last executing test programs: 5.641064138s ago: executing program 1 (id=741): r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000380)={0x2, 0x0, @remote}, 0x10) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000000)='wg1\x00', 0x39) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0xa1a) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) write$tun(r3, &(0x7f00000003c0)={@val={0xa, 0x892f}, @void, @eth={@broadcast, @remote, @val, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x0, 0x48, 0x0, @wg=@cookie={0x3, 0x4, "e9c2c8b57c3e2d3f49a1c04f90cde13410c5e68175547a34", "42ebb03e5443ebeb950c27c7507d5b87bb93691ab0b6a63289964cd16d859521"}}}}}}}, 0x76) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0x26e1, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x910c48e7) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000070000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='kmem_cache_free\x00', r6}, 0x52) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r7, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) bind$inet6(r7, &(0x7f0000000280)={0xa, 0x4e21, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}, 0x1c) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) sendto$inet(r4, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec", 0x41, 0x0, 0x0, 0x0) recvmsg(r4, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0x46, 0x407006}, 0x104) socket(0x10, 0x3, 0x0) 5.072430336s ago: executing program 0 (id=750): r0 = socket$phonet(0x23, 0x2, 0x1) ioctl$SIOCPNDELRESOURCE(r0, 0x89ef, &(0x7f0000000040)=0x8086) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x2b, 0x1, 0x1) r2 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_io_uring_setup(0x2e8a, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r3, 0x2def, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r3, 0x6256, 0x0, 0x0, 0x0, 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) openat$vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x16200, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r6}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYRES32=r6, @ANYBLOB], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r8 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f00000002c0)={0x0, 0x5, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x700, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}}, 0x0) sendmmsg$sock(r1, &(0x7f0000001280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000001) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000003c0)=ANY=[@ANYRESDEC=r2, @ANYRESDEC, @ANYRES16=r8], 0x34}, 0x1, 0x0, 0x0, 0x8004}, 0x4008845) io_setup(0x2, &(0x7f0000000040)) r9 = socket(0x28, 0x5, 0x0) r10 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r10, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r10, 0x0) connect$vsock_stream(r9, &(0x7f0000000080), 0x10) sendmmsg(r9, &(0x7f0000000100)=[{{0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x8080) r11 = accept4$unix(r10, 0x0, 0x0, 0x0) recvfrom$unix(r11, &(0x7f00000017c0)=""/258, 0x102, 0x20, 0x0, 0x0) 4.941416717s ago: executing program 0 (id=752): r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x62) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) r3 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18}) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) 4.803809329s ago: executing program 0 (id=754): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) sendmmsg$unix(r0, &(0x7f0000002d00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000002840)=[{&(0x7f00000024c0)="90", 0xffffff1f}, {0x0}], 0x2}}], 0x5, 0x0) 4.738913985s ago: executing program 1 (id=755): syz_emit_ethernet(0x3a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbb0600000000000000002c0000000000069078640101"], 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = io_uring_setup(0x30d3, &(0x7f00000000c0)) setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, &(0x7f0000000180)={{0xa, 0x4e24, 0x251f, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8}, {0xa, 0x4e24, 0x9, @local, 0x24}, 0x1, {[0xe02, 0x8, 0x667e, 0x1, 0x6, 0x65b, 0x9, 0x61]}}, 0x5c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @loopback}}}, 0x108) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000400)={0x9, {{0x2, 0x0, @multicast2}}, 0x1}, 0x90) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x90) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_group_source_req(r2, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x200, 0x3, &(0x7f0000000000)) r3 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r3, &(0x7f0000000200), 0xc) read(r3, &(0x7f0000000540)=""/67, 0x43) close_range(r0, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x8, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 4.622220285s ago: executing program 0 (id=757): perf_event_open(0x0, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0)="c8f41c288d409ef0e169a340295f36d4b4", &(0x7f0000000280), 0x5, r0}, 0x38) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r3 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}}) syz_open_dev$tty1(0xc, 0x4, 0x1) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2660004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x202, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000580)=@base={0xe, 0x4, 0x4, 0x20002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext, 0x8026, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000540)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000200)='dns_resolver\x00', &(0x7f0000000180)={'syz', 0x1, 0x48}, &(0x7f0000000240)="48ab0500", 0x1001, r4) 4.418648302s ago: executing program 1 (id=758): perf_event_open(0x0, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f0000000100)=""/147}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_open_procfs(0x0, 0x0) r2 = dup(r0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}}) syz_open_dev$tty1(0xc, 0x4, 0x1) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x202, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000580)=@base={0xe, 0x4, 0x4, 0x20002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext, 0x8026, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000540)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000200)='dns_resolver\x00', &(0x7f0000000180)={'syz', 0x1, 0x48}, &(0x7f0000000240)="48ab0500", 0x1001, r4) 3.455785624s ago: executing program 4 (id=770): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, &(0x7f0000000dc0)=ANY=[@ANYBLOB="18330000a84c0000000000000000000018000000000009000000000008000000950000813f377100f444877d1f1b8c7dcf00cde92eb6a17be51014090d254eb2da69ce6b4f3dc5a4d45143830ff03a6a93630d6e78be1f52997ca18c1d9d28539eeea73647a7b170ed2c3ad86968ee56c2a3a85c02f461fc7c00889d024d31e8b5b6347e1a64f1187556d9ab398cfd5f8be57a701daf10487ba83470e0584d76ed658a45f33630847ec37e5fb9686cd3ced86fa6bae04f750775832cdf4f38ce926280a0194ff361a6b42e3f0e861959e0087bb0a292752df0fd8240ad856123"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f0000000100)=""/147}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0)="c8f41c288d409ef0e169a340295f36d4b4", &(0x7f0000000280), 0x5, r0}, 0x38) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r3 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}}) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBENT(0xffffffffffffffff, 0x5609, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) read$char_usb(0xffffffffffffffff, &(0x7f0000000040)=""/4122, 0x101a) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) pwritev2(r5, 0x0, 0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2660004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) socketpair$unix(0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000580)=@base={0xe, 0x4, 0x4, 0x20002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext, 0x8026, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f0000000100), &(0x7f0000000540)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) 1.586908434s ago: executing program 0 (id=794): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000440)={0x4, 0x4, 0x3}) r1 = dup(r0) socket$netlink(0x10, 0x3, 0x8) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0xc}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000340)={0x1, 0x2, 0x9, 0x9, 0x28d7}) unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1010e, &(0x7f0000000600)={[{@errors_remount}, {@data_journal}, {@data_err_ignore}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x20}}, {@resuid}, {@block_validity}]}, 0x1, 0x450, &(0x7f0000000bc0)="$eJzs28tvG8UfAPDvrpP219cvoZRHH0CgICIeSZMW6IELCCQOICFxKceQpFWp26AmSLSqICBUjqgSd8QRib+AE1wQcELiCndUqUK9UDgZrb1bP2rn6WQBfz7SJjM7Y898PTv27K4dwMAay/4kEXsj4peIGGlk2yuMNf7dunll9s+bV2aTqNXe+D2p1/vj5pXZomrxuD15ZjyNSD9O4nCXdhcvXT43U63OX8zzk0vn35lcvHT56bPnZ87Mn5m/MH3y5InjU889O/1MX+K8K+vrofcXjhx85c1rr82euvbWD18lRfwdcfTJ2EqFj9VqfW6uXPta0slQiR1hXSoRkQ3XcH3+j0QlmoM3Ei9/VGrngC1Vy/UoXq4B/2FJlN0DoBzFB312/lts27f6KN+NFxonQFnct/KtUTIUaV5nuOP8tp/GIuLU8l+fZ1useh3CiTUAsHnfZOufp7qt/9K4t6Xe//N7Q6P5vZT9EXF3RByIiHsi6nXvi4j719l+502SO9c/6fUNBbZG2frv+fzeVvv6r1j9xWglz+2rxz+cnD5bnT+WvybjMbwzy0+t0Ma3L/38aa+y1vVftmXtF2vBvB/Xh3a2P2ZuZmlmMzG3uvFhxKGhbvEnt1ebSUQcjIhDG2zj7BNfHulVtnr8K+jDcrj2RcTjjfFfjo74C8nK9ycn/xfV+WOTxVFxpx9/uvp6r/Y3FX8fZOO/u+vxfzv+0aT1fu3i+tu4+usnPc9pJjZ0/Dd37Mj/vzeztHRxKmJH8mqj0637p5uPLfJF/Sz+8aPd5//+aL4ShyMiO4gfiIgHI+KhfOwejohHIuLoCvF//+Kjb/cq+yeM/1zH+I+2V+kY/2ZiR3Tu6Z6onPvu6/ZnbCbX9v53op4az/es5f1vLf3a2NEMAAAA/z5pROyNJJ24nU7TiYnGd/gPxO60urC49OTphXcvzDV+IzAaw2lxpWuk5XroVH5aX+SnO/LH8+vGn1V21fMTswvVubKDhwG3p8f8z/xWKbt3wJbztTIYXOY/DC7zHwaX+Q+Dq8v831VGP4Dt1+3z/4MS+gFsv47577YfDBDn/zC4zH8YXK3zPymxH8C2WtwVq/9IXkLijkSkW91EcYxuQzjJFs+CvVvS53wKtxcly43d63nCWpeikt6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+uzvAAAA///dTt9J") r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ftruncate(r4, 0x2000009) write$binfmt_script(r4, &(0x7f0000000140), 0xfcb8) ioctl$EXT4_IOC_MOVE_EXT(r4, 0x40305829, &(0x7f0000000000)={0x17c04, 0xffffffffffffffff, 0x0, 0x3}) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3e8, 0x200, 0x200, 0x200, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2}}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x4}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x2}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x4}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438) r5 = socket$xdp(0x2c, 0x3, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x8d, 0x2) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000004c0), &(0x7f0000000500)=0x14) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/5}, 0x20) unshare(0x8000000) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x0, 0x400, 0x0, 0x100}}) syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x20, 0x0}, {[@lsrr={0x83, 0x3, 0xa6}, @timestamp={0x44, 0x4, 0x21}, @cipso={0x86, 0x6, 0x3}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 1.468038594s ago: executing program 2 (id=797): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_script(r2, &(0x7f0000000400)={'#! ', './file0', [], 0xa, "1f411d2552ad52cb07410969e814977e4f2c4a80522094786c8673fb61cf8b86bda4de504f5a3c7c04055f1f70e4064d46b2bb9e5100d446bb6a"}, 0x2) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 1.450719036s ago: executing program 2 (id=798): r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x62) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff) r1 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.361879663s ago: executing program 1 (id=800): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) getgroups(0x2, &(0x7f0000000040)=[0xffffffffffffffff, 0xee00]) 1.335399165s ago: executing program 1 (id=801): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/image_size', 0x20202, 0x0) sendfile(r0, r0, 0x0, 0xc3) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) r2 = socket$rxrpc(0x21, 0x2, 0x8) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'}) socket(0x10, 0x80002, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r5 = socket(0x11, 0x80a, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_DEP_LINK_UP(r6, &(0x7f00000003c0)={&(0x7f0000000280), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x34, 0x0, 0x20, 0x70bd2d, 0x80000000, {}, [@NFC_ATTR_COMM_MODE={0x5}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_COMM_MODE={0x5, 0xa, 0x1}, @NFC_ATTR_TARGET_INDEX={0x8}]}, 0x34}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140), r6) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000180)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x20}}, 0x0) r8 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) modify_ldt$read(0x11000000, 0x0, 0x0) fcntl$setownex(r8, 0xf, &(0x7f0000000040)={0x2}) r9 = syz_open_dev$sg(&(0x7f0000000440), 0x0, 0x181801) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000a00)="c3d20c7ccf073600040000000000005800ecff130091d42700ff81000e224e227f0000017b00092b1e58e6000001e80900e10a3a313ac7100003ffffffff00000003", 0x42}], 0x1) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000100)) ioctl$SCSI_IOCTL_SEND_COMMAND(r9, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r9]) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) utimes(0x0, 0x0) 1.305352718s ago: executing program 2 (id=802): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057000000"], 0x0}, 0x90) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000006c0)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5e}}, {@nouid32}, {@min_batch_time={'min_batch_time', 0x3d, 0xc}}]}, 0x80, 0x236, &(0x7f0000000300)="$eJzs3T9oFFkcB/Df7J/L7WU5cnfNwcEpiIgGgnaCTWwUAhKCiKBCRMRGSYSYYJdY2VhorZLKJoid0TpNsFEEq6gpYiNosDBYaLEyO4kGE1HcZEeczwdmd2Z33vze8Ob7dpphAyisrojojYhyRHRHRDUiktU7bM2WruXNydrsYESjcfhN0twv286stOuMiImI2BsRM6UkzlYixqaPL7ybO7jjymh1+63pY7W2nuSyxYX5Q0s3+y/f7dsz9ujJq/4keqO+cl6lzamZrPNZJYn4e3PK/RSSSt494HsMXLzzNM39PxGxrZn/apQiG7yrI7/NVGPXja+1vfb68X/t7Cuw8RqNavobONEACie97a1HUuqJiGy9VOrpye7hn5VrcW545EL3meHRodN5z1TARqlHzB+433Gv84v8vyxn+Qd+XWn+jwxMPU/Xl8p59wZopzT/3SfHd4b8Q+HIPxSX/ENxyT8Ul/xDcck/FJf8Q3HJPxSX/ENxyT8U1+r8AwDF0ujI+wlkIC95zz8AAAAAAAAAAAAAAAAAAMBak7XZwZWlXTUfXI9Y3B8RlfXql5v/Rxzxe/P1j7dJutsnSdasJSe2tHiAFt3O+enrP1/kW//h//nWHx+KmLgUEbsrlbXXX7J8/f24v77xffVUiwVatO9ovvU/TOVbv2/u8xyydvxL8W/zff35p56OX4v1z79v8QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0zccAAAD//0yHasw=") iopl(0x3) syslog(0x4, 0x0, 0x0) iopl(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f00000007c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="48000000385581c0b8e7a00000000000", @ANYRES16=0x0, @ANYRES16=r2, @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYRESOCT=r1, @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x48}}, 0x40001) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) 1.288507279s ago: executing program 0 (id=804): perf_event_open(0x0, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0)="c8f41c288d409ef0e169a340295f36d4b4", &(0x7f0000000280), 0x5, r0}, 0x38) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r3 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}}) syz_open_dev$tty1(0xc, 0x4, 0x1) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2660004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x202, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000580)=@base={0xe, 0x4, 0x4, 0x20002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext, 0x8026, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000540)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000200)='dns_resolver\x00', &(0x7f0000000180)={'syz', 0x1, 0x48}, &(0x7f0000000240)="48ab0500", 0x1001, r4) 1.222805215s ago: executing program 2 (id=806): sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000040)=0x1) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000140)=""/144, 0x90}], 0x1) r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setsig(r1, 0xa, 0x13) fcntl$setlease(r1, 0x400, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@ldst={0x0, 0x0, 0x1, 0x0, 0x5}]}, &(0x7f00000003c0)='syzkaller\x00', 0x9}, 0x90) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000340)={'batadv0\x00', 0x800}) 1.042139891s ago: executing program 1 (id=810): perf_event_open(0x0, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f0000000100)=""/147}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = syz_open_procfs(0x0, 0x0) r2 = dup(r0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}}) syz_open_dev$tty1(0xc, 0x4, 0x1) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x202, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000580)=@base={0xe, 0x4, 0x4, 0x20002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext, 0x8026, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000540)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000200)='dns_resolver\x00', &(0x7f0000000180)={'syz', 0x1, 0x48}, &(0x7f0000000240)="48ab0500", 0x1001, r4) 750.820526ms ago: executing program 3 (id=815): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000440)={0x4, 0x4, 0x3}) r1 = dup(r0) socket$netlink(0x10, 0x3, 0x8) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0xc}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000340)={0x1, 0x2, 0x9, 0x9, 0x28d7}) unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1010e, &(0x7f0000000600)={[{@errors_remount}, {@data_journal}, {@data_err_ignore}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x20}}, {@resuid}, {@block_validity}]}, 0x1, 