last executing test programs: 3.167047182s ago: executing program 2 (id=3160): perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setuid(r1) r2 = add_key$keyring(&(0x7f00000006c0), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) add_key(&(0x7f00000003c0)='dns_resolver\x00', &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000080)="00000102", 0xfffff, r2) 3.151922623s ago: executing program 2 (id=3161): perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0x0, 0x3, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) 3.06618859s ago: executing program 2 (id=3163): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="200000001a1401"], 0x20}}, 0x0) (fail_nth: 4) 3.06453803s ago: executing program 2 (id=3165): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000002ff9), 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3804402, &(0x7f0000000600)={[{@user_xattr}, {@data_err_abort}, {@resuid}, {@errors_remount}, {@norecovery}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b1}}, {@stripe={'stripe', 0x3d, 0x3}}, {@noinit_itable}, {@nomblk_io_submit}, {@grpquota}, {@nogrpid}]}, 0x1, 0x54f, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbZdnamc8HbnvOvTc995t7v6fn5iQkgKE1kf0oRLwcEd8kEQfbto1GvnFibb/V+1dnsyWJRuPTv5JI8nWt/ZP89/688lJE/PZVxPHCxnZryysLpXI5Xczrk/XKpcna8sqJC5XSfDqfXpyemTn19sz0e+++M7BY3zj7z/ef3P7w1NdHV7/75e6hm0mcjgP5tvY4nsC19spETOTPyVicfmTHqQE0tpMk230A9GUkz/OxyPqAgzGSZz3w//dlRDSAIZXIfxhSrXFA695+QPfBz417H6zdAG2Mf3TttZHY07w32reaPHRnlN3vjg+g/ayNX/+8dTNbYnCvQwBs6dr1iDg5Orqx/0vy/q9/J3vY59E29H/w7NzOxj9vdhr/FNbHP9Fh/LO/Q+72Y+v8L9wdQDNdZeO/9zuOf9cnrcZH8toLzTHfWHL+QjnN+rYXI+JYjO3O6pvN55xavdPotq19/JctWfutsWB+HHdHdz/8mLlSvfQkMbe7dz3ilY7j32T9/Ccdzn/2fJztsY0j6a3Xum3bOv6nq/FTxOsdz/+DGa1k8/nJyeb1MNm6Kjb6+8aR37u1v93xZ+d/3+bxjyft87W1x2/jxz3/pt229Xv970o+a5Z35euulOr1xamIXcnHG9dPP3hsq97aP4v/2NHN+79O1//eiPi8x/hvHP751f7jf7qy+Oce6/w/fuHOR1/80K393s7/W83SsXxNL/1frwf4JM8dAAAAAAAA7DSFiDgQSaG4Xi4UisW193ccjn2FcrVWP36+unRxLpqflR2PsUJrpvtg2/shpvL3w7bq04/UZyLiUER8O7K3WS/OVstz2x08AAAAAAAAAAAAAAAAAAAA7BD7u3z+P/PHyHYfHfDU+cpvGF5b5v8gvukJ2JH8/4fhJf9heMl/GF7yH4aX/IfhJf9heMl/GF7yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbq7Jkz2dJYvX91NqvPXV5eWqhePjGX1haKlaXZ4mx18VJxvlqdL6fF2Wplq79XrlYvTU3H0pXJelqrT9aWV85VqksX6+cuVErz6bl07JlEBQAAAAAAAAAAAAAAAAAAAM+X2vLKQqlcThcVFPoqjO6Mw1AYcGG7eyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOC/AAAA///ktDiZ") syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x0, &(0x7f00000003c0)={[{@user_xattr}, {@noquota}, {@barrier_val={'barrier', 0x3d, 0x6}}, {@sysvgroups}, {@block_validity}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b1}}, {@stripe={'stripe', 0x3d, 0x20}}, {@bsdgroups}, {@max_batch_time={'max_batch_time', 0x3d, 0x3fe}}, {@user_xattr}, {@nodiscard}]}, 0x1, 0x562, &(0x7f0000001080)="$eJzs3c1rHOUfAPDvbHb7/vs1hVJURAI9WKndNIkvFTzUo2ixoPe6JNNQsumW7KY0sWB7sBcvUgQRC+Jd7x6L/4B/RUELRUrQg5fIbGbTbbObt26abffzgWmfZ2aSZ77zzPfJMzu7bAADayT7pxDxckR8k0QcbttWjHzjyMp+Sw+vT2ZLEsvLn/6VRJKva+2f5P8fzCsvRcRvX0WcLKxtt76wOFOpVtO5vD7amL0yWl9YPHVptjKdTqeXxycmzrw9Mf7eu+/0LNY3zv/z/Sd3Pzzz9fGl7365f+R2EmfjUL6tPY6ncKO9MhIj+TkpxdkndhzrQWP9JNntA2BbhvI8L0U2BhwutbIeePF9GRHLwIBKtpj/e40X8IJozQNa9/Y9ug9+bjz4YOUGaG38xZXXRmJf897owFLy2J1Rdr873IP2szZ+/fPO7WyJ3r0OAbChGzcj4nSxuHb8S/Lxb/tOb2KfJ9sw/sGzczeb/7zZaf5TWJ3/RIf5z8EOubsdG+d/4X4Pmukqm/+933H+u/rQangor/2vOecrJRcvVdNsbPt/RJyI0t6svt7znDNL95a7bWuf/2VL1n5rLpgfx/3i3sd/ZqrSqDxNzO0e3Ix4peP8N1nt/6RD/2fn4/wm2ziW3nmt27aN499Zyz9FvN6x/x890UrWfz452rweRltXxVp/3zr2e7f2dzv+rP8PrB//cNL+vLa+9TZ+3Pdv2m3bdq//PclnzfKefN21SqMxNxaxJ/l47frxRz/bqrf2z+I/cXz98a/T9b8/Ij7fZPy3jv786vbj31lZ/FNb6v+tF+599MUP3drfXP+/1SydyNdsZvzb7AE+zbkDAAAAAACAflOIiEORFMqr5UKhXF55f8fROFCo1uqNkxdr85enovlZ2eEoFVpPug+3vR9iLH8/bKs+/kR9IiKORMS3Q/ub9fJkrTq128EDAAAAAAAAAAAAAAAAAABAnzjY5fP/mT+GdvvogB3nK79hcG2Y/734piegL/n7D4NL/sPgkv8wuOQ/DC75D4NL/sPgkv8wuOQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAA9NT5c+eyZXnp4fXJrD51dWF+pnb11FRanynPzk+WJ2tzV8rTtdp0NS1P1mY3+n3VWu3K2HjMXxttpPXGaH1h8cJsbf5y48Kl2cp0eiEtPZOoAAAAAAAAAAAAAAAAAAAA4PlSX1icqVSr6VyPCoWI6OkvVFhTyPrtRrFfznOxPw5DoceF3R6ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCR/wIAAP//f14x3A==") open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x851800, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, "ef359f413bb90152f7d6d1ce5d29c3ee5e5ca9000f7c41499dc2aac63a01000000000000004faa2ad9c084a003ea00", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00"}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x80) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0xc0185879, &(0x7f0000000080)={@desc={0x4100, 0x0, @desc1}}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mounts\x00') open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x10000, 0xffffffffffffffff, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0/../file0/../file0\x00', &(0x7f0000000000)='hugetlbfs\x00', 0x0, 0x0) chdir(&(0x7f0000000380)='./file0\x00') syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x80205b, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r2, &(0x7f0000000300)=""/104, 0x68) getdents(r2, &(0x7f0000001fc0)=""/182, 0xb6) r3 = open$dir(&(0x7f0000000000)='./file1\x00', 0x200681, 0x11e) getdents(r3, &(0x7f0000000240)=""/197, 0xc5) socket$nl_route(0x10, 0x3, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_genetlink_get_family_id$ipvs(&(0x7f0000000380), 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 2.507034205s ago: executing program 2 (id=3177): r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = socket$isdn_base(0x22, 0x3, 0x0) bind$qrtr(r0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r4 = gettid() r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r5, &(0x7f0000000200)=""/209, 0xd1) r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pread64(0xffffffffffffffff, &(0x7f00000004c0)=""/251, 0xfb, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xd, 0x28, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3, 0x0, &(0x7f0000000a80)=[0xffffffffffffffff, 0xffffffffffffffff]}, 0x90) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001a80)=[{{&(0x7f0000000300)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000900)="321c415d881256040e4d8564d79e16865cd11a84037c306e36c9545fec8dcf8d6198a6739ece1babc6197f1af8f9e2069805eb28297d2776e907502f4e9aa1b82fb54f28b510599838a53d1123f462805a04e0c06f8d55493510ad7e284342b843c6cb6c1d44d2d1b62a2eec6dbbe027e0e8e58352381207d4c14630038ef42e7ebed9a7f9842a2dde305f8257890f3843626c49d94a7f31", 