 72.686394][ T5095] EXT4-fs (loop4): orphan cleanup on readonly fs [ 72.693137][ T5095] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.386: bg 0: block 328: padding at end of block bitmap is not set [ 72.707790][ T5095] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 72.718384][ T5095] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.386: invalid indirect mapped block 65280 (level 0) [ 72.732138][ T5095] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.386: attempt to clear invalid blocks 33619980 len 1 [ 72.745854][ T5095] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.386: invalid indirect mapped block 1819239214 (level 0) [ 72.760366][ T5095] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.386: invalid indirect mapped block 1819239214 (level 1) [ 72.773280][ T29] audit: type=1400 audit(1724529395.752:483): avc: denied { connect } for pid=5098 comm="syz.2.387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 72.774695][ T5095] EXT4-fs (loop4): 1 orphan inode deleted [ 72.799613][ T5095] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 72.826382][ T5095] EXT4-fs error (device loop4): ext4_map_blocks:609: inode #2: block 2: comm syz.4.386: lblock 0 mapped to illegal pblock 2 (length 1) [ 72.840437][ T5095] EXT4-fs warning (device loop4): dx_probe:823: inode #2: lblock 0: comm syz.4.386: error -117 reading directory block [ 72.843471][ T5099] program syz.2.387 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 72.879956][ T4480] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.950464][ T5112] program syz.1.388 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 72.959831][ T5112] FAULT_INJECTION: forcing a failure. [ 72.959831][ T5112] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 72.972080][ T4110] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 72.972902][ T5112] CPU: 1 UID: 0 PID: 5112 Comm: syz.1.388 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 72.982850][ T5113] netlink: 4 bytes leftover after parsing attributes in process `syz.2.390'. [ 72.992547][ T5112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 72.992561][ T5112] Call Trace: [ 72.992568][ T5112] [ 73.017519][ T5112] dump_stack_lvl+0xf2/0x150 [ 73.022145][ T5112] dump_stack+0x15/0x20 [ 73.026345][ T5112] should_fail_ex+0x229/0x230 [ 73.031067][ T5112] should_fail+0xb/0x10 [ 73.035211][ T5112] should_fail_usercopy+0x1a/0x20 [ 73.040235][ T5112] _copy_to_user+0x1e/0xa0 [ 73.044639][ T5112] simple_read_from_buffer+0xa0/0x110 [ 73.050002][ T5112] proc_fail_nth_read+0xff/0x140 [ 73.054943][ T5112] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 73.060503][ T5112] vfs_read+0x1a2/0x6e0 [ 73.064715][ T5114] lo speed is unknown, defaulting to 1000 [ 73.064670][ T5112] ksys_read+0xeb/0x1b0 [ 73.074570][ T5112] __x64_sys_read+0x42/0x50 [ 73.079083][ T5112] x64_sys_call+0x27d3/0x2d60 [ 73.083768][ T5112] do_syscall_64+0xc9/0x1c0 [ 73.088280][ T5112] ? clear_bhb_loop+0x55/0xb0 [ 73.092962][ T5112] ? clear_bhb_loop+0x55/0xb0 [ 73.093121][ T29] audit: type=1400 audit(1724529396.062:484): avc: denied { mount } for pid=5107 comm="syz.2.390" name="/" dev="autofs" ino=11868 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 73.097637][ T5112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.097666][ T5112] RIP: 0033:0x7fa65c4188bc [ 73.130200][ T5112] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 73.149825][ T5112] RSP: 002b:00007fa65b070030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 73.158283][ T5112] RAX: ffffffffffffffda RBX: 00007fa65c5b6058 RCX: 00007fa65c4188bc [ 73.166398][ T5112] RDX: 000000000000000f RSI: 00007fa65b0700a0 RDI: 000000000000000c [ 73.174354][ T5112] RBP: 00007fa65b070090 R08: 0000000000000000 R09: 0000000000000000 [ 73.182310][ T5112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 73.190275][ T5112] R13: 0000000000000000 R14: 00007fa65c5b6058 R15: 00007fff26b01db8 [ 73.198233][ T5112] [ 73.283703][ T5117] program syz.1.391 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 73.372800][ T5119] loop3: detected capacity