0x450, &(0x7f0000000bc0)="$eJzs28tvG8UfAPDvrpP219cvoZRHH0CgICIeSZMW6IELCCQOICFxKceQpFWp26AmSLSqICBUjqgSd8QRib+AE1wQcELiCndUqUK9UDgZrb1bP2rn6WQBfz7SJjM7Y898PTv27K4dwMAay/4kEXsj4peIGGlk2yuMNf7dunll9s+bV2aTqNXe+D2p1/vj5pXZomrxuD15ZjyNSD9O4nCXdhcvXT43U63OX8zzk0vn35lcvHT56bPnZ87Mn5m/MH3y5InjU889O/1MX+K8K+vrofcXjhx85c1rr82euvbWD18lRfwdcfTJ2EqFj9VqfW6uXPta0slQiR1hXSoRkQ3XcH3+j0QlmoM3Ei9/VGrngC1Vy/UoXq4B/2FJlN0DoBzFB312/lts27f6KN+NFxonQFnct/KtUTIUaV5nuOP8tp/GIuLU8l+fZ1useh3CiTUAsHnfZOufp7qt/9K4t6Xe//N7Q6P5vZT9EXF3RByIiHsi6nXvi4j719l+502SO9c/6fUNBbZG2frv+fzeVvv6r1j9xWglz+2rxz+cnD5bnT+WvybjMbwzy0+t0Ma3L/38aa+y1vVftmXtF2vBvB/Xh3a2P2ZuZmlmMzG3uvFhxKGhbvEnt1ebSUQcjIhDG2zj7BNfHulVtnr8K+jDcrj2RcTjjfFfjo74C8nK9ycn/xfV+WOTxVFxpx9/uvp6r/Y3FX8fZOO/u+vxfzv+0aT1fu3i+tu4+usnPc9pJjZ0/Dd37Mj/vzeztHRxKmJH8mqj0637p5uPLfJF/Sz+8aPd5//+aL4ShyMiO4gfiIgHI+KhfOwejohHIuLoCvF//+Kjb/cq+yeM/1zH+I+2V+kY/2ZiR3Tu6Z6onPvu6/ZnbCbX9v53op4az/es5f1vLf3a2NEMAAAA/z5pROyNJJ24nU7TiYnGd/gPxO60urC49OTphXcvzDV+IzAaw2lxpWuk5XroVH5aX+SnO/LH8+vGn1V21fMTswvVubKDhwG3p8f8z/xWKbt3wJbztTIYXOY/DC7zHwaX+Q+Dq8v831VGP4Dt1+3z/4MS+gFsv47577YfDBDn/zC4zH8YXK3zPymxH8C2WtwVq/9IXkLijkSkW91EcYxuQzjJFs+CvVvS53wKtxcly43d63nCWpeikt6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+uzvAAAA///dTt9J") r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ftruncate(r4, 0x2000009) write$binfmt_script(r4, &(0x7f0000000140), 0xfcb8) ioctl$EXT4_IOC_MOVE_EXT(r4, 0x40305829, &(0x7f0000000000)={0x17c04, 0xffffffffffffffff, 0x0, 0x3}) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3e8, 0x200, 0x200, 0x200, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2}}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x4}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x2}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x4}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438) r5 = socket$xdp(0x2c, 0x3, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x8d, 0x2) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000004c0), &(0x7f0000000500)=0x14) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/5}, 0x20) unshare(0x8000000) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x0, 0x400, 0x0, 0x100}}) syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x20, 0x0}, {[@lsrr={0x83, 0x3, 0xa6}, @timestamp={0x44, 0x4, 0x21}, @cipso={0x86, 0x6, 0x3}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 538.462793ms ago: executing program 3 (id=816): r0 = socket$phonet(0x23, 0x2, 0x1) ioctl$SIOCPNDELRESOURCE(r0, 0x89ef, &(0x7f0000000040)=0x8086) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x2b, 0x1, 0x1) r2 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_io_uring_setup(0x2e8a, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r3, 0x2def, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r3, 0x6256, 0x0, 0x0, 0x0, 0x0) r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x16200, 0x0) sendmsg$nl_route(r6, &(0x7f0000000300)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYRES32=r4], 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x4000804) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYBLOB], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r8 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f00000002c0)={0x0, 0x5, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x700, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}}, 0x0) sendmmsg$sock(r1, &(0x7f0000001280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000001) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000003c0)=ANY=[@ANYRESDEC=r2, @ANYRESDEC, @ANYRES16=r8], 0x34}, 0x1, 0x0, 0x0, 0x8004}, 0x4008845) io_setup(0x2, &(0x7f0000000040)) r9 = socket(0x28, 0x5, 0x0) r10 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r10, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r10, 0x0) connect$vsock_stream(r9, &(0x7f0000000080), 0x10) sendmmsg(r9, &(0x7f0000000100)=[{{0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x8080) r11 = accept4$unix(r10, 0x0, 0x0, 0x0) recvfrom$unix(r11, &(0x7f00000017c0)=""/258, 0x102, 0x20, 0x0, 0x0) 421.938123ms ago: executing program 4 (id=817): r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x62) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) r3 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18}) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000000c0)=r6, 0x4) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r7, 0x800448d2, 0x0) setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) bind$bt_hci(r8, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) 406.235335ms ago: executing program 3 (id=818): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b70400000000000885"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) ptrace(0x4207, 0x0) 358.152939ms ago: executing program 3 (id=819): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b80)=@newtaction={0xa8, 0x30, 0x1, 0x0, 0x0, {}, [{0x94, 0x1, [@m_tunnel_key={0x60, 0x1, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa8}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40500000000000071117d00000000008510000002000000850000000000000095000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x8, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe}, 0x70) open(&(0x7f0000000080)='./bus\x00', 0x400141142, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0x10, 0x16, 0xb3, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x3}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x62) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan0\x00'}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000940), r3) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) write(0xffffffffffffffff, &(0x7f0000000000)="fa", 0xfffffdef) 306.572083ms ago: executing program 2 (id=820): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/image_size', 0x20202, 0x0) sendfile(r0, r0, 0x0, 0xc3) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) r2 = socket$rxrpc(0x21, 0x2, 0x8) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'}) socket(0x10, 0x80002, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r5 = socket(0x11, 0x80a, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_DEP_LINK_UP(r6, &(0x7f00000003c0)={&(0x7f0000000280), 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x34, 0x0, 0x20, 0x70bd2d, 0x80000000, {}, [@NFC_ATTR_COMM_MODE={0x5}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_COMM_MODE={0x5, 0xa, 0x1}, @NFC_ATTR_TARGET_INDEX={0x8}]}, 0x34}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140), r6) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000180)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x20}}, 0x0) r8 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) modify_ldt$read(0x11000000, 0x0, 0x0) fcntl$setownex(r8, 0xf, &(0x7f0000000040)={0x2}) r9 = syz_open_dev$sg(&(0x7f0000000440), 0x0, 0x181801) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000a00)="c3d20c7ccf073600040000000000005800ecff130091d42700ff81000e224e227f0000017b00092b1e58e6000001e80900e10a3a313ac7100003ffffffff00000003", 0x42}], 0x1) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000100)) ioctl$SCSI_IOCTL_SEND_COMMAND(r9, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r9]) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) utimes(0x0, 0x0) 278.883446ms ago: executing program 4 (id=821): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057000000"], 0x0}, 0x90) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000006c0)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5e}}, {@nouid32}, {@min_batch_time={'min_batch_time', 0x3d, 0xc}}]}, 0x80, 0x236, &(0x7f0000000300)="$eJzs3T9oFFkcB/Df7J/L7WU5cnfNwcEpiIgGgnaCTWwUAhKCiKBCRMRGSYSYYJdY2VhorZLKJoid0TpNsFEEq6gpYiNosDBYaLEyO4kGE1HcZEeczwdmd2Z33vze8Ob7dpphAyisrojojYhyRHRHRDUiktU7bM2WruXNydrsYESjcfhN0twv286stOuMiImI2BsRM6UkzlYixqaPL7ybO7jjymh1+63pY7W2nuSyxYX5Q0s3+y/f7dsz9ujJq/4keqO+cl6lzamZrPNZJYn4e3PK/RSSSt494HsMXLzzNM39PxGxrZn/apQiG7yrI7/NVGPXja+1vfb68X/t7Cuw8RqNavobONEACie97a1HUuqJiGy9VOrpye7hn5VrcW545EL3meHRodN5z1TARqlHzB+433Gv84v8vyxn+Qd+XWn+jwxMPU/Xl8p59wZopzT/3SfHd4b8Q+HIPxSX/ENxyT8Ul/xDcck/FJf8Q3HJPxSX/ENxyT8U1+r8AwDF0ujI+wlkIC95zz8AAAAAAAAAAAAAAAAAAMBak7XZwZWlXTUfXI9Y3B8RlfXql5v/Rxzxe/P1j7dJutsnSdasJSe2tHiAFt3O+enrP1/kW//h//nWHx+KmLgUEbsrlbXXX7J8/f24v77xffVUiwVatO9ovvU/TOVbv2/u8xyydvxL8W/zff35p56OX4v1z79v8QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0zccAAAD//0yHasw=") iopl(0x3) syslog(0x4, 0x0, 0x0) iopl(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x1, 0x0, 0x2, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800000000, 0x1}}, 0x0, 0x3, 0xffffffffffffffff, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f00000007c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="48000000385581c0b8e7a00000000000", @ANYRES16=0x0, @ANYRES16=r2, @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYRESOCT=r1, @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x48}}, 0x40001) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x2400c000) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x14, 0x4, 0x0, 0x8, 0x24, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x2) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffd) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) munlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r3, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) bpf$MAP_CREATE(0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) 193.953503ms ago: executing program 4 (id=822): socket$inet6(0xa, 0x6, 0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000740)=[{&(0x7f00000000c0)="390000001000111867090707a640400f0021ff3f31000000170a001700000000040037000a00030001632564b758b9a64411f6bb744dc48f57", 0x39}], 0x1) 73.914143ms ago: executing program 3 (id=823): r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x62) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, 0xffffffffffffffff) r1 = syz_io_uring_setup(0xe42, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x18}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 71.624003ms ago: executing program 2 (id=824): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x284, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x1c, 0xb, 0x6, 0x301, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000980)='./file1\x00', 0x280809a, &(0x7f0000000f40)=ANY=[], 0xd, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg") r2 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) write$9p(r2, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706", 0x200) sendfile(r2, r3, 0x0, 0xe066) sendfile(r2, r3, 0x0, 0xffff) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x17, 0x4, 0x8, 0x8, 0x1470, 0xffffffffffffffff, 0x2f, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4}, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000007c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2c0, 0x0, 0x12, 0x60d, 0x0, 0x202, 0x1f0, 0x2e8, 0x2e8, 0x1f0, 0x2c0, 0x4, 0x0, {[{{@ipv6={@local, @remote, [], [], 'veth0_to_team\x00', 'macsec0\x00', {}, {}, 0xc}, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x0, 0x10}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x320) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1, 0xc, 0x103ba, 0x1}, 0x48) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x243, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x2, 0x0, {0x9}}}]}}]}}, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{r6, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)='%pB \x00'}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000280)={r7, &(0x7f0000000180), 0x0}, 0x20) write$binfmt_script(r5, &(0x7f0000000080)={'#! ', './file0'}, 0xb) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000500)=ANY=[@ANYBLOB="18080000796420000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000fff800000000000000000009009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000ffb702000008000000b50a0000000000008500000006000000950000000000000000000000000000000000000000000006bbbb0acf2094dc92c135ec1cdcf4a857913dadcd7f79554f076be3a89ead180b4b9d45f1b1fe6a40ba0a552bf1c14154ff98188e2c446df3eb04b4c3498072b4340b183e5f613811e32ab192255b7d04b3bd48b12304a552f675"], &(0x7f0000000000)='GPL\x00', 0xa, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x90) 40.482856ms ago: executing program 4 (id=825): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) getgroups(0x2, &(0x7f0000000040)=[0xffffffffffffffff, 0xee00]) 26.102387ms ago: executing program 3 (id=826): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000440)={0x4, 0x4, 0x3}) r1 = dup(r0) socket$netlink(0x10, 0x3, 0x8) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0xc}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000340)={0x1, 0x2, 0x9, 0x9, 0x28d7}) unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1010e, &(0x7f0000000600)={[{@errors_remount}, {@data_journal}, {@data_err_ignore}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x20}}, {@resuid}, {@block_validity}]}, 0x1, 0x450, &(0x7f0000000bc0)="$eJzs28tvG8UfAPDvrpP219cvoZRHH0CgICIeSZMW6IELCCQOICFxKceQpFWp26AmSLSqICBUjqgSd8QRib+AE1wQcELiCndUqUK9UDgZrb1bP2rn6WQBfz7SJjM7Y898PTv27K4dwMAay/4kEXsj4peIGGlk2yuMNf7dunll9s+bV2aTqNXe+D2p1/vj5pXZomrxuD15ZjyNSD9O4nCXdhcvXT43U63OX8zzk0vn35lcvHT56bPnZ87Mn5m/MH3y5InjU889O/1MX+K8K+vrofcXjhx85c1rr82euvbWD18lRfwdcfTJ2EqFj9VqfW6uXPta0slQiR1hXSoRkQ3XcH3+j0QlmoM3Ei9/VGrngC1Vy/UoXq4B/2FJlN0DoBzFB312/lts27f6KN+NFxonQFnct/KtUTIUaV5nuOP8tp/GIuLU8l+fZ1useh3CiTUAsHnfZOufp7qt/9K4t6Xe//N7Q6P5vZT9EXF3RByIiHsi6nXvi4j719l+502SO9c/6fUNBbZG2frv+fzeVvv6r1j9xWglz+2rxz+cnD5bnT+WvybjMbwzy0+t0Ma3L/38aa+y1vVftmXtF2vBvB/Xh3a2P2ZuZmlmMzG3uvFhxKGhbvEnt1ebSUQcjIhDG2zj7BNfHulVtnr8K+jDcrj2RcTjjfFfjo74C8nK9ycn/xfV+WOTxVFxpx9/uvp6r/Y3FX8fZOO/u+vxfzv+0aT1fu3i+tu4+usnPc9pJjZ0/Dd37Mj/vzeztHRxKmJH8mqj0637p5uPLfJF/Sz+8aPd5//+aL4ShyMiO4gfiIgHI+KhfOwejohHIuLoCvF//+Kjb/cq+yeM/1zH+I+2V+kY/2ZiR3Tu6Z6onPvu6/ZnbCbX9v53op4az/es5f1vLf3a2NEMAAAA/z5pROyNJJ24nU7TiYnGd/gPxO60urC49OTphXcvzDV+IzAaw2lxpWuk5XroVH5aX+SnO/LH8+vGn1V21fMTswvVubKDhwG3p8f8z/xWKbt3wJbztTIYXOY/DC7zHwaX+Q+Dq8v831VGP4Dt1+3z/4MS+gFsv47577YfDBDn/zC4zH8YXK3zPymxH8C2WtwVq/9IXkLijkSkW91EcYxuQzjJFs+CvVvS53wKtxcly43d63nCWpeikt6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+uzvAAAA///dTt9J") r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ftruncate(r4, 0x2000009) write$binfmt_script(r4, &(0x7f0000000140), 0xfcb8) ioctl$EXT4_IOC_MOVE_EXT(r4, 0x40305829, &(0x7f0000000000)={0x17c04, 0xffffffffffffffff, 0x0, 0x3}) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3e8, 0x200, 0x200, 0x200, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2}}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x4}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x2}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x4}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438) r5 = socket$xdp(0x2c, 0x3, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x8d, 0x2) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000004c0), &(0x7f0000000500)=0x14) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/5}, 0x20) unshare(0x8000000) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x0, 0x400, 0x0, 0x100}}) syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x20, 0x0}, {[@lsrr={0x83, 0x3, 0xa6}, @timestamp={0x44, 0x4, 0x21}, @cipso={0x86, 0x6, 0x3}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 0s ago: executing program 4 (id=827): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x5, &(0x7f0000000dc0)=ANY=[@ANYBLOB="18330000a84c0000000000000000000018000000000009000000000008000000950000813f377100f444877d1f1b8c7dcf00cde92eb6a17be51014090d254eb2da69ce6b4f3dc5a4d45143830ff03a6a93630d6e78be1f52997ca18c1d9d28539eeea73647a7b170ed2c3ad86968ee56c2a3a85c02f461fc7c00889d024d31e8b5b6347e1a64f1187556d9ab398cfd5f8be57a701daf10487ba83470e0584d76ed658a45f33630847ec37e5fb9686cd3ced86fa6bae04f750775832cdf4f38ce926280a0194ff361a6b42e3f0e861959e0087bb0a292752df0fd8240ad856123299f"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f0000000100)=""/147}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0)="c8f41c288d409ef0e169a340295f36d4b4", &(0x7f0000000280), 0x5, r0}, 0x38) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r3 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}}) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBENT(0xffffffffffffffff, 0x5609, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) read$char_usb(0xffffffffffffffff, &(0x7f0000000040)=""/4122, 0x101a) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) pwritev2(r5, 0x0, 0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2660004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) socketpair$unix(0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000580)=@base={0xe, 0x4, 0x4, 0x20002, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext, 0x8026, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f0000000100), &(0x7f0000000540)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) kernel console output (not intermixed with test programs): man_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.548945][ T4707] hsr_slave_0: entered promiscuous mode [ 74.555077][ T4707] hsr_slave_1: entered promiscuous mode [ 74.561147][ T4707] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.568803][ T4707] Cannot create hsr debugfs directory [ 74.577304][ T4710] hsr_slave_0: entered promiscuous mode [ 74.583504][ T4710] hsr_slave_1: entered promiscuous mode [ 74.589368][ T4710] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.596900][ T4710] Cannot create hsr debugfs directory [ 74.634978][ T4709] hsr_slave_0: entered promiscuous mode [ 74.641083][ T4709] hsr_slave_1: entered promiscuous mode [ 74.647038][ T4709] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.654634][ T4709] Cannot create hsr debugfs directory [ 74.672764][ T3343] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.690572][ T4715] hsr_slave_0: entered promiscuous mode [ 74.696722][ T4715] hsr_slave_1: entered promiscuous mode [ 74.702781][ T4715] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.710404][ T4715] Cannot create hsr debugfs directory [ 74.738087][ T3343] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.800507][ T3343] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.883663][ T3343] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.962558][ T3343] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.023025][ T3343] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.062070][ T4707] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.111128][ T3343] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.151531][ T4707] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.181191][ T3343] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.201710][ T4707] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.251288][ T4707] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.294651][ T3343] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.317756][ T4707] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 75.326205][ T4707] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 75.337344][ T3343] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.348528][ T4707] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 75.357076][ T4707] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 75.395514][ T4707] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.411812][ T3343] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.423762][ T4707] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.433202][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.440291][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.455033][ T4727] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.462177][ T4727] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.482914][ T3343] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.549128][ T4707] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.574473][ T3343] bridge_slave_1: left allmulticast mode [ 75.580142][ T3343] bridge_slave_1: left promiscuous mode [ 75.585843][ T3343] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.593653][ T3343] bridge_slave_0: left allmulticast mode [ 75.599310][ T3343] bridge_slave_0: left promiscuous mode [ 75.604993][ T3343] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.612940][ T3343] bridge_slave_1: left allmulticast mode [ 75.618674][ T3343] bridge_slave_1: left promiscuous mode [ 75.624479][ T3343] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.632562][ T3343] bridge_slave_0: left allmulticast mode [ 75.638231][ T3343] bridge_slave_0: left promiscuous mode [ 75.643870][ T3343] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.651957][ T3343] bridge_slave_1: left allmulticast mode [ 75.657587][ T3343] bridge_slave_1: left promiscuous mode [ 75.663252][ T3343] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.670904][ T3343] bridge_slave_0: left allmulticast mode [ 75.676550][ T3343] bridge_slave_0: left promiscuous mode [ 75.682449][ T3343] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.690570][ T3343] bridge_slave_1: left allmulticast mode [ 75.696208][ T3343] bridge_slave_1: left promiscuous mode [ 75.701887][ T3343] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.709384][ T3343] bridge_slave_0: left allmulticast mode [ 75.715005][ T3343] bridge_slave_0: left promiscuous mode [ 75.720649][ T3343] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.090887][ T3343] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 76.101177][ T3343] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 76.111344][ T3343] bond0 (unregistering): Released all slaves [ 76.120373][ T3343] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 76.130774][ T3343] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 76.140729][ T3343] bond0 (unregistering): Released all slaves [ 76.149731][ T3343] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 76.159970][ T3343] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 76.169943][ T3343] bond0 (unregistering): Released all slaves [ 76.178808][ T3343] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 76.188839][ T3343] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 76.198834][ T3343] bond0 (unregistering): Released all slaves [ 76.230755][ T4709] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 76.239760][ T4709] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 76.248951][ T4709] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 76.259156][ T4709] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 76.276960][ T4707] veth0_vlan: entered promiscuous mode [ 76.291557][ T4707] veth1_vlan: entered promiscuous mode [ 76.311394][ T4707] veth0_macvtap: entered promiscuous mode [ 76.328830][ T4707] veth1_macvtap: entered promiscuous mode [ 76.342763][ T4709] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.353923][ T4707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.364573][ T4707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.374452][ T4707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.385052][ T4707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.394951][ T4707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.405389][ T4707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.415206][ T4707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.425628][ T4707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.436479][ T4707] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.445936][ T4707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.456542][ T4707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.466548][ T4707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.476986][ T4707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.486825][ T4707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.497250][ T4707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.507069][ T4707] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.517567][ T4707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.529703][ T4707] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.541310][ T4709] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.551596][ T4707] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.560702][ T4707] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.569432][ T4707] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.578255][ T4707] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.592203][ T3343] hsr_slave_0: left promiscuous mode [ 76.597954][ T3343] hsr_slave_1: left promiscuous mode [ 76.603605][ T3343] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 76.611139][ T3343] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 76.618854][ T3343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 76.626240][ T3343] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 76.635110][ T3343] hsr_slave_0: left promiscuous mode [ 76.641456][ T3343] hsr_slave_1: left promiscuous mode [ 76.647068][ T3343] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 76.654833][ T3343] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 76.662458][ T3343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 76.669859][ T3343] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 76.678768][ T3343] hsr_slave_0: left promiscuous mode [ 76.684433][ T3343] hsr_slave_1: left promiscuous mode [ 76.690206][ T3343] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 76.697731][ T3343] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 76.705262][ T3343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 76.712685][ T3343] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 76.722130][ T3343] hsr_slave_0: left promiscuous mode [ 76.727761][ T3343] hsr_slave_1: left promiscuous mode [ 76.733398][ T3343] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 76.740831][ T3343] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 76.748420][ T3343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 76.756038][ T3343] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 76.769677][ T3343] veth1_macvtap: left promiscuous mode [ 76.775227][ T3343] veth0_macvtap: left promiscuous mode [ 76.780813][ T3343] veth1_vlan: left promiscuous mode [ 76.786101][ T3343] veth0_vlan: left promiscuous mode [ 76.791861][ T3343] veth1_macvtap: left promiscuous mode [ 76.797412][ T3343] veth0_macvtap: left promiscuous mode [ 76.803056][ T3343] veth1_vlan: left promiscuous mode [ 76.808290][ T3343] veth0_vlan: left promiscuous mode [ 76.814237][ T3343] veth1_macvtap: left promiscuous mode [ 76.819736][ T3343] veth0_macvtap: left promiscuous mode [ 76.825216][ T3343] veth1_vlan: left promiscuous mode [ 76.830440][ T3343] veth0_vlan: left promiscuous mode [ 76.836269][ T3343] veth1_macvtap: left promiscuous mode [ 76.841798][ T3343] veth0_macvtap: left promiscuous mode [ 76.847396][ T3343] veth1_vlan: left promiscuous mode [ 76.852665][ T3343] veth0_vlan: left promiscuous mode [ 77.060500][ T3343] team0 (unregistering): Port device team_slave_1 removed [ 77.074664][ T3343] team0 (unregistering): Port device team_slave_0 removed [ 77.138979][ T3343] team0 (unregistering): Port device team_slave_1 removed [ 77.150823][ T3343] team0 (unregistering): Port device team_slave_0 removed [ 77.213387][ T3343] team0 (unregistering): Port device team_slave_1 removed [ 77.223079][ T3343] team0 (unregistering): Port device team_slave_0 removed [ 77.286599][ T3343] team0 (unregistering): Port device team_slave_1 removed [ 77.296824][ T3343] team0 (unregistering): Port device team_slave_0 removed [ 77.332676][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.339831][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.351950][ T3366] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.359095][ T3366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.394263][ T4709] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 77.404786][ T4709] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.442855][ T4710] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 77.452271][ T4792] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 77.462500][ T4710] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 77.477649][ T4710] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 77.492078][ T4710] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 77.504251][ T29] audit: type=1400 audit(1724970275.606:853): avc: denied { write } for pid=4796 comm="syz.1.226" path="socket:[9427]" dev="sockfs" ino=9427 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 77.510922][ T4709] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.537860][ T4797] netlink: 140 bytes leftover after parsing attributes in process `syz.1.226'. [ 77.580850][ T4710] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.592970][ T4710] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.604142][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.611328][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.633094][ T3366] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.640224][ T3366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.657300][ T29] audit: type=1400 audit(1724970275.756:854): avc: denied { mounton } for pid=4801 comm="syz.1.227" path="/proc/6/task" dev="proc" ino=9468 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 77.683862][ T4709] veth0_vlan: entered promiscuous mode [ 77.684485][ T29] audit: type=1400 audit(1724970275.786:855): avc: denied { create } for pid=4801 comm="syz.1.227" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 77.700837][ T4709] veth1_vlan: entered promiscuous mode [ 77.743593][ T4710] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.762585][ T4709] veth0_macvtap: entered promiscuous mode [ 77.770559][ T4709] veth1_macvtap: entered promiscuous mode [ 77.781238][ T4709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.791709][ T4709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.802877][ T4709] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.815392][ T4709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.825880][ T4709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.836552][ T4709] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.876103][ T4709] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.884857][ T4709] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.893701][ T4709] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.902429][ T4709] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.913441][ T4715] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 77.935837][ T4715] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 77.956149][ T4715] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 77.970181][ T4819] netlink: 24 bytes leftover after parsing attributes in process `syz.1.230'. [ 77.974717][ T4710] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.987766][ T4715] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 77.996391][ T4700] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.019083][ T4700] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.030275][ T4700] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.042607][ T4700] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.109673][ T29] audit: type=1400 audit(1724970276.216:856): avc: denied { ioctl } for pid=4824 comm="syz.1.231" path="socket:[9064]" dev="sockfs" ino=9064 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 78.122960][ T4715] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.154397][ T4700] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.175368][ T4715] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.183707][ T4700] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.195869][ T3366] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.202938][ T3366] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.212722][ T3366] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.219805][ T3366] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.237449][ T3366] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.244598][ T3366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.255194][ T3366] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.262308][ T3366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.286522][ T4710] veth0_vlan: entered promiscuous mode [ 78.320247][ T4710] veth1_vlan: entered promiscuous mode [ 78.344725][ T4710] veth0_macvtap: entered promiscuous mode [ 78.369162][ T4710] veth1_macvtap: entered promiscuous mode [ 78.389032][ T4710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.391726][ T4848] netlink: 44 bytes leftover after parsing attributes in process `syz.1.234'. [ 78.399676][ T4710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.418548][ T4710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.429021][ T4710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.440792][ T4710] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.449161][ T4710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.459683][ T4710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.469522][ T4710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.479958][ T4710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.485335][ T29] audit: type=1326 audit(1724970276.586:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4847 comm="syz.1.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfe4c69ef9 code=0x7ffc0000 [ 78.491041][ T4710] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.515351][ T29] audit: type=1326 audit(1724970276.616:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4847 comm="syz.1.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fdfe4c69ef9 code=0x7ffc0000 [ 78.525303][ T4715] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.552719][ T29] audit: type=1326 audit(1724970276.656:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4847 comm="syz.1.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfe4c69ef9 code=0x7ffc0000 [ 78.576224][ T29] audit: type=1326 audit(1724970276.656:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4847 comm="syz.1.