0x98}], 0x1, &(0x7f0000001440)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r3, 0xffffffffffffffff, r0, r6]}}, @cred={{0x1c, 0x1, 0x2, {r4}}}, @cred={{0x1c, 0x1, 0x2, {r4}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r5]}}, @rights={{0x30, 0x1, 0x1, [r6, r8, r1, r2, r9, r7, 0xffffffffffffffff, r1]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [r7, 0xffffffffffffffff]}}], 0x108, 0x400c0}}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000001580)="81c91cb4f0ae39b228ed09", 0xb}, {0x0}, {0x0}], 0x3, &(0x7f00000019c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, r8, 0xffffffffffffffff, r8, 0xffffffffffffffff, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r2, r6, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}], 0x90, 0x4000000}}], 0x2, 0x2004880) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r5, 0x40045304, &(0x7f00000000c0)={0x0, 0x0, {0x1, 0x3}}) tkill(r4, 0x7) 2.415362803s ago: executing program 0 (id=3180): r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = socket$isdn_base(0x22, 0x3, 0x0) bind$qrtr(r0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r4 = gettid() r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r5, &(0x7f0000000200)=""/209, 0xd1) r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r5, 0x4040534e, &(0x7f0000000080)={0x335, @time={0x5}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pread64(0xffffffffffffffff, &(0x7f00000004c0)=""/251, 0xfb, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xd, 0x28, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3, 0x0, &(0x7f0000000a80)=[0xffffffffffffffff, 0xffffffffffffffff]}, 0x90) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001a80)=[{{&(0x7f0000000300)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000900)="321c415d881256040e4d8564d79e16865cd11a84037c306e36c9545fec8dcf8d6198a6739ece1babc6197f1af8f9e2069805eb28297d2776e907502f4e9aa1b82fb54f28b510599838a53d1123f462805a04e0c06f8d55493510ad7e284342b843c6cb6c1d44d2d1b62a2eec6dbbe027e0e8e58352381207d4c14630038ef42e7ebed9a7f9842a2dde305f8257890f3843626c49d94a7f31", 0x98}], 0x1, &(0x7f0000001440)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r3, 0xffffffffffffffff, r0, r6]}}, @cred={{0x1c, 0x1, 0x2, {r4}}}, @cred={{0x1c, 0x1, 0x2, {r4}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r5]}}, @rights={{0x30, 0x1, 0x1, [r6, r8, r1, r2, r9, r7, 0xffffffffffffffff, r1]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [r7, 0xffffffffffffffff]}}], 0x108, 0x400c0}}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000001580)="81c91cb4f0ae39b228ed090e26f3", 0xe}, {0x0}, {0x0}], 0x3, &(0x7f00000019c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, r8, 0xffffffffffffffff, r8, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}], 0x70, 0x4000000}}], 0x2, 0x2004880) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r5, 0x40045304, &(0x7f00000000c0)={0x0, 0x0, {0x1, 0x3}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0xc02c5341, 0x0) tkill(r4, 0x7) 2.143151525s ago: executing program 0 (id=3185): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) unshare(0x0) socket(0x0, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x45e, 0x101701) (async) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x45e, 0x101701) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x2e) ioctl$USBDEVFS_FREE_STREAMS(r2, 0x802c550a, &(0x7f0000000180)=ANY=[@ANYBLOB="0200ff03100005000500000002000020d3"]) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x1, &(0x7f0000000000)=@raw=[@kfunc], &(0x7f0000000080)='GPL\x00', 0x3, 0x2a, &(0x7f0000000140)=""/42}, 0x90) getdents64(0xffffffffffffffff, 0x0, 0x0) (async) getdents64(0xffffffffffffffff, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) (async) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@getnexthop={0x18, 0x6a, 0x48e274f25096b26b}, 0x18}}, 0x0) setresuid(0x0, 0xee01, 0xee00) perf_event_open(&(0x7f0000000100)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', 0x0}) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) r5 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x62) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r7) (async) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r7) syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000980)='./file1\x00', 0x280809a, &(0x7f0000000f40)=ANY=[], 0xd, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg") (async) syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000980)='./file1\x00', 0x280809a, &(0x7f0000000f40)=ANY=[], 0xd, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg") r8 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) (async) r9 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) write$9p(r8, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706", 0x200) sendfile(r8, r9, 0x0, 0xe065) (async) sendfile(r8, r9, 0x0, 0xe065) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001000714400"/20, @ANYRES32=r4, @ANYBLOB="0000000000200000080004005c00000014001680100001800c0007"], 0x3c}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001000714400"/20, @ANYRES32=r4, @ANYBLOB="0000000000200000080004005c00000014001680100001800c0007"], 0x3c}}, 0x0) 2.141315845s ago: executing program 2 (id=3186): r0 = socket$inet6(0xa, 0x3, 0x0) r1 = dup2(r0, r0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10) 1.803470433s ago: executing program 4 (id=3190): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) timer_gettime(0x0, 0x0) (fail_nth: 3) 1.768565316s ago: executing program 0 (id=3193): socket$inet6(0xa, 0x5, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) set_mempolicy(0x4003, &(0x7f0000000080), 0x5) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = openat$selinux_mls(0xffffff9c, &(0x7f0000000500), 0x0, 0x0) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r1) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req3={0x8000, 0x7, 0x40, 0xe00}, 0x1c) 1.768279176s ago: executing program 4 (id=3194): fchdir(0xffffffffffffffff) io_uring_enter(0xffffffffffffffff, 0x3fe7, 0x0, 0x0, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000030a05000000000000000000020000000900030073797a32000000000900010073797a3000000000140000001100ff7da2"], 0x54}}, 0x0) (fail_nth: 10) 1.652813555s ago: executing program 0 (id=3195): r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = socket$isdn_base(0x22, 