change from 0 to 8192 [ 73.373314][ T29] audit: type=1400 audit(1724529396.352:485): avc: denied { name_bind } for pid=5122 comm="syz.1.394" src=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 73.380984][ T5121] raw_sendmsg: syz.0.393 forgot to set AF_INET. Fix it! [ 73.409052][ T5124] loop1: detected capacity change from 0 to 512 [ 73.413072][ T5121] loop0: detected capacity change from 0 to 512 [ 73.418548][ T5124] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2812: inode #11: comm syz.1.394: corrupted xattr block 95: invalid header [ 73.435858][ T5124] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.394: bg 0: block 7: invalid block bitmap [ 73.436929][ T5121] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 73.448224][ T5124] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 73.457819][ T5121] EXT4-fs (loop0): group descriptors corrupted! [ 73.475227][ T5124] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2978: inode #11: comm syz.1.394: corrupted xattr block 95: invalid header [ 73.489821][ T5124] EXT4-fs warning (device loop1): ext4_evict_inode:271: xattr delete (err -117) [ 73.498948][ T5124] EXT4-fs (loop1): 1 orphan inode deleted [ 73.506881][ T4518] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.513950][ T5124] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.621730][ T4480] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.658186][ T5136] siw: device registration error -23 [ 73.712053][ T5140] loop4: detected capacity change from 0 to 2048 [ 73.721151][ T5142] netlink: 4 bytes leftover after parsing attributes in process `syz.3.396'. [ 73.735704][ T5140] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.750563][ T5140] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 73.766748][ T5140] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 73.779003][ T5140] EXT4-fs (loop4): This should not happen!! Data will be lost [ 73.779003][ T5140] [ 73.788668][ T5140] EXT4-fs (loop4): Total free blocks count 0 [ 73.794731][ T5140] EXT4-fs (loop4): Free/Dirty block details [ 73.800626][ T5140] EXT4-fs (loop4): free_blocks=2415919104 [ 73.806420][ T5140] EXT4-fs (loop4): dirty_blocks=16 [ 73.811519][ T5140] EXT4-fs (loop4): Block reservation details [ 73.817506][ T5140] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 73.860792][ T29] audit: type=1326 audit(1724529396.842:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5153 comm="syz.2.402" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3037359e79 code=0x0 [ 73.949907][ T4518] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.969633][ T29] audit: type=1326 audit(1724529396.952:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5157 comm="syz.4.403" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f41f0729e79 code=0x0 [ 74.278606][ T5162] netlink: 20 bytes leftover after parsing attributes in process `syz.0.404'. [ 74.307567][ T5162] loop0: detected capacity change from 0 to 256 [ 74.314078][ T5162] vfat: Unknown parameter 'GPL' [ 74.321623][ T5161] netlink: 'syz.0.404': attribute type 2 has an invalid length. [ 74.329388][ T5161] netlink: 'syz.0.404': attribute type 1 has an invalid length. [ 74.337065][ T5161] netlink: 128 bytes leftover after parsing attributes in process `syz.0.404'. [ 74.451367][ T5180] siw: device registration error -23 [ 74.531567][ T5193] loop3: detected capacity change from 0 to 2048 [ 74.554843][ T5189] netlink: 12 bytes leftover after parsing attributes in process `syz.1.414'. [ 74.555738][ T5193] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.576133][ T4104] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 74.579117][ T5202] netlink: 4 bytes leftover after parsing attributes in process `syz.0.411'. [ 74.587562][ T5193] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 74.609345][ T5193] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 74.620178][ T5202] lo speed is unknown, defaulting to 1000 [ 74.621587][ T5193] EXT4-fs (loop3): This should not happen!! Data will be lost [ 74.621587][ T5193] [ 74.636958][ T5193] EXT4-fs (loop3): Total