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfe4c69ef9 code=0x7ffc0000 [ 78.606070][ T4710] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.614855][ T4710] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.623591][ T4710] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.632319][ T4710] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.682998][ T4700] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.776170][ T4715] veth0_vlan: entered promiscuous mode [ 78.819546][ T4715] veth1_vlan: entered promiscuous mode [ 78.852157][ T4700] veth0_vlan: entered promiscuous mode [ 78.863128][ T4700] veth1_vlan: entered promiscuous mode [ 78.900860][ T4715] veth0_macvtap: entered promiscuous mode [ 78.912901][ T4700] veth0_macvtap: entered promiscuous mode [ 78.930966][ T4700] veth1_macvtap: entered promiscuous mode [ 78.941400][ T4715] veth1_macvtap: entered promiscuous mode [ 78.952510][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.963290][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.973190][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.983655][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.993480][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.003951][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.016769][ T4700] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.028424][ T4715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.038897][ T4715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.048725][ T4715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.058709][ T29] audit: type=1400 audit(1724970277.136:861): avc: denied { create } for pid=4877 comm="syz.1.238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 79.059271][ T4715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.088431][ T4715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.089909][ T4882] loop1: detected capacity change from 0 to 128 [ 79.099132][ T4715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.115145][ T4715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.115653][ T29] audit: type=1326 audit(1724970277.186:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4881 comm="syz.1.239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfe4c69ef9 code=0x7ffc0000 [ 79.125597][ T4715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.170597][ T4882] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 79.181330][ T4715] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.190206][ T4715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.200742][ T4715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.210586][ T4715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.221024][ T4715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.230851][ T4715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.232277][ T4869] loop4: detected capacity change from 0 to 512 [ 79.241267][ T4715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.243825][ T4715] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.265745][ T4869] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 79.266472][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.286125][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.296049][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.306586][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.316417][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.326890][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.336722][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.347142][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.357808][ T4700] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.361914][ T4869] EXT4-fs (loop4): 1 orphan inode deleted [ 79.370813][ T4869] EXT4-fs (loop4): 1 truncate cleaned up [ 79.372199][ T4882] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 79.384658][ T4882] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 79.387953][ T4700] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.401935][ T4700] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.410674][ T4700] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.419401][ T4700] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.428553][ T4869] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.448640][ T4869] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 79.465042][ T4869] EXT4-fs (loop4): Remounting filesystem read-only [ 79.473334][ T4715] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.482089][ T4715] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.490833][ T4715] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.499628][ T4715] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.510519][ T4886] netlink: 9 bytes leftover after parsing attributes in process `syz.2.240'. [ 79.515627][ T4888] process 'syz.1.241' launched './file0' with NULL argv: empty string added [ 79.519324][ T4886] 0·X: renamed from hsr0 (while UP) [ 79.520431][ T4869] warn_alloc: 2 callbacks suppressed [ 79.520446][ T4869] syz.4.225: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 79.535239][ T4886] 0·X: entered allmulticast mode [ 79.538634][ T4869] ,cpuset=syz4,mems_allowed=0 [ 79.538662][ T4869] CPU: 1 UID: 0 PID: 4869 Comm: syz.4.225 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 79.538688][ T4869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 79.538699][ T4869] Call Trace: [ 79.538706][ T4869] [ 79.538713][ T4869] dump_stack_lvl+0xf2/0x150 [ 79.550990][ T4886] hsr_slave_0: entered allmulticast mode [ 79.555862][ T4869] dump_stack+0x15/0x20 [ 79.560537][ T4886] hsr_slave_1: entered allmulticast mode [ 79.571068][ T4869] warn_alloc+0x145/0x1b0 [ 79.571131][ T4869] ? __schedule+0x5fa/0x950 [ 79.584058][ T4886] A link change request failed with some changes committed already. Interface c0·X may have been left with an inconsistent configuration, please check. [ 79.584456][ T4869] ? __vmalloc_node_range_noprof+0x88/0xec0 [ 79.637541][ T4869] __vmalloc_node_range_noprof+0xaa/0xec0 [ 79.643332][ T4869] ? __pfx_futex_wake_mark+0x10/0x10 [ 79.648731][ T4869] ? __rcu_read_unlock+0x4e/0x70 [ 79.653733][ T4869] ? avc_has_perm_noaudit+0x1cc/0x210 [ 79.659212][ T4869] ? xskq_create+0x36/0xd0 [ 79.663638][ T4869] vmalloc_user_noprof+0x59/0x70 [ 79.668734][ T4869] ? xskq_create+0x79/0xd0 [ 79.673162][ T4869] xskq_create+0x79/0xd0 [ 79.677420][ T4869] xsk_init_queue+0x82/0xd0 [ 79.681953][ T4869] xsk_setsockopt+0x409/0x520 [ 79.686638][ T4869] ? __pfx_xsk_setsockopt+0x10/0x10 [ 79.691945][ T4869] __sys_setsockopt+0x1d8/0x250 [ 79.696805][ T4869] __x64_sys_setsockopt+0x66/0x80 [ 79.701864][ T4869] x64_sys_call+0x278d/0x2d60 [ 79.706609][ T4869] do_syscall_64+0xc9/0x1c0 [ 79.711121][ T4869] ? clear_bhb_loop+0x55/0xb0 [ 79.715805][ T4869] ? clear_bhb_loop+0x55/0xb0 [ 79.720558][ T4869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.726508][ T4869] RIP: 0033:0x7f73149b9ef9 [ 79.730936][ T4869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.750623][ T4869] RSP: 002b:00007f7313637038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 79.759039][ T4869] RAX: ffffffffffffffda RBX: 00007f7314b55f80 RCX: 00007f73149b9ef9 [ 79.767110][ T4869] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000b [ 79.775161][ T4869] RBP: 00007f7314a2793e R08: 0000000000000020 R09: 0000000000000000 [ 79.783195][ T4869] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000000 [ 79.791219][ T4869] R13: 0000000000000000 R14: 00007f7314b55f80 R15: 00007fff20910348 [ 79.799291][ T4869] [ 79.802500][ T4869] Mem-Info: [ 79.805611][ T4869] active_anon:5707 inactive_anon:56 isolated_anon:0 [ 79.805611][ T4869] active_file:6199 inactive_file:17269 isolated_file:0 [ 79.805611][ T4869] unevictable:0 dirty:155 writeback:0 [ 79.805611][ T4869] slab_reclaimable:2566 slab_unreclaimable:14504 [ 79.805611][ T4869] mapped:23585 shmem:3160 pagetables:589 [ 79.805611][ T4869] sec_pagetables:0 bounce:0 [ 79.805611][ T4869] kernel_misc_reclaimable:0 [ 79.805611][ T4869] free:1909375 free_pcp:1631 free_cma:0 [ 79.850767][ T4869] Node 0 active_anon:22828kB inactive_anon:224kB active_file:24796kB inactive_file:69076kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:94340kB dirty:620kB writeback:0kB shmem:12640kB writeback_tmp:0kB kernel_stack:2736kB pagetables:2356kB sec_pagetables:0kB all_unreclaimable? no [ 79.878719][ T4869] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 79.878787][ T4869] lowmem_reserve[]: 0 2866 7844 0 [ 79.878843][ T4869] Node 0 DMA32 free:2950336kB boost:0kB min:4136kB low:7068kB high:10000kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953968kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:3532kB free_cma:0kB [ 79.878930][ T4869] lowmem_reserve[]: 0 0 4978 0 [ 79.878951][ T4869] Node 0 Normal free:4671548kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB active_anon:22828kB inactive_anon:224kB active_file:24796kB inactive_file:69076kB unevictable:0kB writepending:620kB present:5242880kB managed:5098208kB mlocked:0kB bounce:0kB free_pcp:2988kB local_pcp:1960kB free_cma:0kB [ 79.879010][ T4869] lowmem_reserve[]: 0 0 0 0 [ 79.879088][ T4869] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 79.879214][ T4869] Node 0 DMA32: 2*4kB (M) 1*8kB (M) 3*16kB (M) 2*32kB (M) 3*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 3*1024kB (M) 2*2048kB (M) 718*4096kB (M) = 2950336kB [ 79.879512][ T4869] Node 0 Normal: 283*4kB (UM) 92*8kB (UE) 4*16kB (UE) 366*32kB (UME) 268*64kB (UME) 64*128kB (UME) 30*256kB (UM) 35*512kB (UM) 31*1024kB (UME) 8*2048kB (UM) 1113*4096kB (UM) = 4671564kB [ 79.879715][ T4869] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 79.879731][ T4869] 26684 total pagecache pages [ 79.879738][ T4869] 56 pages in swap cache [ 79.879745][ T4869] Free swap = 124440kB [ 79.879752][ T4869] Total swap = 124996kB [ 79.879759][ T4869] 2097051 pages RAM [ 79.879765][ T4869] 0 pages HighMem/MovableOnly [ 79.879772][ T4869] 80167 pages reserved [ 79.945885][ T4891] netlink: 12 bytes leftover after parsing attributes in process `syz.2.242'. [ 80.117247][ T4892] bridge0: port 3(batadv1) entered blocking state [ 80.123721][ T4892] bridge0: port 3(batadv1) entered disabled state [ 80.132843][ T4710] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.134316][ T4892] batadv1: entered allmulticast mode [ 80.147766][ T4892] batadv1: entered promiscuous mode [ 80.167603][ T4893] batadv1: left allmulticast mode [ 80.172782][ T4893] batadv1: left promiscuous mode [ 80.177816][ T4893] bridge0: port 3(batadv1) entered disabled state [ 80.186921][ T4893] bridge_slave_1: left allmulticast mode [ 80.192640][ T4893] bridge_slave_1: left promiscuous mode [ 80.198354][ T4893] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.209314][ T4893] bridge_slave_0: left allmulticast mode [ 80.215029][ T4893] bridge_slave_0: left promiscuous mode [ 80.217870][ T4896] loop4: detected capacity change from 0 to 8192 [ 80.220874][ T4893] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.257032][ T4900] loop3: detected capacity change from 0 to 512 [ 80.263768][ T4900] EXT4-fs: Ignoring removed nomblk_io_submit option [ 80.279543][ T4900] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 80.287499][ T4900] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=1842c01c, mo2=0002] [ 80.298907][ T4900] EXT4-fs (loop3): couldn't mount RDWR because of unsupported optional features (80) [ 80.308453][ T4900] EXT4-fs (loop3): Skipping orphan cleanup due to unknown ROCOMPAT features [ 80.318530][ T4900] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 80.343249][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.402513][ T4906] netlink: 12 bytes leftover after parsing attributes in process `syz.3.245'. [ 80.485352][ T4915] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 80.592526][ T4927] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 80.621441][ T4931] random: crng reseeded on system resumption [ 81.283472][ T4936] netlink: 12 bytes leftover after parsing attributes in process `syz.3.256'. [ 81.373226][ T4944] loop4: detected capacity change from 0 to 512 [ 81.381762][ T4944] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.260: corrupted in-inode xattr: invalid ea_ino [ 81.396880][ T4944] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.260: couldn't read orphan inode 15 (err -117) [ 81.410574][ T4944] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.453370][ T4710] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.506519][ T4952] loop3: detected capacity change from 0 to 8192 [ 81.542285][ T4957] loop1: detected capacity change from 0 to 128 [ 81.553619][ T4959] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 81.565989][ T4957] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 81.666331][ T4969] netlink: 12 bytes leftover after parsing attributes in process `syz.0.269'. [ 81.741304][ T4981] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 81.822215][ T4993] FAULT_INJECTION: forcing a failure. [ 81.822215][ T4993] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 81.835336][ T4993] CPU: 0 UID: 0 PID: 4993 Comm: syz.3.280 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 81.845960][ T4993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 81.856053][ T4993] Call Trace: [ 81.859332][ T4993] [ 81.862261][ T4993] dump_stack_lvl+0xf2/0x150 [ 81.866984][ T4993] dump_stack+0x15/0x20 [ 81.871152][ T4993] should_fail_ex+0x229/0x230 [ 81.875836][ T4993] should_fail+0xb/0x10 [ 81.879998][ T4993] should_fail_usercopy+0x1a/0x20 [ 81.885025][ T4993] strncpy_from_user+0x25/0x270 [ 81.889891][ T4993] ? kmem_cache_alloc_noprof+0x10c/0x290 [ 81.895594][ T4993] getname_flags+0xb0/0x3b0 [ 81.900110][ T4993] __x64_sys_mkdir+0x33/0x50 [ 81.904713][ T4993] x64_sys_call+0x2729/0x2d60 [ 81.909455][ T4993] do_syscall_64+0xc9/0x1c0 [ 81.913957][ T4993] ? clear_bhb_loop+0x55/0xb0 [ 81.918693][ T4993] ? clear_bhb_loop+0x55/0xb0 [ 81.923364][ T4993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.929319][ T4993] RIP: 0033:0x7f401b789ef9 [ 81.933728][ T4993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.953359][ T4993] RSP: 002b:00007f401a401038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 81.961773][ T4993] RAX: ffffffffffffffda RBX: 00007f401b925f80 RCX: 00007f401b789ef9 [ 81.969744][ T4993] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 81.977721][ T4993] RBP: 00007f401a401090 R08: 0000000000000000 R09: 0000000000000000 [ 81.985703][ T4993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 81.993758][ T4993] R13: 0000000000000000 R14: 00007f401b925f80 R15: 00007ffe0f1d29b8 [ 82.001852][ T4993] [ 82.052159][ T4997] loop3: detected capacity change from 0 to 8192 [ 82.326057][ T5009] netlink: 9 bytes leftover after parsing attributes in process `syz.0.286'. [ 82.335836][ T5009] 0·X: renamed from hsr0 (while UP) [ 82.342845][ T5009] 0·X: entered allmulticast mode [ 82.347867][ T5009] hsr_slave_0: entered allmulticast mode [ 82.353637][ T5009] hsr_slave_1: entered allmulticast mode [ 82.359787][ T5009] A link change request failed with some changes committed already. Interface c0·X may have been left with an inconsistent configuration, please check. [ 82.438805][ T5013] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 82.497762][ T5019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 82.506366][ T5019] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 82.632350][ T29] kauditd_printk_skb: 550 callbacks suppressed [ 82.632362][ T29] audit: type=1326 audit(1724970280.736:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73149b9ef9 code=0x7ffc0000 [ 82.662947][ T29] audit: type=1326 audit(1724970280.736:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73149b9ef9 code=0x7ffc0000 [ 82.686363][ T29] audit: type=1326 audit(1724970280.736:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f73149b9ef9 code=0x7ffc0000 [ 82.709707][ T29] audit: type=1326 audit(1724970280.736:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73149b9ef9 code=0x7ffc0000 [ 82.733311][ T29] audit: type=1326 audit(1724970280.736:1417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73149b9ef9 code=0x7ffc0000 [ 82.756737][ T29] audit: type=1326 audit(1724970280.736:1418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f73149b9ef9 code=0x7ffc0000 [ 82.780034][ T29] audit: type=1326 audit(1724970280.736:1419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73149b9ef9 code=0x7ffc0000 [ 82.803338][ T29] audit: type=1326 audit(1724970280.736:1420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f73149b9ef9 code=0x7ffc0000 [ 82.826897][ T29] audit: type=1326 audit(1724970280.746:1421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73149b9ef9 code=0x7ffc0000 [ 82.850372][ T29] audit: type=1326 audit(1724970280.746:1422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73149b9ef9 code=0x7ffc0000 [ 82.918701][ T5031] loop3: detected capacity change from 0 to 8192 [ 83.055864][ T5035] loop1: detected capacity change from 0 to 128 [ 83.062944][ T5035] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 83.097422][ T5038] loop1: detected capacity change from 0 to 256 [ 83.189856][ T5038] Cannot find add_set index 0 as target [ 83.197497][ T5038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.206474][ T5038] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 83.670363][ T5055] loop4: detected capacity change from 0 to 8192 [ 83.809562][ T5060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.818334][ T5060] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 84.157017][ T5073] loop2: detected capacity change from 0 to 2048 [ 84.170670][ T5073] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.184149][ T5073] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.209940][ T5073] netlink: 12 bytes leftover after parsing attributes in process `syz.2.313'. [ 84.344340][ T5084] loop2: detected capacity change from 0 to 8192 [ 84.363887][ T5080] loop3: detected capacity change from 0 to 512 [ 84.371950][ T5080] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 84.383954][ T5080] EXT4-fs (loop3): 1 orphan inode deleted [ 84.389812][ T5080] EXT4-fs (loop3): 1 truncate cleaned up [ 84.396172][ T5080] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.410992][ T5080] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 84.425766][ T5080] EXT4-fs (loop3): Remounting filesystem read-only [ 84.476794][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.583572][ T5101] netlink: 12 bytes leftover after parsing attributes in process `syz.2.323'. [ 84.663716][ T5111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 84.669499][ T5113] netlink: 12 bytes leftover after parsing attributes in process `syz.1.329'. [ 84.682409][ T5111] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 84.695863][ T5115] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5115 comm=syz.1.330 [ 85.322666][ T5124] loop2: detected capacity change from 0 to 512 [ 85.331389][ T5124] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 85.354366][ T5124] EXT4-fs (loop2): 1 orphan inode deleted [ 85.360191][ T5124] EXT4-fs (loop2): 1 truncate cleaned up [ 85.370769][ T5124] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.389442][ T5127] loop4: detected capacity change from 0 to 8192 [ 85.463229][ T4709] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.472662][ T5133] netlink: 12 bytes leftover after parsing attributes in process `syz.0.336'. [ 85.614551][ T5148] netlink: 9 bytes leftover after parsing attributes in process `syz.0.342'. [ 85.630781][ T5148] 1·X: renamed from c0·X (while UP) [ 85.639134][ T5148] A link change request failed with some changes committed already. Interface c1·X may have been left with an inconsistent configuration, please check. [ 85.679903][ T5164] netlink: 12 bytes leftover after parsing attributes in process `syz.0.348'. [ 85.749573][ T5169] 9pnet_fd: Insufficient options for proto=fd [ 85.930095][ T5165] loop4: detected capacity change from 0 to 512 [ 85.939521][ T5165] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 85.951714][ T5165] EXT4-fs (loop4): 1 orphan inode deleted [ 85.957558][ T5165] EXT4-fs (loop4): 1 truncate