0x3, 0x0) bind$qrtr(r0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r4 = gettid() r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r5, &(0x7f0000000200)=""/209, 0xd1) r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r5, 0x4040534e, &(0x7f0000000080)={0x335, @time={0x5}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pread64(0xffffffffffffffff, &(0x7f00000004c0)=""/251, 0xfb, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xd, 0x28, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3, 0x0, &(0x7f0000000a80)=[0xffffffffffffffff, 0xffffffffffffffff]}, 0x90) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001a80)=[{{&(0x7f0000000300)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000900)="321c415d881256040e4d8564d79e16865cd11a84037c306e36c9545fec8dcf8d6198a6739ece1babc6197f1af8f9e2069805eb28297d2776e907502f4e9aa1b82fb54f28b510599838a53d1123f462805a04e0c06f8d55493510ad7e284342b843c6cb6c1d44d2d1b62a2eec6dbbe027e0e8e58352381207d4c14630038ef42e7ebed9a7f9842a2dde305f8257890f3843626c49d94a7f31", 0x98}], 0x1, &(0x7f0000001440)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r3, 0xffffffffffffffff, r0, r6]}}, @cred={{0x1c, 0x1, 0x2, {r4}}}, @cred={{0x1c, 0x1, 0x2, {r4}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r5]}}, @rights={{0x30, 0x1, 0x1, [r6, r8, r1, r2, r9, r7, 0xffffffffffffffff, r1]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [r7, 0xffffffffffffffff]}}], 0x108, 0x400c0}}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000001580)="81c91cb4f0ae39b228ed090e26f3", 0xe}, {0x0}, {0x0}], 0x3, &(0x7f00000019c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, r8, 0xffffffffffffffff, r8, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}], 0x68, 0x4000000}}], 0x2, 0x2004880) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r5, 0x40045304, &(0x7f00000000c0)={0x0, 0x0, {0x1, 0x3}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0xc02c5341, 0x0) tkill(r4, 0x7) 1.575243822s ago: executing program 4 (id=3196): r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = socket$isdn_base(0x22, 0x3, 0x0) bind$qrtr(r0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r4 = gettid() r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r5, &(0x7f0000000200)=""/209, 0xd1) r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pread64(0xffffffffffffffff, &(0x7f00000004c0)=""/251, 0xfb, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xd, 0x28, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3, 0x0, &(0x7f0000000a80)=[0xffffffffffffffff, 0xffffffffffffffff]}, 0x90) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001a80)=[{{&(0x7f0000000300)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000900)="321c415d881256040e4d8564d79e16865cd11a84037c306e36c9545fec8dcf8d6198a6739ece1babc6197f1af8f9e2069805eb28297d2776e907502f4e9aa1b82fb54f28b510599838a53d1123f462805a04e0c06f8d55493510ad7e284342b843c6cb6c1d44d2d1b62a2eec6dbbe027e0e8e58352381207d4c14630038ef42e7ebed9a7f9842a2dde305f8257890f3843626c49d94a7f31", 0x98}], 0x1, &(0x7f0000001440)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r3, 0xffffffffffffffff, r0, r6]}}, @cred={{0x1c, 0x1, 0x2, {r4}}}, @cred={{0x1c, 0x1, 0x2, {r4}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r5]}}, @rights={{0x30, 0x1, 0x1, [r6, r8, r1, r2, r9, r7, 0xffffffffffffffff, r1]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [r7, 0xffffffffffffffff]}}], 0x108, 0x400c0}}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000001580)="81c91cb4f0ae39b228ed09", 0xb}, {0x0}, {0x0}], 0x3, &(0x7f00000019c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, r8, 0xffffffffffffffff, r8, 0xffffffffffffffff, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r2, r6, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}], 0x90, 0x4000000}}], 0x2, 0x2004880) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r5, 0x40045304, &(0x7f00000000c0)={0x0, 0x0, {0x1, 0x3}}) tkill(r4, 0x7) 1.421236094s ago: executing program 4 (id=3198): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0], 0x0, 0x10, &(0x7f0000000180)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0xb5, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) sendto$packet(0xffffffffffffffff, &(0x7f0000000200)="71776a6fbf28480b885ea9eef330b613244c5598e9492933529c37fea538894b575a833448825ca93d69822d8c355241226e1fb4cb6d11a75b8ffd37036121c78d04f55ad05c5c79be0d7965ff1a8edcf98cb12d927cf06f7d5de63f17a70d03db749da7a705f229e73e726d17ddc72bff61dc27b146610560071c0a30f96d4f08213f23a4d7198bc9d5f8e657cb47efacd13e1d07cdba51", 0x98, 0x4000040, &(0x7f0000000540)={0x11, 0x1a, r0, 0x1, 0x6}, 0x14) ioperm(0x0, 0xf1, 0x7) unshare(0x2040400) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={r1, 0x0, 0x0}, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="f4000000", @ANYRES16=r3, @ANYBLOB="0100000000000000000005"], 0xf4}}, 0x0) 1.376663908s ago: executing program 0 (id=3199): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000005080)=ANY=[@ANYBLOB="020d000014000000000000000300000005000600000000000a00000201000000fc010000000000000000000000000000000000000000000005000500000000000a000000000000000000000000000000000000000000000000000000000000000800120014"], 0xa0}}, 0x0) r1 = socket(0x2a, 0x4, 0x9) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000d00), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000440)=ANY=[@ANYBLOB="7d45f90d7450a75aa9c656a65349514800cf9c3880f7bc", @ANYRES16=r3, @ANYBLOB="090100000000000000004a00000008000300040000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x3c}}, 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r2, &(0x7f0000000200)={&(0x7f0000000180), 0xc, &(0x7f00000001c0)={&(0x7f0000000280)={0x14, r3, 0x400, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x24000800) socket$packet(0x11, 0x2, 0x300) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00'}, 0x10) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r5, 0x3) r6 = socket$inet_dccp(0x2, 0x6, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000720000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10) connect$inet6(r7, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c) sendmmsg$inet6(r7, &(0x7f0000000700)=[{{&(0x7f00000003c0)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000002c0)="60fafa8984d6910db2c75c9c4d738fceb48e521cd522282fd9ca99981b30a1120f62d6b5392b28d0933003b1c3fe79bfb58f8b03c3e6766b30198c21752e837bca1f44967a2a31c0693639a072e6fb5d0a793ff4fec56a5e153c856d054466ccf704143a491b2ac9170528128ec891996f41d25cf511a43bd27cdd53b8ad002872317143b5d8e32991df0b6a037fc4869fc600f9e76dd1a4574286acc37a0a", 