free blocks count 0 [ 74.642958][ T5193] EXT4-fs (loop3): Free/Dirty block details [ 74.648936][ T5193] EXT4-fs (loop3): free_blocks=2415919104 [ 74.654677][ T5193] EXT4-fs (loop3): dirty_blocks=16 [ 74.659869][ T5193] EXT4-fs (loop3): Block reservation details [ 74.665864][ T5193] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 74.770705][ T3257] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.931836][ T29] audit: type=1400 audit(1724529397.912:488): avc: denied { read } for pid=5224 comm="syz.3.422" path="socket:[12090]" dev="sockfs" ino=12090 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 75.129238][ T5237] netlink: 4 bytes leftover after parsing attributes in process `syz.1.423'. [ 75.359220][ T29] audit: type=1326 audit(1724529398.342:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5243 comm="syz.0.425" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2f1f049e79 code=0x0 [ 75.385897][ T5246] netlink: 4 bytes leftover after parsing attributes in process `syz.4.426'. [ 75.405167][ T29] audit: type=1400 audit(1724529398.392:490): avc: denied { write } for pid=5247 comm="syz.4.427" name="random" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 75.518379][ T5257] loop4: detected capacity change from 0 to 2048 [ 75.536156][ T5257] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.550050][ T5257] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 75.564972][ T5257] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 75.577244][ T5257] EXT4-fs (loop4): This should not happen!! Data will be lost [ 75.577244][ T5257] [ 75.586933][ T5257] EXT4-fs (loop4): Total free blocks count 0 [ 75.592946][ T5257] EXT4-fs (loop4): Free/Dirty block details [ 75.598890][ T5257] EXT4-fs (loop4): free_blocks=2415919104 [ 75.604612][ T5257] EXT4-fs (loop4): dirty_blocks=16 [ 75.609710][ T5257] EXT4-fs (loop4): Block reservation details [ 75.615727][ T5257] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 75.739484][ T4518] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.936450][ T5267] netlink: 4 bytes leftover after parsing attributes in process `syz.1.431'. [ 75.963496][ T5271] siw: device registration error -23 [ 75.983992][ T5273] loop3: detected capacity change from 0 to 4096 [ 75.990692][ T5273] EXT4-fs: Ignoring removed nomblk_io_submit option [ 75.999511][ T5273] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.021648][ T5278] loop1: detected capacity change from 0 to 512 [ 76.060908][ T3257] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.091556][ T4110] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 76.101589][ T5288] netlink: 4 bytes leftover after parsing attributes in process `syz.1.436'. [ 76.121818][ T5288] lo speed is unknown, defaulting to 1000 [ 76.152314][ T5292] loop3: detected capacity change from 0 to 2048 [ 76.165074][ T5292] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.179039][ T5292] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 76.194411][ T5292] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 76.206673][ T5292] EXT4-fs (loop3): This should not happen!! Data will be lost [ 76.206673][ T5292] [ 76.216330][ T5292] EXT4-fs (loop3): Total free blocks count 0 [ 76.223726][ T5292] EXT4-fs (loop3): Free/Dirty block details [ 76.228024][ T5296] loop0: detected capacity change from 0 to 4096 [ 76.229610][ T5292] EXT4-fs (loop3): free_blocks=2415919104 [ 76.238914][ T5296] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.241938][ T5292] EXT4-fs (loop3): dirty_blocks=16 [ 76.241953][ T5292] EXT4-fs (loop3): Block reservation details [ 76.241962][ T5292] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 76.287621][ T3262] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.399411][ T3257] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.418113][ T5305] loop3: detected capacity change from 0 to 512 [ 76.426450][ T5305] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.443: bg 0: block 393: padding at end of block bitmap is not set [ 76.440998][ T5305] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 