cleaned up [ 85.966164][ T5165] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.983819][ T5165] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 85.998395][ T5165] EXT4-fs (loop4): Remounting filesystem read-only [ 86.074277][ T4710] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.267335][ T5196] netlink: 12 bytes leftover after parsing attributes in process `syz.3.360'. [ 86.460473][ T5204] loop3: detected capacity change from 0 to 512 [ 86.471957][ T5204] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 86.486437][ T5204] EXT4-fs (loop3): 1 orphan inode deleted [ 86.492335][ T5204] EXT4-fs (loop3): 1 truncate cleaned up [ 86.510861][ T5204] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.534432][ T5204] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 86.566957][ T5216] loop1: detected capacity change from 0 to 8192 [ 86.568420][ T5204] EXT4-fs (loop3): Remounting filesystem read-only [ 86.733624][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.743618][ T5223] loop4: detected capacity change from 0 to 2048 [ 86.768598][ T5227] netlink: 12 bytes leftover after parsing attributes in process `syz.1.374'. [ 86.778940][ T5223] loop4: p1 < > p4 [ 86.783189][ T5223] loop4: p4 size 8388608 extends beyond EOD, truncated [ 86.869273][ T5236] 9pnet_fd: Insufficient options for proto=fd [ 86.901084][ T5242] loop1: detected capacity change from 0 to 512 [ 86.918596][ T5242] EXT4-fs: Ignoring removed bh option [ 86.926640][ T5242] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 86.939761][ T5242] EXT4-fs (loop1): 1 truncate cleaned up [ 86.950389][ T5242] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.953614][ T5240] loop4: detected capacity change from 0 to 8192 [ 87.053561][ T5242] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.174911][ T5258] netlink: 12 bytes leftover after parsing attributes in process `syz.4.386'. [ 87.177873][ T5249] loop3: detected capacity change from 0 to 512 [ 87.192814][ T5249] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 87.206577][ T5249] EXT4-fs (loop3): 1 orphan inode deleted [ 87.212351][ T5249] EXT4-fs (loop3): 1 truncate cleaned up [ 87.218444][ T5249] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.235160][ T5249] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 87.249983][ T5249] EXT4-fs (loop3): Remounting filesystem read-only [ 87.293749][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.410788][ T5275] FAULT_INJECTION: forcing a failure. [ 87.410788][ T5275] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 87.423931][ T5275] CPU: 0 UID: 0 PID: 5275 Comm: syz.3.393 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 87.434547][ T5275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 87.444592][ T5275] Call Trace: [ 87.447883][ T5275] [ 87.450841][ T5275] dump_stack_lvl+0xf2/0x150 [ 87.455448][ T5275] dump_stack+0x15/0x20 [ 87.459729][ T5275] should_fail_ex+0x229/0x230 [ 87.464406][ T5275] should_fail+0xb/0x10 [ 87.468568][ T5275] should_fail_usercopy+0x1a/0x20 [ 87.473609][ T5275] _copy_from_user+0x1e/0xd0 [ 87.478261][ T5275] memdup_user+0x64/0xc0 [ 87.482585][ T5275] strndup_user+0x68/0xa0 [ 87.486971][ T5275] __se_sys_mount+0x4e/0x2d0 [ 87.491600][ T5275] ? fput+0x13b/0x180 [ 87.495626][ T5275] ? ksys_write+0x178/0x1b0 [ 87.500133][ T5275] __x64_sys_mount+0x67/0x80 [ 87.504724][ T5275] x64_sys_call+0x203e/0x2d60 [ 87.509471][ T5275] do_syscall_64+0xc9/0x1c0 [ 87.513966][ T5275] ? clear_bhb_loop+0x55/0xb0 [ 87.518671][ T5275] ? clear_bhb_loop+0x55/0xb0 [ 87.523419][ T5275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.529454][ T5275] RIP: 0033:0x7f401b789ef9 [ 87.533919][ T5275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.553567][ T5275] RSP: 002b:00007f401a401038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 87.561993][ T5275] RAX: ffffffffffffffda RBX: 00007f401b925f80 RCX: 00007f401b789ef9 [ 87.569957][ T5275] RDX: 0000000020000080 RSI: 0000000020000300 RDI: 0000000000000000 [ 87.577919][ T5275] RBP: 00007f401a401090 R08: 0000000020000100 R09: 0000000000000000 [ 87.585984][ T5275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 87.593987][ T5275] R13: 0000000000000000 R14: 00007f401b925f80 R15: 00007ffe0f1d29b8 [ 87.601988][ T5275] [ 87.647947][ T29] kauditd_printk_skb: 1148 callbacks suppressed [ 87.647957][ T29] audit: type=1326 audit(1724970285.746:2571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5259 comm="syz.4.387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f73149b0ea7 code=0x7ffc0000 [ 87.677828][ T29] audit: type=1326 audit(1724970285.746:2572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5259 comm="syz.4.387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7314955849 code=0x7ffc0000 [ 87.701123][ T29] audit: type=1326 audit(1724970285.746:2573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5259 comm="syz.4.387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=243 compat=0 ip=0x7f73149b9ef9 code=0x7ffc0000 [ 87.724553][ T29] audit: type=1326 audit(1724970285.786:2574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5259 comm="syz.4.387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f73149b0ea7 code=0x7ffc0000 [ 87.747848][ T29] audit: type=1326 audit(1724970285.786:2575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5259 comm="syz.4.387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7314955849 code=0x7ffc0000 [ 87.771399][ T29] audit: type=1326 audit(1724970285.786:2576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5259 comm="syz.4.387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f73149b0ea7 code=0x7ffc0000 [ 87.794727][ T29] audit: type=1326 audit(1724970285.786:2577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5259 comm="syz.4.387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7314955849 code=0x7ffc0000 [ 87.817996][ T29] audit: type=1326 audit(1724970285.786:2578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5259 comm="syz.4.387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=243 compat=0 ip=0x7f73149b9ef9 code=0x7ffc0000 [ 87.841323][ T29] audit: type=1326 audit(1724970285.786:2579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5259 comm="syz.4.387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f73149b0ea7 code=0x7ffc0000 [ 87.864609][ T29] audit: type=1326 audit(1724970285.786:2580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5259 comm="syz.4.387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7314955849 code=0x7ffc0000 [ 87.936005][ T5287] netlink: 12 bytes leftover after parsing attributes in process `syz.1.397'. [ 88.084883][ T5289] loop3: detected capacity change from 0 to 512 [ 88.093102][ T5289] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 88.105541][ T5289] EXT4-fs (loop3): 1 orphan inode deleted [ 88.111334][ T5289] EXT4-fs (loop3): 1 truncate cleaned up [ 88.118426][ T5289] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.132269][ T5289] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 88.146712][ T5289] EXT4-fs (loop3): Remounting filesystem read-only [ 88.198715][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.255478][ T5307] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.264077][ T5307] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.404241][ T5324] loop3: detected capacity change from 0 to 2048 [ 88.411827][ T5324] EXT4-fs error (device loop3): __ext4_fill_super:5435: inode #2: comm syz.3.413: casefold flag without casefold feature [ 88.424782][ T5324] EXT4-fs (loop3): get root inode failed [ 88.430465][ T5324] EXT4-fs (loop3): mount failed [ 88.824018][ T5341] FAULT_INJECTION: forcing a failure. [ 88.824018][ T5341] name failslab, interval 1, probability 0, space 0, times 0 [ 88.836691][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.2.419 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 88.847280][ T5341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 88.857324][ T5341] Call Trace: [ 88.860589][ T5341] [ 88.863506][ T5341] dump_stack_lvl+0xf2/0x150 [ 88.868144][ T5341] dump_stack+0x15/0x20 [ 88.872293][ T5341] should_fail_ex+0x229/0x230 [ 88.877004][ T5341] ? __alloc_skb+0x10b/0x310 [ 88.881602][ T5341] should_failslab+0x8f/0xb0 [ 88.886347][ T5341] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 88.892159][ T5341] ? __rtnl_unlock+0x99/0xb0 [ 88.896747][ T5341] __alloc_skb+0x10b/0x310 [ 88.901158][ T5341] netlink_ack+0xef/0x4f0 [ 88.905488][ T5341] ? __dev_queue_xmit+0x161/0x1fe0 [ 88.910598][ T5341] netlink_rcv_skb+0x19c/0x230 [ 88.915442][ T5341] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 88.920919][ T5341] rtnetlink_rcv+0x1c/0x30 [ 88.925336][ T5341] netlink_unicast+0x599/0x670 [ 88.930107][ T5341] netlink_sendmsg+0x5cc/0x6e0 [ 88.934954][ T5341] ? __pfx_netlink_sendmsg+0x10/0x10 [ 88.940333][ T5341] __sock_sendmsg+0x140/0x180 [ 88.945020][ T5341] ____sys_sendmsg+0x312/0x410 [ 88.949797][ T5341] __sys_sendmsg+0x1e9/0x280 [ 88.954410][ T5341] __x64_sys_sendmsg+0x46/0x50 [ 88.959233][ T5341] x64_sys_call+0x2689/0x2d60 [ 88.963921][ T5341] do_syscall_64+0xc9/0x1c0 [ 88.968465][ T5341] ? clear_bhb_loop+0x55/0xb0 [ 88.973138][ T5341] ? clear_bhb_loop+0x55/0xb0 [ 88.977848][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.983807][ T5341] RIP: 0033:0x7fbd702e9ef9 [ 88.988222][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.007900][ T5341] RSP: 002b:00007fbd6ef61038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 89.016301][ T5341] RAX: ffffffffffffffda RBX: 00007fbd70485f80 RCX: 00007fbd702e9ef9 [ 89.024262][ T5341] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 89.032399][ T5341] RBP: 00007fbd6ef61090 R08: 0000000000000000 R09: 0000000000000000 [ 89.040358][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.048318][ T5341] R13: 0000000000000000 R14: 00007fbd70485f80 R15: 00007ffd0b608418 [ 89.056373][ T5341] [ 89.126964][ T5352] syz.4.424 (5352): attempted to duplicate a private mapping with mremap. This is not supported. [ 89.155253][ T5354] 9pnet_fd: Insufficient options for proto=fd [ 89.182845][ T5356] FAULT_INJECTION: forcing a failure. [ 89.182845][ T5356] name failslab, interval 1, probability 0, space 0, times 0 [ 89.195557][ T5356] CPU: 1 UID: 0 PID: 5356 Comm: syz.2.426 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 89.206235][ T5356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 89.216304][ T5356] Call Trace: [ 89.219599][ T5356] [ 89.222539][ T5356] dump_stack_lvl+0xf2/0x150 [ 89.227151][ T5356] dump_stack+0x15/0x20 [ 89.231331][ T5356] should_fail_ex+0x229/0x230 [ 89.236030][ T5356] ? alloc_fs_context+0x44/0x4e0 [ 89.240981][ T5356] should_failslab+0x8f/0xb0 [ 89.245642][ T5356] __kmalloc_cache_noprof+0x4b/0x2a0 [ 89.250963][ T5356] alloc_fs_context+0x44/0x4e0 [ 89.255749][ T5356] ? try_module_get+0xae/0x1a0 [ 89.260600][ T5356] fs_context_for_mount+0x21/0x30 [ 89.265649][ T5356] do_new_mount+0xf3/0x690 [ 89.270267][ T5356] path_mount+0x49b/0xb30 [ 89.274617][ T5356] __se_sys_mount+0x27c/0x2d0 [ 89.279374][ T5356] __x64_sys_mount+0x67/0x80 [ 89.283983][ T5356] x64_sys_call+0x203e/0x2d60 [ 89.288829][ T5356] do_syscall_64+0xc9/0x1c0 [ 89.293351][ T5356] ? clear_bhb_loop+0x55/0xb0 [ 89.298081][ T5356] ? clear_bhb_loop+0x55/0xb0 [ 89.302827][ T5356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.308844][ T5356] RIP: 0033:0x7fbd702e9ef9 [ 89.313273][ T5356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.332915][ T5356] RSP: 002b:00007fbd6ef61038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 89.341327][ T5356] RAX: ffffffffffffffda RBX: 00007fbd70485f80 RCX: 00007fbd702e9ef9 [ 89.349326][ T5356] RDX: 0000000020000040 RSI: 0000000020000000 RDI: 0000000000000000 [ 89.357309][ T5356] RBP: 00007fbd6ef61090 R08: 0000000020000100 R09: 0000000000000000 [ 89.365330][ T5356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.373432][ T5356] R13: 0000000000000000 R14: 00007fbd70485f80 R15: 00007ffd0b608418 [ 89.381590][ T5356] [ 89.434431][ T5360] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.510101][ T5360] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.744152][ T5378] loop3: detected capacity change from 0 to 8192 [ 89.896426][ T5384] FAULT_INJECTION: forcing a failure. [ 89.896426][ T5384] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 89.909857][ T5384] CPU: 0 UID: 0 PID: 5384 Comm: syz.3.438 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 89.920457][ T5384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 89.930520][ T5384] Call Trace: [ 89.933836][ T5384] [ 89.936759][ T5384] dump_stack_lvl+0xf2/0x150 [ 89.941393][ T5384] dump_stack+0x15/0x20 [ 89.945572][ T5384] should_fail_ex+0x229/0x230 [ 89.950319][ T5384] should_fail_alloc_page+0xfd/0x110 [ 89.955610][ T5384] __alloc_pages_noprof+0x109/0x360 [ 89.960822][ T5384] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 89.966237][ T5384] alloc_migration_target_by_mpol+0x118/0x220 [ 89.972379][ T5384] migrate_pages_batch+0x382/0x1ac0 [ 89.977650][ T5384] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 89.984254][ T5384] migrate_pages+0xed6/0x1810 [ 89.988958][ T5384] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 89.995597][ T5384] ? mbind_range+0x174/0x460 [ 90.000203][ T5384] __se_sys_mbind+0xf76/0x1160 [ 90.005034][ T5384] __x64_sys_mbind+0x78/0x90 [ 90.009634][ T5384] x64_sys_call+0x2b4d/0x2d60 [ 90.014341][ T5384] do_syscall_64+0xc9/0x1c0 [ 90.018851][ T5384] ? clear_bhb_loop+0x55/0xb0 [ 90.023586][ T5384] ? clear_bhb_loop+0x55/0xb0 [ 90.028309][ T5384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.034216][ T5384] RIP: 0033:0x7f401b789ef9 [ 90.038631][ T5384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.058347][ T5384] RSP: 002b:00007f401a401038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 90.066756][ T5384] RAX: ffffffffffffffda RBX: 00007f401b925f80 RCX: 00007f401b789ef9 [ 90.074724][ T5384] RDX: 0000000000000000 RSI: 0000000000c00000 RDI: 0000000020000000 [ 90.082705][ T5384] RBP: 00007f401a401090 R08: 0000000000000000 R09: 0000000000000002 [ 90.090752][ T5384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 90.098724][ T5384] R13: 0000000000000000 R14: 00007f401b925f80 R15: 00007ffe0f1d29b8 [ 90.106700][ T5384] [ 90.221206][ T5405] loop3: detected capacity change from 0 to 512 [ 90.229923][ T5405] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.242642][ T5405] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 90.255667][ T5410] FAULT_INJECTION: forcing a failure. [ 90.255667][ T5410] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 90.256863][ T5405] __nla_validate_parse: 2 callbacks suppressed [ 90.256877][ T5405] netlink: 4 bytes leftover after parsing attributes in process `syz.3.448'. [ 90.268735][ T5410] CPU: 0 UID: 0 PID: 5410 Comm: syz.2.449 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 90.268764][ T5410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 90.278250][ T5405] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5405 comm=syz.3.448 [ 90.283748][ T5410] Call Trace: [ 90.283757][ T5410] [ 90.322818][ T5410] dump_stack_lvl+0xf2/0x150 [ 90.327405][ T5410] dump_stack+0x15/0x20 [ 90.331632][ T5410] should_fail_ex+0x229/0x230 [ 90.336310][ T5410] should_fail+0xb/0x10 [ 90.340494][ T5410] should_fail_usercopy+0x1a/0x20 [ 90.345515][ T5410] _copy_from_iter+0xd3/0xb00 [ 90.350206][ T5410] ? kmalloc_reserve+0x16e/0x190 [ 90.355218][ T5410] ? __build_skb_around+0x196/0x1f0 [ 90.360544][ T5410] ? __alloc_skb+0x21f/0x310 [ 90.365140][ T5410] ? __virt_addr_valid+0x1ed/0x250 [ 90.370318][ T5410] ? __check_object_size+0x35b/0x510 [ 90.375772][ T5410] netlink_sendmsg+0x460/0x6e0 [ 90.380545][ T5410] ? __pfx_netlink_sendmsg+0x10/0x10 [ 90.385858][ T5410] __sock_sendmsg+0x140/0x180 [ 90.390616][ T5410] ____sys_sendmsg+0x312/0x410 [ 90.395479][ T5410] __sys_sendmsg+0x1e9/0x280 [ 90.400156][ T5410] __x64_sys_sendmsg+0x46/0x50 [ 90.404925][ T5410] x64_sys_call+0x2689/0x2d60 [ 90.409704][ T5410] do_syscall_64+0xc9/0x1c0 [ 90.414208][ T5410] ? clear_bhb_loop+0x55/0xb0 [ 90.418889][ T5410] ? clear_bhb_loop+0x55/0xb0 [ 90.423564][ T5410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.429519][ T5410] RIP: 0033:0x7fbd702e9ef9 [ 90.433927][ T5410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.453586][ T5410] RSP: 002b:00007fbd6ef61038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 90.462005][ T5410] RAX: ffffffffffffffda RBX: 00007fbd70485f80 RCX: 00007fbd702e9ef9 [ 90.469998][ T5410] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 90.477965][ T5410] RBP: 00007fbd6ef61090 R08: 0000000000000000 R09: 0000000000000000 [ 90.485938][ T5410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 90.493998][ T5410] R13: 0000000000000000 R14: 00007fbd70485f80 R15: 00007ffd0b608418 [ 90.501973][ T5410] [ 90.510842][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.744722][ T5435] serio: Serial port ptm0 [ 90.936199][ T5434] loop2: detected capacity change from 0 to 8192 [ 91.220467][ T5452] capability: warning: `syz.0.465' uses deprecated v2 capabilities in a way that may be insecure [ 91.231368][ T5452] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 91.474882][ T5464] FAULT_INJECTION: forcing a failure. [ 91.474882][ T5464] name failslab, interval 1, probability 0, space 0, times 0 [ 91.487627][ T5464] CPU: 0 UID: 0 PID: 5464 Comm: syz.0.470 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 91.498239][ T5464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 91.508311][ T5464] Call Trace: [ 91.511669][ T5464] [ 91.514608][ T5464] dump_stack_lvl+0xf2/0x150 [ 91.519272][ T5464] dump_stack+0x15/0x20 [ 91.523516][ T5464] should_fail_ex+0x229/0x230 [ 91.528217][ T5464] ? __alloc_skb+0x10b/0x310 [ 91.532824][ T5464] should_failslab+0x8f/0xb0 [ 91.532919][ T5464] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 91.532949][ T5464] __alloc_skb+0x10b/0x310 [ 91.533045][ T5464] netlink_alloc_large_skb+0xad/0xe0 [ 91.533066][ T5464] netlink_sendmsg+0x3b4/0x6e0 [ 91.533165][ T5464] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.533188][ T5464] __sock_sendmsg+0x140/0x180 [ 91.533220][ T5464] ____sys_sendmsg+0x312/0x410 [ 91.533249][ T5464] __sys_sendmsg+0x1e9/0x280 [ 91.533296][ T5464] __x64_sys_sendmsg+0x46/0x50 [ 91.533389][ T5464] x64_sys_call+0x2689/0x2d60 [ 91.533415][ T5464] do_syscall_64+0xc9/0x1c0 [ 91.533468][ T5464] ? clear_bhb_loop+0x55/0xb0 [ 91.533486][ T5464] ? clear_bhb_loop+0x55/0xb0 [ 91.533504][ T5464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.533536][ T5464] RIP: 0033:0x7f9172329ef9 [ 91.533550][ T5464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.533599][ T5464] RSP: 002b:00007f9170fa7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.533617][ T5464] RAX: ffffffffffffffda RBX: 00007f91724c5f80 RCX: 00007f9172329ef9 [ 91.533629][ T5464] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000005 [ 91.533640][ T5464] RBP: 00007f9170fa7090 R08: 0000000000000000 R09: 0000000000000000 [ 91.533652][ T5464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.533663][ T5464] R13: 0000000000000000 R14: 00007f91724c5f80 R15: 00007fff1c40f3d8 [ 91.533681][ T5464] [ 92.098285][ T5503] loop2: detected capacity change from 0 to 8192 [ 92.185647][ T5510] FAULT_INJECTION: forcing a failure. [ 92.185647][ T5510] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 92.198782][ T5510] CPU: 1 UID: 0 PID: 5510 Comm: syz.4.485 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 92.209416][ T5510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 92.219556][ T5510] Call Trace: [ 92.222843][ T5510] [ 92.225774][ T5510] dump_stack_lvl+0xf2/0x150 [ 92.230379][ T5510] dump_stack+0x15/0x20 [ 92.234595][ T5510] should_fail_ex+0x229/0x230 [ 92.239277][ T5510] should_fail+0xb/0x10 [ 92.243532][ T5510] should_fail_usercopy+0x1a/0x20 [ 92.248564][ T5510] _copy_from_user+0x1e/0xd0 [ 92.253221][ T5510] memdup_user+0x64/0xc0 [ 92.257491][ T5510] strndup_user+0x68/0xa0 [ 92.261861][ T5510] __se_sys_mount+0x4e/0x2d0 [ 92.266514][ T5510] ? __x64_sys_mount+0x45/0x80 [ 92.271373][ T5510] ? ksys_write+0x178/0x1b0 [ 92.275930][ T5510] __x64_sys_mount+0x67/0x80 [ 92.280528][ T5510] x64_sys_call+0x203e/0x2d60 [ 92.285239][ T5510] do_syscall_64+0xc9/0x1c0 [ 92.289746][ T5510] ? clear_bhb_loop+0x55/0xb0 [ 92.294472][ T5510] ? clear_bhb_loop+0x55/0xb0 [ 92.299171][ T5510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.305083][ T5510] RIP: 0033:0x7f73149b9ef9 [ 92.309497][ T5510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.329120][ T5510] RSP: 002b:00007f7313637038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 92.337523][ T5510] RAX: ffffffffffffffda RBX: 00007f7314b55f80 RCX: 00007f73149b9ef9 [ 92.345533][ T5510] RDX: 0000000020000080 RSI: 0000000020000300 RDI: 0000000000000000 [ 92.353589][ T5510] RBP: 00007f7313637090 R08: 0000000020000100 R09: 0000000000000000 [ 92.361571][ T5510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 92.369596][ T5510] R13: 0000000000000000 R14: 00007f7314b55f80 R15: 00007fff20910348 [ 92.377615][ T5510] [ 92.463755][ T5519] loop2: detected capacity change from 0 to 128 [ 92.470937][ T5519] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 92.517064][ T5519] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 92.525300][ T5519] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 92.564033][ T5529] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 92.572322][ T5529] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 92.596508][ T5533] 9pnet_fd: Insufficient options for proto=fd [ 92.879721][ T5557] loop2: detected capacity change from 0 to 128 [ 92.887883][ T5557] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 92.904206][ T29] kauditd_printk_skb: 599 callbacks suppressed [ 92.904220][ T29] audit: type=1400 audit(1724970291.006:3180): avc: denied { connect } for pid=5558 comm="syz.3.507" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 92.935236][ T5559] loop3: detected capacity change from 0 to 512 [ 92.957067][ T29] audit: type=1400 audit(1724970291.056:3181): avc: denied { unmount } for pid=4707 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 93.005221][ T29] audit: type=1400 audit(1724970291.066:3182): avc: denied { read } for pid=5556 comm="syz.2.506" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 93.024415][ T29] audit: type=1326 audit(1724970291.096:3183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5569 comm="syz.2.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 93.047950][ T29] audit: type=1326 audit(1724970291.096:3184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5569 comm="syz.2.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 93.071281][ T29] audit: type=1326 audit(1724970291.096:3185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5569 comm="syz.2.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 93.094599][ T29] audit: type=1326 audit(1724970291.096:3186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5569 comm="syz.2.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 93.146487][ T5575] loop2: detected capacity change from 0 to 512 [ 93.192051][ T5575] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.213108][ T5575] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.237228][ T5575] 9pnet_fd: Insufficient options for proto=fd [ 93.243412][ T29] audit: type=1400 audit(1724970291.336:3187): avc: denied { mounton } for pid=5574 comm="syz.2.511" path="/58/file1/file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 93.284023][ T4709] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.317033][ T29] audit: type=1326 audit(1724970291.416:3188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5584 comm="syz.2.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 93.340398][ T29] audit: type=1326 audit(1724970291.416:3189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5584 comm="syz.2.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 93.809101][ T5618] loop2: detected capacity change from 0 to 8192 [ 94.168878][ T5656] FAULT_INJECTION: forcing a failure. [ 94.168878][ T5656] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 94.182023][ T5656] CPU: 0 UID: 0 PID: 5656 Comm: syz.1.543 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 94.184914][ T5641] warn_alloc: 6 callbacks suppressed [ 94.184942][ T5641] syz.0.536: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 94.192598][ T5656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 94.197881][ T5641] ,cpuset=syz0 [ 94.210084][ T5656] Call Trace: [ 94.210094][ T5656] [ 94.220135][ T5641] ,mems_allowed=0 [ 94.223496][ T5656] dump_stack_lvl+0xf2/0x150 [ 94.226763][ T5641] [ 94.240310][ T5656] dump_stack+0x15/0x20 [ 94.244519][ T5656] should_fail_ex+0x229/0x230 [ 94.249198][ T5656] should_fail+0xb/0x10 [ 94.253421][ T5656] should_fail_usercopy+0x1a/0x20 [ 94.258447][ T5656] _copy_from_iter+0xd3/0xb00 [ 94.263123][ T5656] ? kmalloc_reserve+0x16e/0x190 [ 94.268167][ T5656] ? __build_skb_around+0x196/0x1f0 [ 94.273430][ T5656] ? __alloc_skb+0x21f/0x310 [ 94.278020][ T5656] ? __virt_addr_valid+0x1ed/0x250 [ 94.283144][ T5656] ? __check_object_size+0x35b/0x510 [ 94.288433][ T5656] netlink_sendmsg+0x460/0x6e0 [ 94.293222][ T5656] ? __pfx_netlink_sendmsg+0x10/0x10 [ 94.298507][ T5656] __sock_sendmsg+0x140/0x180 [ 94.303196][ T5656] ____sys_sendmsg+0x312/0x410 [ 94.307965][ T5656] __sys_sendmsg+0x1e9/0x280 [ 94.312618][ T5656] __x64_sys_sendmsg+0x46/0x50 [ 94.317407][ T5656] x64_sys_call+0x2689/0x2d60 [ 94.322160][ T5656] do_syscall_64+0xc9/0x1c0 [ 94.326729][ T5656] ? clear_bhb_loop+0x55/0xb0 [ 94.331409][ T5656] ? clear_bhb_loop+0x55/0xb0 [ 94.336129][ T5656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.342088][ T5656] RIP: 0033:0x7fdfe4c69ef9 [ 94.346607][ T5656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.366276][ T5656] RSP: 002b:00007fdfe38e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.374696][ T5656] RAX: ffffffffffffffda RBX: 00007fdfe4e05f80 RCX: 00007fdfe4c69ef9 [ 94.382666][ T5656] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003 [ 94.390638][ T5656] RBP: 00007fdfe38e1090 R08: 0000000000000000 R09: 0000000000000000 [ 94.398668][ T5656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.406636][ T5656] R13: 0000000000000000 R14: 00007fdfe4e05f80 R15: 00007ffcc2148e18 [ 94.414615][ T5656] [ 94.417640][ T5641] CPU: 1 UID: 0 PID: 5641 Comm: syz.0.536 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 94.428245][ T5641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 94.438313][ T5641] Call Trace: [ 94.441596][ T5641] [ 94.444572][ T5641] dump_stack_lvl+0xf2/0x150 [ 94.449267][ T5641] dump_stack+0x15/0x20 [ 94.453438][ T5641] warn_alloc+0x145/0x1b0 [ 94.457797][ T5641] ? __schedule+0x5fa/0x950 [ 94.462321][ T5641] ? __vmalloc_node_range_noprof+0x88/0xec0 [ 94.468235][ T5641] __vmalloc_node_range_noprof+0xaa/0xec0 [ 94.474009][ T5641] ? __pfx_futex_wake_mark+0x10/0x10 [ 94.479433][ T5641] ? __rcu_read_unlock+0x4e/0x70 [ 94.484386][ T5641] ? avc_has_perm_noaudit+0x1cc/0x210 [ 94.489831][ T5641] ? xskq_create+0x36/0xd0 [ 94.494283][ T5641] vmalloc_user_noprof+0x59/0x70 [ 94.499277][ T5641] ? xskq_create+0x79/0xd0 [ 94.503721][ T5641] xskq_create+0x79/0xd0 [ 94.507988][ T5641] xsk_init_queue+0x82/0xd0 [ 94.512551][ T5641] xsk_setsockopt+0x409/0x520 [ 94.517325][ T5641] ? __pfx_xsk_setsockopt+0x10/0x10 [ 94.522668][ T5641] __sys_setsockopt+0x1d8/0x250 [ 94.527622][ T5641] __x64_sys_setsockopt+0x66/0x80 [ 94.532663][ T5641] x64_sys_call+0x278d/0x2d60 [ 94.537364][ T5641] do_syscall_64+0xc9/0x1c0 [ 94.541898][ T5641] ? clear_bhb_loop+0x55/0xb0 [ 94.546601][ T5641] ? clear_bhb_loop+0x55/0xb0 [ 94.551290][ T5641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.557331][ T5641] RIP: 0033:0x7f9172329ef9 [ 94.561761][ T5641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.581478][ T5641] RSP: 002b:00007f9170fa7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 94.589944][ T5641] RAX: ffffffffffffffda RBX: 00007f91724c5f80 RCX: 00007f9172329ef9 [ 94.597926][ T5641] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000a [ 94.606052][ T5641] RBP: 00007f917239793e R08: 0000000000000020 R09: 0000000000000000 [ 94.614110][ T5641] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000000 [ 94.622096][ T5641] R13: 0000000000000000 R14: 00007f91724c5f80 R15: 00007fff1c40f3d8 [ 94.630086][ T5641] [ 94.633705][ T5641] Mem-Info: [ 94.637033][ T5641] active_anon:34882 inactive_anon:56 isolated_anon:0 [ 94.637033][ T5641] active_file:6383 inactive_file:17278 isolated_file:0 [ 94.637033][ T5641] unevictable:0 dirty:526 writeback:0 [ 94.637033][ T5641] slab_reclaimable:2639 slab_unreclaimable:14655 [ 94.637033][ T5641] mapped:31835 shmem:32258 pagetables:707 [ 94.637033][ T5641] sec_pagetables:0 bounce:0 [ 94.637033][ T5641] kernel_misc_reclaimable:0 [ 94.637033][ T5641] free:1874432 free_pcp:5735 free_cma:0 [ 94.682174][ T5641] Node 0 active_anon:133148kB inactive_anon:224kB active_file:25532kB inactive_file:69112kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:127340kB dirty:2104kB writeback:0kB shmem:122652kB writeback_tmp:0kB kernel_stack:2864kB pagetables:2712kB sec_pagetables:0kB all_unreclaimable? no [ 94.710621][ T5641] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 94.737822][ T5641] lowmem_reserve[]: 0 2866 7844 0 [ 94.742927][ T5641] Node 0 DMA32 free:2950336kB boost:0kB min:4136kB low:7068kB high:10000kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953968kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:3532kB free_cma:0kB [ 94.771744][ T5641] lowmem_reserve[]: 0 0 4978 0 [ 94.776556][ T5641] Node 0 Normal free:4531520kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB active_anon:129088kB inactive_anon:224kB active_file:25532kB inactive_file:69112kB unevictable:0kB writepending:2036kB present:5242880kB managed:5098208kB mlocked:0kB bounce:0kB free_pcp:29612kB local_pcp:7460kB free_cma:0kB [ 94.807574][ T5641] lowmem_reserve[]: 0 0 0 0 [ 94.812130][ T5641] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 94.824782][ T5641] Node 0 DMA32: 2*4kB (M) 1*8kB (M) 3*16kB (M) 2*32kB (M) 3*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 3*1024kB (M) 2*2048kB (M) 718*4096kB (M) = 2950336kB [ 94.840844][ T5641] Node 0 Normal: 2*4kB (ME) 2*8kB (ME) 2*16kB (ME) 1*32kB (U) 2*64kB (UM) 3*128kB (ME) 3*256kB (UME) 2*512kB (ME) 21*1024kB (U) 5*2048kB (UM) 1098*4096kB (UM) = 4531544kB [ 94.858148][ T5641] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 94.867523][ T5641] 50813 total pagecache pages [ 94.872224][ T5641] 56 pages in swap cache [ 94.876463][ T5641] Free swap = 124440kB [ 94.880689][ T5641] Total swap = 124996kB [ 94.884849][ T5641] 2097051 pages RAM [ 94.888684][ T5641] 0 pages HighMem/MovableOnly [ 94.893356][ T5641] 80167 pages reserved [ 94.934588][ T5669] loop2: detected capacity change from 0 to 512 [ 94.981982][ T5669] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 94.991416][ T5669] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.544: invalid indirect mapped block 2683928664 (level 1) [ 95.005650][ T5675] FAULT_INJECTION: forcing a failure. [ 95.005650][ T5675] name failslab, interval 1, probability 0, space 0, times 0 [ 95.018384][ T5675] CPU: 0 UID: 0 PID: 5675 Comm: syz.1.548 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 95.028981][ T5675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 95.039057][ T5675] Call Trace: [ 95.042333][ T5675] [ 95.045268][ T5675] dump_stack_lvl+0xf2/0x150 [ 95.049876][ T5675] dump_stack+0x15/0x20 [ 95.054112][ T5675] should_fail_ex+0x229/0x230 [ 95.058827][ T5675] ? _request_firmware+0x494/0x8c0 [ 95.064117][ T5675] should_failslab+0x8f/0xb0 [ 95.068876][ T5675] kmem_cache_alloc_noprof+0x4c/0x290 [ 95.074276][ T5675] ? prepare_kernel_cred+0x45d/0x650 [ 95.079577][ T5675] _request_firmware+0x494/0x8c0 [ 95.084591][ T5675] ? avc_has_perm_noaudit+0x1cc/0x210 [ 95.090045][ T5675] ? __rcu_read_unlock+0x4e/0x70 [ 95.095015][ T5675] request_firmware+0x36/0x50 [ 95.099716][ T5675] devlink_compat_flash_update+0xaf/0x1b0 [ 95.102798][ T5669] EXT4-fs (loop2): 1 truncate cleaned up [ 95.105438][ T5675] ? _raw_spin_unlock_irqrestore+0x2b/0x60 [ 95.111467][ T5669] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.116881][ T5675] dev_ethtool+0x138b/0x14c0 [ 95.133942][ T5675] ? __rcu_read_unlock+0x4e/0x70 [ 95.138915][ T5675] dev_ioctl+0x854/0xab0 [ 95.143171][ T5675] sock_do_ioctl+0x11c/0x260 [ 95.147793][ T5675] sock_ioctl+0x470/0x640 [ 95.152236][ T5675] ? __pfx_sock_ioctl+0x10/0x10 [ 95.157148][ T5675] __se_sys_ioctl+0xd3/0x150 [ 95.161804][ T5675] __x64_sys_ioctl+0x43/0x50 [ 95.166423][ T5675] x64_sys_call+0x15cc/0x2d60 [ 95.171171][ T5675] do_syscall_64+0xc9/0x1c0 [ 95.175697][ T5675] ? clear_bhb_loop+0x55/0xb0 [ 95.180386][ T5675] ? clear_bhb_loop+0x55/0xb0 [ 95.185079][ T5675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.191125][ T5675] RIP: 0033:0x7fdfe4c69ef9 [ 95.195547][ T5675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.215172][ T5675] RSP: 002b:00007fdfe38e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 95.223604][ T5675] RAX: ffffffffffffffda RBX: 00007fdfe4e05f80 RCX: 00007fdfe4c69ef9 [ 95.231590][ T5675] RDX: 0000000020000000 RSI: 0000000000008946 RDI: 0000000000000003 [ 95.239589][ T5675] RBP: 00007fdfe38e1090 R08: 0000000000000000 R09: 0000000000000000 [ 95.247683][ T5675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 95.255659][ T5675] R13: 0000000000000000 R14: 00007fdfe4e05f80 R15: 00007ffcc2148e18 [ 95.263644][ T5675] [ 95.267288][ T5675] netdevsim netdevsim1: Direct firmware load for . failed with error -12 [ 95.280629][ T5682] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 95.296998][ T5682] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 95.340127][ T5687] 9pnet_fd: Insufficient options for proto=fd [ 95.362897][ T5669] tmpfs: Unsupported parameter 'huge' [ 95.406899][ T4709] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.421890][ T5690] vhci_hcd: default hub control req: 0017 v0000 i0000 l0 [ 95.497243][ T5692] loop2: detected capacity change from 0 to 8192 [ 95.644453][ T5705] loop1: detected capacity change from 0 to 512 [ 95.651226][ T5705] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 95.662563][ T5705] EXT4-fs (loop1): 1 orphan inode deleted [ 95.668327][ T5705] EXT4-fs (loop1): 1 truncate cleaned up [ 95.674399][ T5705] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 95.716334][ T5710] loop4: detected capacity change from 0 to 128 [ 95.723435][ T5710] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 95.735669][ T4707] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.742288][ T5710] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 95.752803][ T5710] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 95.779137][ T5714] Cannot find del_set index 4 as target [ 95.908979][ T5728] 9pnet_fd: Insufficient options for proto=fd [ 96.036518][ T5738] loop3: detected capacity change from 0 to 1024 [ 96.054804][ T5738] EXT4-fs: Ignoring removed nobh option [ 96.060429][ T5738] EXT4-fs: Ignoring removed orlov option [ 96.079755][ T5738] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.123881][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.191003][ T5748] loop3: detected capacity change from 0 to 128 [ 96.203506][ T5748] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 96.222119][ T5748] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 96.230426][ T5748] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 96.344228][ T5743] loop4: detected capacity change from 0 to 512 [ 96.358699][ T5743] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 96.379590][ T5743] EXT4-fs (loop4): 1 orphan inode deleted [ 96.385394][ T5743] EXT4-fs (loop4): 1 truncate cleaned