0x9f}, {0x0}], 0x2, &(0x7f0000002ec0)=ANY=[], 0x18}}], 0x2, 0x8040) sendmmsg$inet6(r7, &(0x7f0000000000)=[{{&(0x7f0000004d40)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000008b80)=[{0x0, 0x3e}, {&(0x7f0000008900)='y', 0x1}], 0x2}}], 0x2, 0x4008040) connect$inet(r6, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r9 = accept4(r5, 0x0, 0x0, 0x0) r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r10, &(0x7f0000000080)={0x7, 0x8, 0xfa00, {r11}}, 0x10) write$RDMA_USER_CM_CMD_SET_OPTION(r10, &(0x7f0000000440)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000340)=0x1, r11, 0x0, 0x1, 0x4}}, 0x20) sendmmsg(r9, &(0x7f0000001500), 0x588, 0x0) recvmsg$inet_nvme(r9, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 1.376271548s ago: executing program 1 (id=3200): perf_event_open(&(0x7f0000000300)={0x5, 0x88, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x6, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 1.313377103s ago: executing program 1 (id=3202): syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) r0 = syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./bus\x00', 0xa08886, &(0x7f0000000040)=ANY=[], 0x3, 0x2b9, &(0x7f0000000ac0)="$eJzs3U1oE2kYwPGnH9t2u7QJy7KwC7v77PayigxNzkIbpBUxUNFGqgVhaicaMiYhE6Ip0kQQevHgxa+zCiKFgngQhFIPnqRFevPgrbcerCeLiCPp9COp6Qc1bQr9/w7tQ573mTx538mQvIFk/ujtK/GoY0TNjNS31El9txRksU78Ui8rCnLo6sTbv86cO38yFA73nFbtDfUHgqra/s/k4PXx/6Yyv5x93v6yWab9F+YXgnPTv0//Mf+1/3LM0ZijiWRGTR1KJjPmkG3p8F0nbqiesi3TsTSWcKx0WT5qJ1OpnJqJ4bbWVNpyHDUTOY1bOc0kNZPOqXnJjCXUMAxtaxVsbjz7ILRxNvJ00XVlIfPGdZsL4rpu8caWPWwPNba0/q5bsv63at0S9lDJRb1FxB7LRrIR77+XD0UlJrZY0ik++SLFc8R9OOEunSrFv9eCE+HZw69fqapfRu38cn0+G2korw+IT/xejceLe0+EewLqKa//SVpL64Pik98q1wcr1jfJ/x0l9Yb4ZPaiJMWWmcl/P831jd1bqR8NqB7rC6+r/1mG16bpyccarQ8AAAAAAAAAADth6KqK+/dGccDNEVVtW5f36it9PrB+f76z4v58o/zZWNvHDgAAAADAQeHkRuKmbVvpHwyKb+WrcZzqB81S2zYe3dj+4L97Nx/T0dUw0/2ukLKtdF72x/RuJ/g8sC/aKA9kefdpq8ENVX6mrAUfqnKcuuX+Nh5zfPD9sy2P0/Td/GxkavevSgAAAAB2w9qL/i7JR19k8wNH7tS6JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADpodfOXYzP1KKS0Gvz6ulFq9M+/3xQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPaVbwEAAP//u5TQrw==") ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x60c2, 0x0) r2 = open$dir(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000300), 0x16) r4 = dup3(r3, r1, 0x0) sendfile(r4, r2, 0x0, 0x800008038) sendfile(r1, r2, 0x0, 0xef84) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)) rseq(0x0, 0x0, 0x0, 0x0) sync() 1.312500063s ago: executing program 4 (id=3203): syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) r0 = syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./bus\x00', 0xa08886, &(0x7f0000000040)=ANY=[], 0x3, 0x2b9, &(0x7f0000000ac0)="$eJzs3U1oE2kYwPGnH9t2u7QJy7KwC7v77PayigxNzkIbpBUxUNFGqgVhaicaMiYhE6Ip0kQQevHgxa+zCiKFgngQhFIPnqRFevPgrbcerCeLiCPp9COp6Qc1bQr9/w7tQ573mTx538mQvIFk/ujtK/GoY0TNjNS31El9txRksU78Ui8rCnLo6sTbv86cO38yFA73nFbtDfUHgqra/s/k4PXx/6Yyv5x93v6yWab9F+YXgnPTv0//Mf+1/3LM0ZijiWRGTR1KJjPmkG3p8F0nbqiesi3TsTSWcKx0WT5qJ1OpnJqJ4bbWVNpyHDUTOY1bOc0kNZPOqXnJjCXUMAxtaxVsbjz7ILRxNvJ00XVlIfPGdZsL4rpu8caWPWwPNba0/q5bsv63at0S9lDJRb1FxB7LRrIR77+XD0UlJrZY0ik++SLFc8R9OOEunSrFv9eCE+HZw69fqapfRu38cn0+G2korw+IT/xejceLe0+EewLqKa//SVpL64Pik98q1wcr1jfJ/x0l9Yb4ZPaiJMWWmcl/P831jd1bqR8NqB7rC6+r/1mG16bpyccarQ8AAAAAAAAAADth6KqK+/dGccDNEVVtW5f36it9PrB+f76z4v58o/zZWNvHDgAAAADAQeHkRuKmbVvpHwyKb+WrcZzqB81S2zYe3dj+4L97Nx/T0dUw0/2ukLKtdF72x/RuJ/g8sC/aKA9kefdpq8ENVX6mrAUfqnKcuuX+Nh5zfPD9sy2P0/Td/GxkavevSgAAAAB2w9qL/i7JR19k8wNH7tS6JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADpodfOXYzP1KKS0Gvz6ulFq9M+/3xQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPaVbwEAAP//u5TQrw==") ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x60c2, 0x0) r2 = open$dir(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000300), 0x16) r4 = dup3(r3, r1, 0x0) sendfile(r4, r2, 0x0, 0x800008038) sendfile(r1, r2, 0x0, 0xef84) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) sync() 1.21956205s ago: executing program 3 (id=3204): socket$inet6(0xa, 0x5, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) set_mempolicy(0x4003, &(0x7f0000000080), 0x5) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = openat$selinux_mls(0xffffff9c, &(0x7f0000000500), 0x0, 0x0) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r1) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req3={0x8000, 0x7, 0x40, 0xe00}, 0x1c) 1.189719773s ago: executing program 3 (id=3205): socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket(0x10, 0x80002, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1c00000007ffff", @ANYRES16=r2, @ANYBLOB="4a530c395075b3"], 0x52) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}}) socket(0x2, 0x80805, 0x0) socket$inet(0x2, 0x80001, 0x84) syz_emit_ethernet(0x32, 0x0, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) recvmmsg(r3, &(0x7f0000007680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c4aa6924da22cc6e0"], 0x3c}, 0x1, 0xffffffea}, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x73) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000580)={0x3f}, 0xe) recvmmsg(r4, &(0x7f00000007c0), 0x10, 0xc0fe, 0x0) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$AUDIT_ADD_RULE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x8010) syz_io_uring_setup(0x0, &(0x7f0000000900), &(0x7f0000000000), 0x0) shutdown(0xffffffffffffffff, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=@bridge_setlink={0x2c, 0x13, 0xa29, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x6, 0x0, 0x1, {0x4}}]}]}, 0x2c}}, 0x0) 1.004662458s ago: executing program 3 (id=3206): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) io_setup(0x7, &(0x7f0000000280)=0x0) io_submit(r1, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x1}]) 856.63438ms ago: executing program 3 (id=3207): r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = socket$isdn_base(0x22, 0x3, 0x0) bind$qrtr(r0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r4 = gettid() r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r5, &(0x7f0000000200)=""/209, 0xd1) r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pread64(0xffffffffffffffff, &(0x7f00000004c0)=""/251, 