76.450270][ T5305] EXT4-fs (loop3): 2 truncates cleaned up [ 76.456421][ T5305] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.477428][ T3257] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.611505][ T5313] siw: device registration error -23 [ 76.701040][ T5318] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=61800 sclass=netlink_route_socket pid=5318 comm=syz.4.447 [ 76.747229][ T5320] syzkaller0: entered promiscuous mode [ 76.752706][ T5320] syzkaller0: entered allmulticast mode [ 76.873356][ T5324] lo speed is unknown, defaulting to 1000 [ 77.026524][ T5330] loop4: detected capacity change from 0 to 2048 [ 77.045038][ T5330] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.057298][ T5330] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.073133][ T5330] ieee802154 phy0 wpan0: encryption failed: -22 [ 77.099678][ T4518] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /32/file0: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0 [ 77.125857][ T4518] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.154742][ T5334] loop4: detected capacity change from 0 to 2048 [ 77.176267][ T5334] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.190283][ T5334] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 77.207568][ T5334] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 77.219804][ T5334] EXT4-fs (loop4): This should not happen!! Data will be lost [ 77.219804][ T5334] [ 77.229496][ T5334] EXT4-fs (loop4): Total free blocks count 0 [ 77.235506][ T5334] EXT4-fs (loop4): Free/Dirty block details [ 77.236636][ T5340] syzkaller0: entered allmulticast mode [ 77.241392][ T5334] EXT4-fs (loop4): free_blocks=2415919104 [ 77.252904][ T5334] EXT4-fs (loop4): dirty_blocks=16 [ 77.258049][ T5334] EXT4-fs (loop4): Block reservation details [ 77.264292][ T5334] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 77.381773][ T4518] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.405568][ T5353] siw: device registration error -23 [ 77.451413][ T5358] loop4: detected capacity change from 0 to 512 [ 77.464745][ T5358] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.477342][ T5358] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.500185][ T4518] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.517841][ T5362] loop4: detected capacity change from 0 to 512 [ 77.534891][ T5362] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.547496][ T5362] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.562485][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 77.562497][ T29] audit: type=1326 audit(1724529400.542:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5361 comm="syz.4.460" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f41f0729e79 code=0x0 [ 77.664123][ T29] audit: type=1326 audit(1724529400.652:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5361 comm="syz.4.460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f0729e79 code=0x7ffc0000 [ 77.687518][ T29] audit: type=1326 audit(1724529400.652:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5361 comm="syz.4.460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f0729e79 code=0x7ffc0000 [ 77.710820][ T29] audit: type=1326 audit(1724529400.652:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5361 comm="syz.4.460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f41f0729e79 code=0x7ffc0000 [ 77.734142][ T29] audit: type=1326 audit(1724529400.652:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5361 comm="syz.4.460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f0729e79 code=0x7ffc0000 [ 77.741693][ T5367] loop1: detected capacity change from 0 to 1024 [ 77.757337][ T29] audit: type=1326 audit(1724529400.652:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5361 comm="syz.4.460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f0729e79 code=0x7ffc0000 [ 77.787589][ T5367] EXT4-fs: dax option not supported [ 77.825914][ T57] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 77.842502][ T5373] lo speed is unknown, defaulting to 1000 [ 78.266249][ T5378] __nla_validate_parse: 