up [ 96.398718][ T5743] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.427579][ T5743] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 96.430159][ T5769] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.577'. [ 96.442483][ T5743] EXT4-fs (loop4): Remounting filesystem read-only [ 96.471652][ T5761] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.577'. [ 96.507962][ T4710] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.536134][ T5775] netlink: 8 bytes leftover after parsing attributes in process `syz.3.586'. [ 96.583577][ T5781] loop4: detected capacity change from 0 to 128 [ 96.594190][ T5781] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 96.615430][ T5781] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 96.623650][ T5781] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 96.679912][ T5783] loop2: detected capacity change from 0 to 8192 [ 96.727869][ T5775] netlink: 28 bytes leftover after parsing attributes in process `syz.3.586'. [ 96.752001][ T5785] loop4: detected capacity change from 0 to 8192 [ 96.947321][ T5803] loop4: detected capacity change from 0 to 512 [ 96.953964][ T5803] EXT4-fs: Ignoring removed nomblk_io_submit option [ 96.963763][ T5803] ext4: Bad value for 'inode_readahead_blks' [ 96.991055][ T5806] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition [ 97.001034][ T5806] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0) [ 97.004133][ T5797] loop3: detected capacity change from 0 to 512 [ 97.012980][ T5806] netlink: 666 bytes leftover after parsing attributes in process `syz.4.599'. [ 97.016859][ T5797] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 97.038203][ T5797] EXT4-fs (loop3): 1 orphan inode deleted [ 97.043996][ T5797] EXT4-fs (loop3): 1 truncate cleaned up [ 97.044112][ T5810] loop4: detected capacity change from 0 to 128 [ 97.051554][ T5797] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.057573][ T5810] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 97.072061][ T5797] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 97.093129][ T5797] EXT4-fs (loop3): Remounting filesystem read-only [ 97.109636][ T5810] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 97.117888][ T5810] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 97.146283][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.183248][ T5814] netlink: 28 bytes leftover after parsing attributes in process `syz.4.603'. [ 97.324408][ T5834] 9pnet_fd: Insufficient options for proto=fd [ 97.515146][ T5844] loop2: detected capacity change from 0 to 128 [ 97.522365][ T5844] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 97.584931][ T5844] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 97.593183][ T5844] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 97.627878][ T5847] loop4: detected capacity change from 0 to 8192 [ 97.704501][ T5838] loop3: detected capacity change from 0 to 512 [ 97.714080][ T5838] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 97.763953][ T5838] EXT4-fs (loop3): 1 orphan inode deleted [ 97.769793][ T5838] EXT4-fs (loop3): 1 truncate cleaned up [ 97.794109][ T5838] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.816575][ T5851] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 97.841084][ T5838] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 97.883083][ T5838] EXT4-fs (loop3): Remounting filesystem read-only [ 98.009997][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.051465][ T5866] loop4: detected capacity change from 0 to 8192 [ 98.154217][ T5872] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 98.242609][ T29] kauditd_printk_skb: 603 callbacks suppressed [ 98.242622][ T29] audit: type=1326 audit(1724970296.346:3793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5873 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b789ef9 code=0x7ffc0000 [ 98.272420][ T29] audit: type=1326 audit(1724970296.346:3794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5873 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b789ef9 code=0x7ffc0000 [ 98.295858][ T29] audit: type=1326 audit(1724970296.346:3795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5873 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f401b789ef9 code=0x7ffc0000 [ 98.319270][ T29] audit: type=1326 audit(1724970296.346:3796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5873 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b789ef9 code=0x7ffc0000 [ 98.342691][ T29] audit: type=1326 audit(1724970296.346:3797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5873 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b789ef9 code=0x7ffc0000 [ 98.366096][ T29] audit: type=1326 audit(1724970296.346:3798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5873 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7f401b789ef9 code=0x7ffc0000 [ 98.389473][ T29] audit: type=1326 audit(1724970296.346:3799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5873 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b789ef9 code=0x7ffc0000 [ 98.412791][ T29] audit: type=1326 audit(1724970296.346:3800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5873 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f401b789ef9 code=0x7ffc0000 [ 98.436141][ T29] audit: type=1326 audit(1724970296.346:3801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5873 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b789ef9 code=0x7ffc0000 [ 98.459417][ T29] audit: type=1326 audit(1724970296.346:3802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5873 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f401b789ef9 code=0x7ffc0000 [ 98.538815][ T5884] block device autoloading is deprecated and will be removed. [ 98.546424][ T5884] bio_check_eod: 13 callbacks suppressed [ 98.546434][ T5884] syz.3.632: attempt to access beyond end of device [ 98.546434][ T5884] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 98.957280][ T5897] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 98.985671][ T5891] loop4: detected capacity change from 0 to 512 [ 98.992462][ T5891] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 99.004141][ T5891] EXT4-fs (loop4): 1 orphan inode deleted [ 99.009926][ T5891] EXT4-fs (loop4): 1 truncate cleaned up [ 99.015915][ T5891] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.031146][ T5891] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 99.045738][ T5891] EXT4-fs (loop4): Remounting filesystem read-only [ 99.096029][ T4710] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.170359][ T5903] loop4: detected capacity change from 0 to 8192 [ 99.241276][ T5911] FAULT_INJECTION: forcing a failure. [ 99.241276][ T5911] name failslab, interval 1, probability 0, space 0, times 0 [ 99.254050][ T5911] CPU: 1 UID: 0 PID: 5911 Comm: syz.1.643 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 99.264739][ T5911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 99.274804][ T5911] Call Trace: [ 99.278119][ T5911] [ 99.281087][ T5911] dump_stack_lvl+0xf2/0x150 [ 99.285710][ T5911] dump_stack+0x15/0x20 [ 99.289914][ T5911] should_fail_ex+0x229/0x230 [ 99.294702][ T5911] ? __alloc_skb+0x10b/0x310 [ 99.299331][ T5911] should_failslab+0x8f/0xb0 [ 99.303987][ T5911] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 99.309827][ T5911] __alloc_skb+0x10b/0x310 [ 99.314236][ T5911] netlink_alloc_large_skb+0xad/0xe0 [ 99.319546][ T5911] netlink_sendmsg+0x3b4/0x6e0 [ 99.324307][ T5911] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.329586][ T5911] __sock_sendmsg+0x140/0x180 [ 99.334276][ T5911] ____sys_sendmsg+0x312/0x410 [ 99.339126][ T5911] __sys_sendmsg+0x1e9/0x280 [ 99.343732][ T5911] __x64_sys_sendmsg+0x46/0x50 [ 99.348588][ T5911] x64_sys_call+0x2689/0x2d60 [ 99.353382][ T5911] do_syscall_64+0xc9/0x1c0 [ 99.357876][ T5911] ? clear_bhb_loop+0x55/0xb0 [ 99.362579][ T5911] ? clear_bhb_loop+0x55/0xb0 [ 99.367253][ T5911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.373217][ T5911] RIP: 0033:0x7fdfe4c69ef9 [ 99.377650][ T5911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.397260][ T5911] RSP: 002b:00007fdfe38e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.405677][ T5911] RAX: ffffffffffffffda RBX: 00007fdfe4e05f80 RCX: 00007fdfe4c69ef9 [ 99.413644][ T5911] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003 [ 99.421674][ T5911] RBP: 00007fdfe38e1090 R08: 0000000000000000 R09: 0000000000000000 [ 99.429647][ T5911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.437667][ T5911] R13: 0000000000000000 R14: 00007fdfe4e05f80 R15: 00007ffcc2148e18 [ 99.446074][ T5911] [ 99.504036][ T5914] 9pnet_fd: Insufficient options for proto=fd [ 99.541150][ T5922] loop3: detected capacity change from 0 to 128 [ 99.548423][ T5922] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 99.588753][ T5922] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 99.596978][ T5922] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 99.793099][ T5935] loop4: detected capacity change from 0 to 512 [ 99.812141][ T5935] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 99.850377][ T5935] EXT4-fs (loop4): 1 orphan inode deleted [ 99.856125][ T5935] EXT4-fs (loop4): 1 truncate cleaned up [ 99.862780][ T5937] loop3: detected capacity change from 0 to 8192 [ 99.862802][ T5935] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.020738][ T4710] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.156740][ T5961] netlink: 68 bytes leftover after parsing attributes in process `syz.4.665'. [ 100.271004][ T5971] loop4: detected capacity change from 0 to 256 [ 100.305385][ T5964] loop3: detected capacity change from 0 to 512 [ 100.312737][ T5964] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 100.325330][ T5964] EXT4-fs (loop3): 1 orphan inode deleted [ 100.331189][ T5964] EXT4-fs (loop3): 1 truncate cleaned up [ 100.337381][ T5964] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.365292][ T5964] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 100.392272][ T5964] EXT4-fs (loop3): Remounting filesystem read-only [ 100.472343][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.492530][ T5997] loop3: detected capacity change from 0 to 128 [ 100.504958][ T5997] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 100.531516][ T5997] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 100.539815][ T5997] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 100.610962][ T6009] loop3: detected capacity change from 0 to 8192 [ 100.761201][ T6029] netlink: 32 bytes leftover after parsing attributes in process `syz.2.694'. [ 100.770193][ T6029] FAULT_INJECTION: forcing a failure. [ 100.770193][ T6029] name failslab, interval 1, probability 0, space 0, times 0 [ 100.782849][ T6029] CPU: 1 UID: 0 PID: 6029 Comm: syz.2.694 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 100.793479][ T6029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 100.803536][ T6029] Call Trace: [ 100.806807][ T6029] [ 100.809741][ T6029] dump_stack_lvl+0xf2/0x150 [ 100.814410][ T6029] dump_stack+0x15/0x20 [ 100.818569][ T6029] should_fail_ex+0x229/0x230 [ 100.823293][ T6029] ? __alloc_skb+0x10b/0x310 [ 100.827888][ T6029] should_failslab+0x8f/0xb0 [ 100.832304][ T6031] loop4: detected capacity change from 0 to 512 [ 100.832490][ T6029] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 100.843259][ T6032] loop3: detected capacity change from 0 to 128 [ 100.844600][ T6029] ? __rtnl_unlock+0x99/0xb0 [ 100.851826][ T6031] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 100.855483][ T6029] __alloc_skb+0x10b/0x310 [ 100.867200][ T6032] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 100.869762][ T6029] netlink_ack+0xef/0x4f0 [ 100.884380][ T6029] ? __dev_queue_xmit+0x161/0x1fe0 [ 100.889508][ T6029] netlink_rcv_skb+0x19c/0x230 [ 100.894279][ T6029] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 100.899800][ T6029] rtnetlink_rcv+0x1c/0x30 [ 100.904231][ T6029] netlink_unicast+0x599/0x670 [ 100.909039][ T6029] netlink_sendmsg+0x5cc/0x6e0 [ 100.913862][ T6029] ? __pfx_netlink_sendmsg+0x10/0x10 [ 100.919182][ T6029] __sock_sendmsg+0x140/0x180 [ 100.923872][ T6029] ____sys_sendmsg+0x312/0x410 [ 100.928703][ T6029] __sys_sendmsg+0x1e9/0x280 [ 100.933357][ T6029] __x64_sys_sendmsg+0x46/0x50 [ 100.938210][ T6029] x64_sys_call+0x2689/0x2d60 [ 100.942891][ T6029] do_syscall_64+0xc9/0x1c0 [ 100.947844][ T6029] ? clear_bhb_loop+0x55/0xb0 [ 100.952538][ T6029] ? clear_bhb_loop+0x55/0xb0 [ 100.957224][ T6029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.963138][ T6029] RIP: 0033:0x7fbd702e9ef9 [ 100.967551][ T6029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.987239][ T6029] RSP: 002b:00007fbd6ef61038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 100.995704][ T6029] RAX: ffffffffffffffda RBX: 00007fbd70485f80 RCX: 00007fbd702e9ef9 [ 101.003669][ T6029] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 101.011640][ T6029] RBP: 00007fbd6ef61090 R08: 0000000000000000 R09: 0000000000000000 [ 101.019659][ T6029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 101.027673][ T6029] R13: 0000000000000000 R14: 00007fbd70485f80 R15: 00007ffd0b608418 [ 101.035644][ T6029] [ 101.046794][ T6031] EXT4-fs (loop4): 1 orphan inode deleted [ 101.052668][ T6031] EXT4-fs (loop4): 1 truncate cleaned up [ 101.059764][ T6031] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.076942][ T6030] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 101.085221][ T6030] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 101.132913][ T4710] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.254237][ T6045] program syz.4.699 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 101.382992][ T6048] loop0: detected capacity change from 0 to 512 [ 101.390365][ T6048] EXT4-fs: Ignoring removed nomblk_io_submit option [ 101.397976][ T6048] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 101.405973][ T6048] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=1842c01c, mo2=0002] [ 101.428423][ T6048] EXT4-fs (loop0): couldn't mount RDWR because of unsupported optional features (80) [ 101.437927][ T6048] EXT4-fs (loop0): Skipping orphan cleanup due to unknown ROCOMPAT features [ 101.447260][ T6048] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 101.472639][ T4700] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.535960][ T6069] loop0: detected capacity change from 0 to 2048 [ 101.545190][ T6076] loop4: detected capacity change from 0 to 2048 [ 101.552518][ T6076] EXT4-fs: Ignoring removed orlov option [ 101.561280][ T6076] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.570521][ T6069] Alternate GPT is invalid, using primary GPT. [ 101.579688][ T6069] loop0: p1 p2 p3 [ 101.591612][ T6069] random: crng reseeded on system resumption [ 101.696399][ T6157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 101.705635][ T6157] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.075486][ T6195] loop2: detected capacity change from 0 to 512 [ 102.082556][ T6195] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 102.093287][ T4710] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.094561][ T6195] EXT4-fs (loop2): 1 orphan inode deleted [ 102.108012][ T6195] EXT4-fs (loop2): 1 truncate cleaned up [ 102.114062][ T6195] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.128552][ T6195] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 102.143251][ T6195] EXT4-fs (loop2): Remounting filesystem read-only [ 102.181247][ T6220] loop4: detected capacity change from 0 to 8192 [ 102.197113][ T4709] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.220523][ T6222] program syz.2.711 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 102.254001][ T6224] loop0: detected capacity change from 0 to 2048 [ 102.300562][ T6224] Alternate GPT is invalid, using primary GPT. [ 102.306940][ T6224] loop0: p1 p2 p3 [ 102.337419][ T6224] random: crng reseeded on system resumption [ 102.338498][ T6230] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 102.678321][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 102.744627][ T6250] loop4: detected capacity change from 0 to 128 [ 102.752344][ T6250] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 102.830774][ T6252] 9pnet_fd: Insufficient options for proto=fd [ 103.413910][ T6255] loop0: detected capacity change from 0 to 1024 [ 103.427746][ T6255] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.452389][ T4700] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.461120][ T6259] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 103.552855][ T6264] program syz.1.727 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 103.678267][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.690535][ T6268] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 103.699074][ T6268] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 104.123155][ T6270] 9pnet_fd: Insufficient options for proto=fd [ 104.294486][ T6277] loop1: detected capacity change from 0 to 2048 [ 104.301366][ T6277] EXT4-fs: Ignoring removed orlov option [ 104.334838][ T6277] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.621533][ T6296] loop0: detected capacity change from 0 to 512 [ 104.629663][ T6296] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 104.642902][ T6296] EXT4-fs (loop0): 1 orphan inode deleted [ 104.648716][ T6296] EXT4-fs (loop0): 1 truncate cleaned up [ 104.655860][ T6296] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.671533][ T6296] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 104.686151][ T6296] EXT4-fs (loop0): Remounting filesystem read-only [ 104.694739][ T6296] warn_alloc: 9 callbacks suppressed [ 104.694752][ T6296] syz.0.731: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0 [ 104.714902][ T6296] CPU: 0 UID: 0 PID: 6296 Comm: syz.0.731 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 104.725512][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 