0xfb, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xd, 0x28, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3, 0x0, &(0x7f0000000a80)=[0xffffffffffffffff, 0xffffffffffffffff]}, 0x90) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001a80)=[{{&(0x7f0000000300)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000900)="321c415d881256040e4d8564d79e16865cd11a84037c306e36c9545fec8dcf8d6198a6739ece1babc6197f1af8f9e2069805eb28297d2776e907502f4e9aa1b82fb54f28b510599838a53d1123f462805a04e0c06f8d55493510ad7e284342b843c6cb6c1d44d2d1b62a2eec6dbbe027e0e8e58352381207d4c14630038ef42e7ebed9a7f9842a2dde305f8257890f3843626c49d94a7f31", 0x98}], 0x1, &(0x7f0000001440)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r3, 0xffffffffffffffff, r0, r6]}}, @cred={{0x1c, 0x1, 0x2, {r4}}}, @cred={{0x1c, 0x1, 0x2, {r4}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r5]}}, @rights={{0x30, 0x1, 0x1, [r6, r8, r1, r2, r9, r7, 0xffffffffffffffff, r1]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [r7, 0xffffffffffffffff]}}], 0x108, 0x400c0}}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000001580)="81c91cb4f0ae39b228ed09", 0xb}, {0x0}, {0x0}], 0x3, &(0x7f00000019c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, r8, 0xffffffffffffffff, r8, 0xffffffffffffffff, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r2, r6, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}], 0x90, 0x4000000}}], 0x2, 0x2004880) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r5, 0x40045304, &(0x7f00000000c0)={0x0, 0x0, {0x1, 0x3}}) tkill(r4, 0x7) 724.633181ms ago: executing program 3 (id=3208): r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r2 = socket$isdn_base(0x22, 0x3, 0x0) bind$qrtr(r0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r4 = gettid() r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r5, &(0x7f0000000200)=""/209, 0xd1) r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r5, 0x4040534e, &(0x7f0000000080)={0x335, @time={0x5}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pread64(0xffffffffffffffff, &(0x7f00000004c0)=""/251, 0xfb, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xd, 0x28, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3, 0x0, &(0x7f0000000a80)=[0xffffffffffffffff, 0xffffffffffffffff]}, 0x90) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001a80)=[{{&(0x7f0000000300)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000900)="321c415d881256040e4d8564d79e16865cd11a84037c306e36c9545fec8dcf8d6198a6739ece1babc6197f1af8f9e2069805eb28297d2776e907502f4e9aa1b82fb54f28b510599838a53d1123f462805a04e0c06f8d55493510ad7e284342b843c6cb6c1d44d2d1b62a2eec6dbbe027e0e8e58352381207d4c14630038ef42e7ebed9a7f9842a2dde305f8257890f3843626c49d94a7f31", 0x98}], 0x1, &(0x7f0000001440)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r3, 0xffffffffffffffff, r0, r6]}}, @cred={{0x1c, 0x1, 0x2, {r4}}}, @cred={{0x1c, 0x1, 0x2, {r4}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r5]}}, @rights={{0x30, 0x1, 0x1, [r6, r8, r1, r2, r9, r7, 0xffffffffffffffff, r1]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [r7, 0xffffffffffffffff]}}], 0x108, 0x400c0}}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000001580)="81c91cb4f0ae39b228ed090e26f3", 0xe}, {0x0}, {0x0}], 0x3, &(0x7f00000019c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, r8, 0xffffffffffffffff, r8, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}], 0x68, 0x4000000}}], 0x2, 0x2004880) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r5, 0x40045304, &(0x7f00000000c0)={0x0, 0x0, {0x1, 0x3}}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0xc02c5341, 0x0) tkill(r4, 0x7) 451.475013ms ago: executing program 0 (id=3209): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020100000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a32000000001400000011001f"], 0x7c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001e00)={'bond0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={0x0, 0x1, 0x6, @dev}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f0000000000)=0x200, 0x4) sendmmsg$inet6(r3, &(0x7f0000000880)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1f}, 0x1c, &(0x7f00000006c0)=[{&(0x7f00000000c0)="e85eb3ad7a85f8ffbfeca731d6c8b8efffe715ca63a772ab76e7cffafb9d389706d2e359133ee025548a9a6dacd710c38203386303f61999708e2e086f02a597d35cb89496800f640fdc0d640b093b6048a305e8b1fe97a29fd305a32a525559ddd5ee389d8bc85b5c014a923f2633e07c9b1306f90aca263b0cbb80cd28e0d43c5e853eafd3471233aa29ffcbf71f5d41e6ac5cd9dd73d7d5a33ff36301367732b1d6d5c7bd74aa59bcbbeace3a5d25c319b37e9b5a1a2f49f5332b818ac6d3c9458fdbe1ac55b4c0560f22e891801c3c7ea9af178d90346e6bf66b6826d57dc05dcf8972c73b85085ebabef39bd87aed18f4de2d0caba6eb22132ee4e6c99097f54ca9742a3ae9bb80ab191d594d82418fadfa0cb593c22a452949e76978b77f7cd812009d64eaeeeb27224b6df92fbfeae6c94fb1c633246609466ac4d8fb1d890081d260b4c7acaf1b8a6f938205c462f4562e73d73546a47e3384abbd05de604e7d50d8053fb15a4ad2cc2d5a96c62fe5f4398362e4b098b6fd3b7fb03144c7a258b344de3fdb78ecb4237e53ae95ca31598a8102bd5990575fa6aff26ad340d7bbf1644ba6f1168d1d9a50aee8a9494c733f2c55dda98db0f23eff7df41a3354c3310c421703c0dad93182e4d10cf579215232e07cca2fa220d4a0751d2ededfd4924845baa5539fd6e666f3df3426afed1cd1c7c12bcf39eed1b848beee", 0x201}, {&(0x7f0000000340)="43443d51acf3f331955d65d3ec5881e9f4fc68902b79e7eb2af34a2604b54e0c658efb164465092d2ba1952907df4aa425a855d4af8e3389a443e3786dca54707b3f2b8e747d4264562923cc411a8e00bf100072a9c756e44ada5c80bea7a3b970fdf82154dc2a", 0x67}, {&(0x7f00000004c0)="525fe296e2f8dff83a2f15cfc2fbe5558899789e39bc44046d7f904929683a65dd692581926a47739cc6cf253a9a60d3cd2581256135088532ad94537e8acc79eb35c9738580679e51ac899c7fdfa418d7182e7ba2e8c117460356f7ee3a78beb37557b0bcbe6b8331175d11719a26a9d1ebe52e0fdc9ecf4d859f8c73617191cbf295922db1e8e65fafba2eac97f72f12149854e0a0e6bc77a3910eb392993e30657ebc79dc473135de1706966011e6888052153845c9832a9c3bd963e97b77a1bfa8a7538ba16c4d8253d0f7babbc26fd0deb14c7cf0fd67d8fc1f656143f239ea455428d02f4b9dab407a5757101dc93c009bb3386bdffd", 0xf9}, {&(0x7f00000005c0)="98ef1caa7d141b9c904cb197f79c1ce95092ade76b94534139e69a43f7165d5db88f10ce11a597296c6dc844a276b9bb5c32716f160cd8e9792b8cb7ebdc421328d4be4b39fb42a063e90cd6898ad019d1f50c879a419e1e84ad9963b1eb84a836f56a15c4806204ccb0be2a619cfbe6b83ca7085b06b8cef3cd50d69ca179af6ee0bd3f181e674a85cbee9eff772b5fcf81e4b722d6732b9188f08038274e288d4bbdcc9961c0538ea4ddb6fd6a8d567dcde81b", 