5 callbacks suppressed [ 78.266260][ T5378] netlink: 4 bytes leftover after parsing attributes in process `syz.3.464'. [ 78.340351][ T5380] netlink: 'syz.1.465': attribute type 5 has an invalid length. [ 78.385946][ T4518] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.629443][ T5390] loop2: detected capacity change from 0 to 2048 [ 78.645248][ T5390] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.659253][ T5390] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 78.675032][ T5390] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 78.687219][ T5390] EXT4-fs (loop2): This should not happen!! Data will be lost [ 78.687219][ T5390] [ 78.696941][ T5390] EXT4-fs (loop2): Total free blocks count 0 [ 78.702969][ T5390] EXT4-fs (loop2): Free/Dirty block details [ 78.708868][ T5390] EXT4-fs (loop2): free_blocks=2415919104 [ 78.714684][ T5390] EXT4-fs (loop2): dirty_blocks=16 [ 78.719808][ T5390] EXT4-fs (loop2): Block reservation details [ 78.725806][ T5390] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 78.839753][ T4571] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.862327][ T5396] siw: device registration error -23 [ 78.900472][ T5398] 9pnet_fd: Insufficient options for proto=fd [ 78.934404][ T5400] sctp: [Deprecated]: syz.2.470 (pid 5400) Use of int in max_burst socket option. [ 78.934404][ T5400] Use struct sctp_assoc_value instead [ 78.959994][ T29] audit: type=1326 audit(1724529401.942:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5401 comm="syz.2.471" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3037359e79 code=0x0 [ 79.073048][ T29] audit: type=1400 audit(1724529402.052:508): avc: denied { read } for pid=5407 comm="syz.3.473" name="rtc0" dev="devtmpfs" ino=220 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 79.099618][ T29] audit: type=1400 audit(1724529402.052:509): avc: denied { open } for pid=5407 comm="syz.3.473" path="/dev/rtc0" dev="devtmpfs" ino=220 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 79.122922][ T29] audit: type=1400 audit(1724529402.062:510): avc: denied { ioctl } for pid=5407 comm="syz.3.473" path="/dev/rtc0" dev="devtmpfs" ino=220 ioctlcmd=0x700a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 79.191090][ T5414] netlink: 48 bytes leftover after parsing attributes in process `syz.3.476'. [ 79.212928][ T5416] loop1: detected capacity change from 0 to 1024 [ 79.219823][ T5416] EXT4-fs (loop1): invalid inodes per group: 0 [ 79.219823][ T5416] [ 79.251874][ T5419] netlink: 12 bytes leftover after parsing attributes in process `syz.3.476'. [ 79.253038][ T5418] loop1: detected capacity change from 0 to 2048 [ 79.272433][ T5419] IPv6: addrconf: prefix option has invalid lifetime [ 79.281284][ T5418] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.295279][ T5418] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 79.310151][ T5418] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 79.322404][ T5418] EXT4-fs (loop1): This should not happen!! Data will be lost [ 79.322404][ T5418] [ 79.326472][ T5428] netlink: 4 bytes leftover after parsing attributes in process `syz.4.479'. [ 79.332074][ T5418] EXT4-fs (loop1): Total free blocks count 0 [ 79.332102][ T5418] EXT4-fs (loop1): Free/Dirty block details [ 79.332112][ T5418] EXT4-fs (loop1): free_blocks=2415919104 [ 79.343089][ T40] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 79.346844][ T5418] EXT4-fs (loop1): dirty_blocks=16 [ 79.372809][ T5418] EXT4-fs (loop1): Block reservation details [ 79.378807][ T5418] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 79.395075][ T5428] lo speed is unknown, defaulting to 1000 [ 79.489952][ T4480] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.510807][ T5432] siw: device registration error -23 [ 79.538993][ T5434] FAULT_INJECTION: forcing a failure. [ 79.538993][ T5434] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 79.552341][ T5434] CPU: 0 UID: 0 PID: 5434 Comm: syz.1.481 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 79.562943][ T5434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 