104.735666][ T6296] Call Trace: [ 104.738956][ T6296] [ 104.741909][ T6296] dump_stack_lvl+0xf2/0x150 [ 104.746576][ T6296] dump_stack+0x15/0x20 [ 104.750766][ T6296] warn_alloc+0x145/0x1b0 [ 104.755198][ T6296] ? __vmalloc_node_range_noprof+0x88/0xec0 [ 104.761179][ T6296] __vmalloc_node_range_noprof+0xaa/0xec0 [ 104.767049][ T6296] ? ttwu_do_activate+0x1c7/0x200 [ 104.772116][ T6296] ? __rcu_read_unlock+0x4e/0x70 [ 104.777109][ T6296] ? avc_has_perm_noaudit+0x1cc/0x210 [ 104.782523][ T6296] ? xskq_create+0x36/0xd0 [ 104.786986][ T6296] vmalloc_user_noprof+0x59/0x70 [ 104.791947][ T6296] ? xskq_create+0x79/0xd0 [ 104.796457][ T6296] xskq_create+0x79/0xd0 [ 104.800794][ T6296] xsk_init_queue+0x82/0xd0 [ 104.805338][ T6296] xsk_setsockopt+0x409/0x520 [ 104.810058][ T6296] ? __pfx_xsk_setsockopt+0x10/0x10 [ 104.815329][ T6296] __sys_setsockopt+0x1d8/0x250 [ 104.820281][ T6296] __x64_sys_setsockopt+0x66/0x80 [ 104.825329][ T6296] x64_sys_call+0x278d/0x2d60 [ 104.830030][ T6296] do_syscall_64+0xc9/0x1c0 [ 104.834598][ T6296] ? clear_bhb_loop+0x55/0xb0 [ 104.839641][ T6296] ? clear_bhb_loop+0x55/0xb0 [ 104.844585][ T6296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.850558][ T6296] RIP: 0033:0x7f9172329ef9 [ 104.854984][ T6296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.874608][ T6296] RSP: 002b:00007f9170fa7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 104.883035][ T6296] RAX: ffffffffffffffda RBX: 00007f91724c5f80 RCX: 00007f9172329ef9 [ 104.891016][ T6296] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000b [ 104.899063][ T6296] RBP: 00007f917239793e R08: 0000000000000020 R09: 0000000000000000 [ 104.907096][ T6296] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000000 [ 104.915074][ T6296] R13: 0000000000000000 R14: 00007f91724c5f80 R15: 00007fff1c40f3d8 [ 104.923081][ T6296] [ 104.926170][ T6296] Mem-Info: [ 104.929293][ T6296] active_anon:13511 inactive_anon:58 isolated_anon:0 [ 104.929293][ T6296] active_file:6383 inactive_file:17289 isolated_file:0 [ 104.929293][ T6296] unevictable:0 dirty:56 writeback:0 [ 104.929293][ T6296] slab_reclaimable:2607 slab_unreclaimable:15397 [ 104.929293][ T6296] mapped:23838 shmem:3419 pagetables:743 [ 104.929293][ T6296] sec_pagetables:0 bounce:0 [ 104.929293][ T6296] kernel_misc_reclaimable:0 [ 104.929293][ T6296] free:1894508 free_pcp:6158 free_cma:0 [ 104.974154][ T6296] Node 0 active_anon:54044kB inactive_anon:232kB active_file:25532kB inactive_file:69156kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:95352kB dirty:224kB writeback:0kB shmem:13676kB writeback_tmp:0kB kernel_stack:2976kB pagetables:2972kB sec_pagetables:0kB all_unreclaimable? no [ 105.002188][ T6296] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 105.029024][ T6296] lowmem_reserve[]: 0 2866 7844 0 [ 105.034125][ T6296] Node 0 DMA32 free:2950336kB boost:0kB min:4136kB low:7068kB high:10000kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953968kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:100kB free_cma:0kB [ 105.062859][ T6296] lowmem_reserve[]: 0 0 4978 0 [ 105.067825][ T6296] Node 0 Normal free:4612336kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB active_anon:54044kB inactive_anon:232kB active_file:25532kB inactive_file:69156kB unevictable:0kB writepending:224kB present:5242880kB managed:5098208kB mlocked:0kB bounce:0kB free_pcp:20524kB local_pcp:8380kB free_cma:0kB [ 105.098159][ T6296] lowmem_reserve[]: 0 0 0 0 [ 105.102708][ T6296] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 105.115427][ T6296] Node 0 DMA32: 2*4kB (M) 1*8kB (M) 3*16kB (M) 2*32kB (M) 3*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 3*1024kB (M) 2*2048kB (M) 718*4096kB (M) = 2950336kB [ 105.131609][ T6296] Node 0 Normal: 3*4kB (ME) 10*8kB (U) 87*16kB (UME) 21*32kB (UE) 22*64kB (UME) 8*128kB (UE) 5*256kB (UME) 42*512kB (UME) 37*1024kB (UM) 8*2048kB (UM) 1106*4096kB (UM) = 4611820kB [ 105.149769][ T6296] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 105.159131][ T6296] 27150 total pagecache pages [ 105.163897][ T6296] 59 pages in swap cache [ 105.168233][ T6296] Free swap = 124440kB [ 105.172388][ T6296] Total swap = 124996kB [ 105.176599][ T6296] 2097051 pages RAM [ 105.180435][ T6296] 0 pages HighMem/MovableOnly [ 105.185124][ T6296] 80167 pages reserved [ 105.249687][ T4700] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.417783][ T4707] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.478587][ T6429] loop0: detected capacity change from 0 to 8192 [ 105.489790][ T6434] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 105.600592][ T6441] program syz.0.738 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 105.693438][ T6449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 105.702403][ T6449] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 105.891467][ T6453] loop0: detected capacity change from 0 to 512 [ 105.899327][ T6453] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 105.911227][ T6453] EXT4-fs (loop0): 1 orphan inode deleted [ 105.916969][ T6453] EXT4-fs (loop0): 1 truncate cleaned up [ 105.925013][ T6453] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.939719][ T6453] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 105.954303][ T6453] EXT4-fs (loop0): Remounting filesystem read-only [ 105.960931][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 106.012817][ T4700] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.063536][ T6465] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 106.130770][ T6475] loop4: detected capacity change from 0 to 2048 [ 106.137415][ T6475] EXT4-fs: Ignoring removed orlov option [ 106.152910][ T6475] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.270617][ T6492] loop2: detected capacity change from 0 to 8192 [ 106.292018][ T6498] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 106.434214][ T6521] program syz.2.753 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 106.508354][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 106.558331][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 106.721330][ T6555] 9pnet_fd: Insufficient options for proto=fd [ 106.891052][ T6552] loop2: detected capacity change from 0 to 512 [ 106.897997][ T6552] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 106.910751][ T6552] EXT4-fs (loop2): 1 orphan inode deleted [ 106.916490][ T6552] EXT4-fs (loop2): 1 truncate cleaned up [ 106.922892][ T6552] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.949118][ T6552] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 106.965523][ T6552] EXT4-fs (loop2): Remounting filesystem read-only [ 107.061656][ T4709] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.081745][ T6592] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 107.091900][ T6592] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 107.281640][ T6618] loop3: detected capacity change from 0 to 8192 [ 107.374188][ T6638] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 107.492840][ T4710] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.513431][ T6660] program syz.4.766 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 107.778274][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.794338][ T6668] loop2: detected capacity change from 0 to 512 [ 107.801900][ T6668] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 107.813128][ T6668] EXT4-fs (loop2): 1 orphan inode deleted [ 107.818894][ T6668] EXT4-fs (loop2): 1 truncate cleaned up [ 107.826299][ T6668] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 107.840802][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.850558][ T6668] EXT4-fs (loop2): Remounting filesystem read-only [ 107.887934][ T6674] 9pnet_fd: Insufficient options for proto=fd [ 108.241984][ T6682] loop2: detected capacity change from 0 to 512 [ 108.249485][ T6682] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 108.261000][ T6682] EXT4-fs (loop2): 1 orphan inode deleted [ 108.266753][ T6682] EXT4-fs (loop2): 1 truncate cleaned up [ 108.275485][ T6682] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 108.289995][ T6682] EXT4-fs (loop2): Remounting filesystem read-only [ 108.328596][ T6686] loop3: detected capacity change from 0 to 1024 [ 108.365014][ T6689] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 108.390690][ T6695] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 108.399277][ T6695] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 108.462548][ T6697] program syz.2.778 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 108.878306][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 108.940648][ T6706] loop2: detected capacity change from 0 to 512 [ 108.947546][ T6706] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 108.964873][ T6706] EXT4-fs (loop2): 1 orphan inode deleted [ 108.970683][ T6706] EXT4-fs (loop2): 1 truncate cleaned up [ 108.977879][ T6706] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 108.992353][ T6706] EXT4-fs (loop2): Remounting filesystem read-only [ 109.093784][ T6720] loop2: detected capacity change from 0 to 1024 [ 109.141762][ T6725] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 109.203956][ T6727] program syz.2.789 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 109.347275][ T29] kauditd_printk_skb: 445 callbacks suppressed [ 109.347291][ T29] audit: type=1326 audit(1724970307.446:4248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6731 comm="syz.2.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 109.377037][ T29] audit: type=1326 audit(1724970307.446:4249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6731 comm="syz.2.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 109.400564][ T29] audit: type=1326 audit(1724970307.446:4250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6731 comm="syz.2.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 109.423932][ T29] audit: type=1326 audit(1724970307.446:4251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6731 comm="syz.2.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 109.447256][ T29] audit: type=1326 audit(1724970307.446:4252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6731 comm="syz.2.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 109.470582][ T29] audit: type=1326 audit(1724970307.446:4253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6731 comm="syz.2.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 109.493896][ T29] audit: type=1326 audit(1724970307.446:4254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6731 comm="syz.2.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 109.517292][ T29] audit: type=1326 audit(1724970307.446:4255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6731 comm="syz.2.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 109.540553][ T29] audit: type=1326 audit(1724970307.446:4256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6731 comm="syz.2.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 109.563853][ T29] audit: type=1326 audit(1724970307.446:4257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6731 comm="syz.2.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fbd702e9ef9 code=0x7ffc0000 [ 109.669902][ T6734] netlink: 9 bytes leftover after parsing attributes in process `syz.2.792'. [ 109.678808][ T6734] 1·X: renamed from c0·X (while UP) [ 109.685605][ T6734] A link change request failed with some changes committed already. Interface c1·X may have been left with an inconsistent configuration, please check. [ 109.789258][ T6743] loop2: detected capacity change from 0 to 128 [ 109.796364][ T6743] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 109.817290][ T6743] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 109.825592][ T6743] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 109.879295][ T6741] loop0: detected capacity change from 0 to 512 [ 109.886030][ T6741] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 109.899765][ T6741] EXT4-fs (loop0): 1 orphan inode deleted [ 109.905528][ T6741] EXT4-fs (loop0): 1 truncate cleaned up [ 109.911746][ T6741] EXT4-fs mount: 10 callbacks suppressed [ 109.911799][ T6741] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.916339][ T6751] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 109.918976][ T6741] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 109.958233][ T6741] EXT4-fs (loop0): Remounting filesystem read-only [ 110.030470][ T6760] loop2: detected capacity change from 0 to 128 [ 110.037379][ T6758] program syz.1.801 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 110.048997][ T4700] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.058169][ T6760] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 110.110549][ T6767] 9pnet_fd: Insufficient options for proto=fd [ 110.165893][ T6773] loop3: detected capacity change from 0 to 128 [ 110.174705][ T6773] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 110.225869][ T6773] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 110.234092][ T6773] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 110.267155][ T6778] loop3: detected capacity change from 0 to 128 [ 110.274189][ T6778] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 110.406239][ T6790] loop3: detected capacity change from 0 to 2048 [ 110.429675][ T6790] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.443191][ T6790] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.461020][ T6790] netlink: 12 bytes leftover after parsing attributes in process `syz.3.814'. [ 110.686589][ T6794] loop3: detected capacity change from 0 to 512 [ 110.693550][ T6794] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 110.704719][ T6794] EXT4-fs (loop3): 1 orphan inode deleted [ 110.710542][ T6794] EXT4-fs (loop3): 1 truncate cleaned up [ 110.716637][ T6794] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.729872][ T6794] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 110.744373][ T6794] EXT4-fs (loop3): Remounting filesystem read-only [ 110.789427][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.813230][ T6798] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 110.997520][ T6808] program syz.2.820 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 111.065568][ T6811] loop4: detected capacity change from 0 to 128 [ 111.082010][ T6811] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 111.197566][ T6813] netlink: 9 bytes leftover after parsing attributes in process `syz.4.822'. [ 111.218480][ T6813] 0·X: renamed from hsr0 (while UP) [ 111.236588][ T6813] 0·X: entered allmulticast mode [ 111.241585][ T6813] hsr_slave_0: entered allmulticast mode [ 111.247226][ T6813] hsr_slave_1: entered allmulticast mode [ 111.260024][ T6813] A link change request failed with some changes committed already. Interface c0·X may have been left with an inconsistent configuration, please check. [ 111.279531][ T6821] loop2: detected capacity change from 0 to 256 [ 111.347149][ T6828] ================================================================== [ 111.355260][ T6828] BUG: KCSAN: data-race in __mark_inode_dirty / __mark_inode_dirty [ 111.363192][ T6828] [ 111.365523][ T6828] write to 0xffff888106a1ca28 of 8 bytes by task 6821 on cpu 1: [ 111.373158][ T6828] __mark_inode_dirty+0x117/0x7e0 [ 111.378208][ T6828] generic_file_direct_write+0x1b5/0x200 [ 111.383859][ T6828] __generic_file_write_iter+0xae/0x120 [ 111.389416][ T6828] generic_file_write_iter+0x7d/0x1d0 [ 111.394792][ T6828] iter_file_splice_write+0x5e6/0x970 [ 111.400193][ T6828] direct_splice_actor+0x16c/0x2c0 [ 111.405319][ T6828] splice_direct_to_actor+0x305/0x670 [ 111.410793][ T6828] do_splice_direct+0xd7/0x150 [ 111.415581][ T6828] do_sendfile+0x3ab/0x950 [ 111.420003][ T6828] __x64_sys_sendfile64+0x110/0x150 [ 111.425226][ T6828] x64_sys_call+0xed5/0x2d60 [ 111.429820][ T6828] do_syscall_64+0xc9/0x1c0 [ 111.434335][ T6828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.440247][ T6828] [ 111.442599][ T6828] read to 0xffff888106a1ca28 of 8 bytes by task 6828 on cpu 0: [ 111.450150][ T6828] __mark_inode_dirty+0x19f/0x7e0 [ 111.455202][ T6828] fat_update_time+0x1f5/0x210 [ 111.459984][ T6828] touch_atime+0x14f/0x350 [ 111.464617][ T6828] filemap_splice_read+0x8b0/0x920 [ 111.466589][ T6827] 9pnet_fd: Insufficient options for proto=fd [ 111.469752][ T6828] splice_direct_to_actor+0x26c/0x670 [ 111.469795][ T6828] do_splice_direct+0xd7/0x150 [ 111.469835][ T6828] do_sendfile+0x3ab/0x950 [ 111.469854][ T6828] __x64_sys_sendfile64+0x110/0x150 [ 111.469891][ T6828] x64_sys_call+0xed5/0x2d60 [ 111.469923][ T6828] do_syscall_64+0xc9/0x1c0 [ 111.469948][ T6828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.469991][ T6828] [ 111.469995][ T6828] value changed: 0x0000000000000800 -> 0x0000000000000080 [ 111.470008][ T6828] [ 111.470013][ T6828] Reported by Kernel Concurrency Sanitizer on: [ 111.470022][ T6828] CPU: 0 UID: 0 PID: 6828 Comm: syz.2.824 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 111.470053][ T6828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 111.470069][ T6828] ================================================================== [ 111.487581][ T6825] loop3: detected capacity change from 0 to 512 [ 111.566618][ T6825] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 111.578232][ T6825] EXT4-fs (loop3): 1 orphan inode deleted [ 111.583981][ T6825] EXT4-fs (loop3): 1 truncate cleaned up [ 111.590764][ T6825] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.597163][ T6821] SET target dimension over the limit! [ 111.628070][ T6825] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 111.642730][ T6821] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.652851][ T6825] EXT4-fs (loop3): Remounting filesystem read-only [ 111.664978][ T6821] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.787279][ T4715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.