0xb4}], 0x4}}, {{0x0, 0x0, &(0x7f0000000780), 0x0, &(0x7f0000000840)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0x80000000}}, @pktinfo={{0x24, 0x29, 0x32, {@mcast1, r1}}}], 0x40}}], 0x2, 0x4000044) setsockopt$packet_int(r2, 0x107, 0x8, &(0x7f0000000080)=0x10001, 0x4) recvmsg(r2, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, 0x0, &(0x7f0000000080)) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/user\x00') r4 = creat(&(0x7f0000001040)='./file0\x00', 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x20, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000440)={0x0}) creat(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='jfs\x00', 0x8080, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r5, 0xc0182101, &(0x7f0000000180)={r6, 0xf86}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f00000003c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r5, 0x40182103, &(0x7f0000000080)={r7, 0x3, r5, 0x5}) syz_emit_ethernet(0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x10000}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000240)={r8, 0x2}, 0x8) 428.692295ms ago: executing program 1 (id=3210): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone3(&(0x7f0000000200)={0x2001000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)=0x0, {0x6}, &(0x7f0000001080)=""/4096, 0x1000, &(0x7f0000000180)=""/11, &(0x7f00000001c0)=[0xffffffffffffffff], 0x1}, 0x58) syz_open_procfs$namespace(r2, &(0x7f0000000280)='ns/uts\x00') setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000100)=0xffff, 0x4) shutdown(r0, 0x1) r3 = socket$inet_sctp(0x2, 0x1, 0x84) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sync_file_range(r3, 0x9, 0x9, 0x4) socket$inet_sctp(0x2, 0x1, 0x84) r5 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xd, &(0x7f0000000300)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) r7 = socket$can_raw(0x1d, 0x3, 0x1) sendmsg$can_raw(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x2}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000001c0)={r6, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x4d}, 0x9c) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r3, 0x84, 0x19, &(0x7f00000002c0)={r6, 0x80}, 0x8) recvmmsg(r1, &(0x7f0000001040)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/27, 0x1b}}], 0x1, 0x0, 0x0) 427.641605ms ago: executing program 3 (id=3211): syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) r0 = syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./bus\x00', 0xa08886, &(0x7f0000000040)=ANY=[], 0x3, 0x2b9, &(0x7f0000000ac0)="$eJzs3U1oE2kYwPGnH9t2u7QJy7KwC7v77PayigxNzkIbpBUxUNFGqgVhaicaMiYhE6Ip0kQQevHgxa+zCiKFgngQhFIPnqRFevPgrbcerCeLiCPp9COp6Qc1bQr9/w7tQ573mTx538mQvIFk/ujtK/GoY0TNjNS31El9txRksU78Ui8rCnLo6sTbv86cO38yFA73nFbtDfUHgqra/s/k4PXx/6Yyv5x93v6yWab9F+YXgnPTv0//Mf+1/3LM0ZijiWRGTR1KJjPmkG3p8F0nbqiesi3TsTSWcKx0WT5qJ1OpnJqJ4bbWVNpyHDUTOY1bOc0kNZPOqXnJjCXUMAxtaxVsbjz7ILRxNvJ00XVlIfPGdZsL4rpu8caWPWwPNba0/q5bsv63at0S9lDJRb1FxB7LRrIR77+XD0UlJrZY0ik++SLFc8R9OOEunSrFv9eCE+HZw69fqapfRu38cn0+G2korw+IT/xejceLe0+EewLqKa//SVpL64Pik98q1wcr1jfJ/x0l9Yb4ZPaiJMWWmcl/P831jd1bqR8NqB7rC6+r/1mG16bpyccarQ8AAAAAAAAAADth6KqK+/dGccDNEVVtW5f36it9PrB+f76z4v58o/zZWNvHDgAAAADAQeHkRuKmbVvpHwyKb+WrcZzqB81S2zYe3dj+4L97Nx/T0dUw0/2ukLKtdF72x/RuJ/g8sC/aKA9kefdpq8ENVX6mrAUfqnKcuuX+Nh5zfPD9sy2P0/Td/GxkavevSgAAAAB2w9qL/i7JR19k8wNH7tS6JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADpodfOXYzP1KKS0Gvz6ulFq9M+/3xQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPaVbwEAAP//u5TQrw==") ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x60c2, 0x0) r2 = open$dir(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000300), 0x16) r4 = dup3(r3, r1, 0x0) sendfile(r4, r2, 0x0, 0x800008038) sendfile(r1, r2, 0x0, 0xef84) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) sync() 426.743045ms ago: executing program 4 (id=3212): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000180)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x88}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@resgid}, {@usrquota}, {@data_err_abort}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000001200)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000980)={0x802}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="180000005200010000000000000000000a00008302d50000"], 0x18}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000480)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100101}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=@ipv4_newroute={0x58, 0x18, 0x400, 0x70bd25, 0x25dfdbfc, {0x2, 0x0, 0x10, 0x3, 0xff, 0x1, 0x0, 0x5}, [@RTA_GATEWAY={0x8, 0x5, @rand_addr=0x64010100}, @RTA_METRICS={0x2b, 0x8, 0x0, 0x1, "9f416bddd681b2ece13bf0ea7ad0728d0558ca5ab853f9481ec377ceeaedc7ab6a0578fe105189"}, @RTA_NH_ID={0x8, 0x1e, 0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) pipe(0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) openat$procfs(0xffffffffffffff9c, &(0x7f0000001600)='/proc/slabinfo\x00', 0x0, 0x0) quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000240)={0x0, 0x5, 0x8000000000000000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x400000a5}) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000000), 0xfe, 0x246, &(0x7f0000000840)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186186e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b7322d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000796fab91ecf280ee8c806e5b330c"], &(0x7f0000000380)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x5}, 0x8, 0x10, &(0x7f0000000000)={0x2}, 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lc\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x483, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'none\x00'}, 0x2c) 135.465149ms ago: executing program 1 (id=3213): perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="b800000019000100"/43], 0xb8}}, 0x0) 68.917305ms ago: executing program 1 (id=3214): socket$inet6(0xa, 0x5, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) set_mempolicy(0x4003, &(0x7f0000000080)=0x7, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = openat$selinux_mls(0xffffff9c, &(0x7f0000000500), 0x0, 0x0) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r1) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req3={0x8000, 0x7, 0x40, 0xe00}, 0x1c) 0s ago: executing program 1 (id=3215): socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket(0x10, 0x80002, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1c00000007ffff", @ANYRES16=r2, @ANYBLOB="4a530c395075b3"], 0x52) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}}) socket(0x2, 0x80805, 0x0) socket$inet(0x2, 0x80001, 0x84) syz_emit_ethernet(0x32, 0x0, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) recvmmsg(r3, &(0x7f0000007680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c4aa6924da22cc6e0"], 0x3c}, 0x1, 0xffffffea}, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x73) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000580)={0x3f}, 0xe) recvmmsg(r4, &(0x7f00000007c0), 0x10, 0xc0fe, 0x0) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$AUDIT_ADD_RULE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x8010) syz_io_uring_setup(0x0, &(0x7f0000000900), &(0x7f0000000000), 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=@bridge_setlink={0x2c, 0x13, 0xa29, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x6, 0x0, 0x1, {0x4}}]}]}, 0x2c}}, 0x0) kernel console output (not intermixed with test programs): 100] [ 218.508401][T13100] syz.4.2699: vmalloc error: size 16384, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0 [ 218.523473][T13100] CPU: 0 UID: 0 PID: 13100 Comm: syz.4.2699 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 218.534021][T13100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 218.544128][T13100] Call Trace: [ 218.547433][T13100] [ 218.550382][T13100] dump_stack_lvl+0xf2/0x150 [ 218.555005][T13100] dump_stack+0x15/0x20 [ 218.559257][T13100] warn_alloc+0x145/0x1b0 [ 218.563670][T13100] ? kfree+0xd5/0x290 [ 218.567718][T13100] __vmalloc_node_range_noprof+0x310/0xef0 [ 218.573553][T13100] ? mod_objcg_state+0x3a7/0x4f0 [ 218.578544][T13100] dup_task_struct+0x4a1/0x710 [ 218.583338][T13100] ? copy_process+0x3a9/0x1f90 [ 218.588331][T13100] copy_process+0x3a9/0x1f90 [ 218.593014][T13100] ? kstrtouint+0x77/0xc0 [ 218.597458][T13100] ? kstrtouint_from_user+0xb0/0xe0 [ 218.602729][T13100] kernel_clone+0x167/0x5e0 [ 218.607311][T13100] ? vfs_write+0x5a5/0x900 [ 218.611753][T13100] __x64_sys_clone+0xe8/0x120 [ 218.616495][T13100] x64_sys_call+0x2dc4/0x2e00 [ 218.621182][T13100] do_syscall_64+0xc9/0x1c0 [ 218.625781][T13100] ? clear_bhb_loop+0x55/0xb0 [ 218.630535][T13100] ? clear_bhb_loop+0x55/0xb0 [ 218.635291][T13100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.641218][T13100] RIP: 0033:0x7fc9ac687299 [ 218.645645][T13100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.665270][T13100] RSP: 002b:00007fc9ab2c4ff8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 218.673808][T13100] RAX: ffffffffffffffda RBX: 00007fc9ac816130 RCX: 00007fc9ac687299 [ 218.681800][T13100] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000080001280 [ 218.689856][T13100] RBP: 00007fc9ab2c50a0 R08: 0000000000000000 R09: 0000000000000000 [ 218.697834][T13100] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 218.705879][T13100] R13: 000000000000006e R14: 00007fc9ac816130 R15: 00007ffd09762318 [ 218.713865][T13100] [ 218.717201][T13100] Mem-Info: [ 218.720366][T13100] active_anon:3766 inactive_anon:2 isolated_anon:0 [ 218.720366][T13100] active_file:6827 inactive_file:12487 isolated_file:0 [ 218.720366][T13100] unevictable:0 dirty:546 writeback:0 [ 218.720366][T13100] slab_reclaimable:2771 slab_unreclaimable:16367 [ 218.720366][T13100] mapped:24611 shmem:222 pagetables:1306 [ 218.720366][T13100] sec_pagetables:0 bounce:0 [ 218.720366][T13100] kernel_misc_reclaimable:0 [ 218.720366][T13100] free:1899994 free_pcp:2481 free_cma:0 [ 218.765335][T13100] Node 0 active_anon:15064kB inactive_anon:8kB active_file:27308kB inactive_file:49948kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:98444kB dirty:2184kB writeback:0kB shmem:888kB writeback_tmp:0kB kernel_stack:3600kB pagetables:5224kB sec_pagetables:0kB all_unreclaimable? no [ 218.793297][T13100] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 218.820311][T13100] lowmem_reserve[]: 0 2866 7844 0 [ 218.825388][T13100] Node 0 DMA32 free:2950412kB boost:0kB min:4136kB low:7068kB high:10000kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953944kB mlocked:0kB bounce:0kB free_pcp:3532kB local_pcp:3532kB free_cma:0kB [ 218.854140][T13100] lowmem_reserve[]: 0 0 4978 0 [ 218.858995][T13100] Node 0 Normal free:4628808kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB active_anon:15064kB inactive_anon:8kB active_file:27308kB inactive_file:49948kB unevictable:0kB writepending:2184kB present:5242880kB managed:5098208kB mlocked:0kB bounce:0kB free_pcp:6544kB local_pcp:788kB free_cma:0kB [ 218.889282][T13100] lowmem_reserve[]: 0 0 0 0 [ 218.893934][T13100] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 218.906803][T13100] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 3*16kB (M) 4*32kB (M) 3*64kB (M) 3*128kB (M) 4*256kB (M) 3*512kB (M) 2*1024kB (M) 2*2048kB (M) 718*4096kB (M) = 2950412kB [ 218.923135][T13100] Node 0 Normal: 891*4kB (UME) 445*8kB (UM) 533*16kB (UME) 410*32kB (UME) 384*64kB (UME) 26*128kB (UME) 36*256kB (UM) 52*512kB (UME) 46*1024kB (UM) 30*2048kB (UM) 1081*4096kB (UM) = 4628836kB [ 218.942353][T13100] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 218.951886][T13100] 19538 total pagecache pages [ 218.956633][T13100] 3 pages in swap cache [ 218.960886][T13100] Free swap = 124580kB [ 218.965134][T13100] Total swap = 124996kB [ 218.969314][T13100] 2097051 pages RAM [ 218.973143][T13100] 0 pages HighMem/MovableOnly [ 218.977861][T13100] 80173 pages reserved [ 219.105343][T13122] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 219.120278][T13122] loop2: detected capacity change from 0 to 512 [ 219.158416][T13122] ext4 filesystem being mounted at /191/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 219.176064][T13130] loop1: detected capacity change from 0 to 128 [ 219.194909][T13122] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2705: bg 0: block 256: padding at end of block bitmap is not set [ 219.213498][T13130] loop1: detected capacity change from 0 to 128 [ 219.229689][T13122] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.2705: Failed to acquire dquot type 1 [ 219.255324][T13137] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2705'. [ 219.388150][T13144] loop0: detected capacity change from 0 to 1024 [ 