79.573078][ T5434] Call Trace: [ 79.576339][ T5434] [ 79.579251][ T5434] dump_stack_lvl+0xf2/0x150 [ 79.583838][ T5434] dump_stack+0x15/0x20 [ 79.588011][ T5434] should_fail_ex+0x229/0x230 [ 79.592746][ T5434] should_fail_alloc_page+0xfd/0x110 [ 79.598021][ T5434] __alloc_pages_noprof+0x109/0x360 [ 79.603203][ T5434] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 79.608557][ T5434] vma_alloc_folio_noprof+0x1a0/0x2f0 [ 79.613909][ T5434] do_wp_page+0x62b/0x22c0 [ 79.618335][ T5434] ? __rcu_read_lock+0x36/0x50 [ 79.623105][ T5434] ? __rcu_read_lock+0x36/0x50 [ 79.627892][ T5434] handle_mm_fault+0xbf0/0x2940 [ 79.632724][ T5434] ? mas_walk+0x204/0x320 [ 79.637098][ T5434] exc_page_fault+0x3b9/0x650 [ 79.641755][ T5434] asm_exc_page_fault+0x26/0x30 [ 79.646593][ T5434] RIP: 0033:0x7fa65c2ddbf3 [ 79.650984][ T5434] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 79.670618][ T5434] RSP: 002b:00007fa65b0904a0 EFLAGS: 00010206 [ 79.676663][ T5434] RAX: 0000000000000181 RBX: 00007fa65b090540 RCX: 00007fa652c71000 [ 79.684613][ T5434] RDX: 00007fa65b0906e0 RSI: 000000000000000f RDI: 00007fa65b0905e0 [ 79.692611][ T5434] RBP: 000000000000007e R08: 0000000000000009 R09: 00000000000001ac [ 79.700566][ T5434] R10: 00000000000001ba R11: 00007fa65b090540 R12: 0000000000000001 [ 79.708582][ T5434] R13: 00007fa65c49b880 R14: 0000000000000060 R15: 00007fa65b0905e0 [ 79.716538][ T5434] [ 79.719720][ T5434] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 79.732924][ T5434] loop1: detected capacity change from 0 to 1764 [ 79.740434][ T5434] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 79.749468][ T5434] ISOFS: unable to read i-node block [ 79.754742][ T5434] isofs_fill_super: get root inode failed [ 79.826035][ T5439] netlink: 4 bytes leftover after parsing attributes in process `syz.1.482'. [ 80.051971][ T5449] random: crng reseeded on system resumption [ 80.129329][ T5453] FAULT_INJECTION: forcing a failure. [ 80.129329][ T5453] name failslab, interval 1, probability 0, space 0, times 0 [ 80.142059][ T5453] CPU: 1 UID: 0 PID: 5453 Comm: syz.3.488 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 80.152671][ T5453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 80.156723][ T5456] loop2: detected capacity change from 0 to 512 [ 80.162712][ T5453] Call Trace: [ 80.162721][ T5453] [ 80.175140][ T5453] dump_stack_lvl+0xf2/0x150 [ 80.179800][ T5453] dump_stack+0x15/0x20 [ 80.184106][ T5453] should_fail_ex+0x229/0x230 [ 80.188776][ T5453] ? alloc_inode+0x6a/0x160 [ 80.193265][ T5453] should_failslab+0x8f/0xb0 [ 80.197896][ T5453] kmem_cache_alloc_lru_noprof+0x51/0x2a0 [ 80.203610][ T5453] alloc_inode+0x6a/0x160 [ 80.207926][ T5453] new_inode_pseudo+0x15/0x20 [ 80.212592][ T5453] path_from_stashed+0x13e/0x550 [ 80.217604][ T5453] ns_get_path+0x5a/0x70 [ 80.221943][ T5453] proc_ns_get_link+0x81/0x150 [ 80.226711][ T5453] ? __pfx_proc_ns_get_link+0x10/0x10 [ 80.232153][ T5453] pick_link+0x43f/0x7e0 [ 80.236416][ T5453] step_into+0x725/0x810 [ 80.240703][ T5453] ? d_splice_alias+0xd6/0x270 [ 80.245539][ T5453] path_openat+0x14f7/0x1f10 [ 80.250137][ T5453] do_filp_open+0xf7/0x200 [ 80.254589][ T5453] do_sys_openat2+0xab/0x120 [ 80.259168][ T5453] __x64_sys_openat+0xf3/0x120 [ 80.263925][ T5453] x64_sys_call+0x1025/0x2d60 [ 80.268591][ T5453] do_syscall_64+0xc9/0x1c0 [ 80.273089][ T5453] ? clear_bhb_loop+0x55/0xb0 [ 80.277807][ T5453] ? clear_bhb_loop+0x55/0xb0 [ 80.282475][ T5453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.288357][ T5453] RIP: 0033:0x7fd01fca8810 [ 80.292828][ T5453] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8f 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8f 02 00 8b 44 [ 80.312426][ T5453] RSP: 002b:00007fd01e926f60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 80.320823][ T5453] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd01fca8810 [ 80.328779][ T5453] RDX: 0000000000000000 RSI: 00007fd01fd17a56 RDI: 00000000ffffff9c [ 80.336748][ T5453] RBP: 00007fd01fd17a56 R08: 0000000000000000 R09: 0000000000000000 [ 80.344707][ T5453] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 80.352661][ T5453] R13: 0000000000000000 R14: 00007fd01fe45f80 R15: 00007ffe8af60f98 [ 80.360637][ T5453] [ 80.384009][ T5456] EXT4-fs (loop2): orphan cleanup on readonly fs [ 80.390591][ T5456] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 80.391136][ T5458] loop4: detected capacity change from 0 to 2048 [ 80.406969][ T5456] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.489: invalid indirect mapped block 2683928664 (level 1) [ 80.421281][ T5456] EXT4-fs (loop2): Remounting filesystem read-only [ 80.428517][ T5456] EXT4-fs (loop2): 1 truncate cleaned up [ 80.434562][ T5456] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 80.437352][ T5463] siw: device registration error -23 [ 80.447638][ T5456] SELinux: (dev loop2, type ext4) getxattr errno 5 [ 80.459284][ T5456] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.459931][ T5458] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.497796][ T5458] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 80.545237][ T5458] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 8 with error 28 [ 80.557525][ T5458] EXT4-fs (loop4): This should not happen!! Data will be lost [ 80.557525][ T5458] [ 80.567293][ T5458] EXT4-fs (loop4): Total free blocks count 0 [ 80.573330][ T5458] EXT4-fs (loop4): Free/Dirty block details [ 80.579340][ T5458] EXT4-fs (loop4): free_blocks=2415919104 [ 80.585205][ T5458] EXT4-fs (loop4): dirty_blocks=16 [ 80.590357][ T5458] EXT4-fs (loop4): Block reservation details [ 80.596483][ T5458] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 80.690682][ T4518] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.714051][ T5485] lo speed is unknown, defaulting to 1000 [ 80.747656][ T5487] netlink: 16 bytes leftover after parsing attributes in process `syz.4.498'. [ 80.756631][ T5487] netlink: 'syz.4.498': attribute type 2 has an invalid length. [ 81.295821][ T5494] TCP: TCP_TX_DELAY enabled [ 81.301619][ T5347] kernel write not supported for file /snd/seq (pid: 5347 comm: kworker/1:12) [ 81.374079][ T4104] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 81.374570][ T5513] netlink: 4 bytes leftover after parsing attributes in process `syz.3.501'. [ 81.408094][ T5513] lo speed is unknown, defaulting to 1000 [ 81.449851][ T5517] siw: device registration error -23 [ 81.480451][ T5519] ================================================================== [ 81.488550][ T5519] BUG: KCSAN: data-race in mas_wr_modify / mtree_range_walk [ 81.495845][ T5519] [ 81.498182][ T5519] write to 0xffff88811b5b5b10 of 8 bytes by task 5518 on cpu 0: [ 81.505796][ T5519] mas_wr_modify+0x155c/0x3c90 [ 81.510540][ T5519] mas_wr_store_entry+0x250/0x390 [ 81.515541][ T5519] mas_store_prealloc+0x151/0x2b0 [ 81.520546][ T5519] vma_expand+0x57f/0x660 [ 81.524875][ T5519] mmap_region+0x80c/0x1620 [ 81.529365][ T5519] do_mmap+0x72a/0xb70 [ 81.533415][ T5519] vm_mmap_pgoff+0x133/0x290 [ 81.537997][ T5519] ksys_mmap_pgoff+0xd0/0x340 [ 81.542661][ T5519] x64_sys_call+0x1884/0x2d60 [ 81.547327][ T5519] do_syscall_64+0xc9/0x1c0 [ 81.551824][ T5519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.557708][ T5519] [ 81.560022][ T5519] read to 0xffff88811b5b5b10 of 8 bytes by task 5519 on cpu 1: [ 81.567547][ T5519] mtree_range_walk+0x1b4/0x460 [ 81.572386][ T5519] mas_walk+0x16e/0x320 [ 81.576530][ T5519] lock_vma_under_rcu+0x84/0x260 [ 81.581460][ T5519] exc_page_fault+0x150/0x650 [ 81.586127][ T5519] asm_exc_page_fault+0x26/0x30 [ 81.591055][ T5519] [ 81.593368][ T5519] value changed: 0x00007f2f1dca0fff -> 0x00007f2f1dc7ffff [ 81.600454][ T5519] [ 81.602759][ T5519] Reported by Kernel Concurrency Sanitizer on: [ 81.608886][ T5519] CPU: 1 UID: 0 PID: 5519 Comm: syz.0.505 Not tainted 6.11.0-rc4-syzkaller-00255-gd2bafcf224f3 #0 [ 81.619467][ T5519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 81.629513][ T5519] ================================================================== [ 81.642957][ T5524] netlink: 4 bytes leftover after parsing attributes in process `syz.1.506'.