219.390324][T13145] loop4: detected capacity change from 0 to 512 [ 219.408668][T13144] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 219.419664][T13144] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869) [ 219.430506][T13145] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 219.443501][T13144] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 219.458967][T13144] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #3: comm syz.0.2713: pblk 82 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 219.460399][T13145] EXT4-fs (loop4): 1 orphan inode deleted [ 219.482675][T13145] EXT4-fs (loop4): 1 truncate cleaned up [ 219.494840][T13144] EXT4-fs (loop0): no journal found [ 219.500271][T13144] EXT4-fs (loop0): can't get journal size [ 219.585429][T13144] loop7: detected capacity change from 0 to 16384 [ 219.648231][T13166] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 219.666808][T13166] loop1: detected capacity change from 0 to 512 [ 219.677318][T13169] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2718'. [ 219.704501][T13166] ext4 filesystem being mounted at /317/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 219.740592][T13166] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2720: bg 0: block 256: padding at end of block bitmap is not set [ 219.780280][T13166] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.2720: Failed to acquire dquot type 1 [ 219.906449][T13180] loop0: detected capacity change from 0 to 128 [ 219.954730][T13180] loop0: detected capacity change from 0 to 128 [ 220.318868][ T1616] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.384045][ T1616] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.408283][T13204] netlink: 184 bytes leftover after parsing attributes in process `syz.4.2729'. [ 220.450997][ T1616] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.523301][ T1616] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.582792][T13215] lo: mtu less than device minimum [ 220.626406][ T1616] bridge_slave_1: left allmulticast mode [ 220.632117][ T1616] bridge_slave_1: left promiscuous mode [ 220.637894][ T1616] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.772759][ T1616] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 220.797445][ T1616] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 220.814571][ T1616] bond0 (unregistering): Released all slaves [ 220.841516][T13187] chnl_net:caif_netlink_parms(): no params data found [ 220.854378][T13222] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 220.883951][T13222] loop2: detected capacity change from 0 to 512 [ 220.916686][T13227] loop1: detected capacity change from 0 to 128 [ 220.932283][T13222] EXT4-fs mount: 10 callbacks suppressed [ 220.932303][T13222] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.957198][T13234] loop0: detected capacity change from 0 to 128 [ 220.957472][T13222] ext4 filesystem being mounted at /193/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 220.978800][ T1616] hsr_slave_0: left promiscuous mode [ 220.980300][T13222] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2735: bg 0: block 256: padding at end of block bitmap is not set [ 221.002751][T13222] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.2735: Failed to acquire dquot type 1 [ 221.002769][ T1616] hsr_slave_1: left promiscuous mode [ 221.024148][ T1616] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 221.031666][ T1616] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.033771][T13222] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2735'. [ 221.056862][ T1616] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 221.064337][ T1616] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 221.093681][T13240] loop1: detected capacity change from 0 to 128 [ 221.101275][ T1616] veth1_macvtap: left promiscuous mode [ 221.106854][ T1616] veth0_macvtap: left promiscuous mode [ 221.109770][T13242] loop0: detected capacity change from 0 to 128 [ 221.112500][ T1616] veth1_vlan: left promiscuous mode [ 221.124002][ T1616] veth0_vlan: left promiscuous mode [ 221.177697][T10197] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.253979][T13248] loop4: detected capacity change from 0 to 512 [ 221.265473][T13248] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 221.300717][T13248] EXT4-fs (loop4): 1 orphan inode deleted [ 221.306650][T13248] EXT4-fs (loop4): 1 truncate cleaned up [ 221.316806][T13248] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.345158][ T1616] team0 (unregistering): Port device team_slave_1 removed [ 221.358602][ T1616] team0 (unregistering): Port device team_slave_0 removed [ 221.368316][T11869] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.390083][T13256] loop2: detected capacity change from 0 to 512 [ 221.418448][T13256] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.434716][T13256] ext4 filesystem being mounted at /197/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 221.458677][T13187] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.465814][T13187] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.473331][T13187] bridge_slave_0: entered allmulticast mode [ 221.481464][T13187] bridge_slave_0: entered promiscuous mode [ 221.490635][T13187] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.497829][T13187] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.507487][T13187] bridge_slave_1: entered allmulticast mode [ 221.514220][T13187] bridge_slave_1: entered promiscuous mode [ 221.593605][T13187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.608297][T13187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.640070][T13187] team0: Port device team_slave_0 added [ 221.654755][T13187] team0: Port device team_slave_1 added [ 221.691273][T13187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.698445][T13187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.724505][T13187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.741815][T13187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.748900][T13187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.774913][T13187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.817111][T13273] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 221.845248][T13273] loop1: detected capacity change from 0 to 512 [ 221.857531][T13187] hsr_slave_0: entered promiscuous mode [ 221.865636][T13187] hsr_slave_1: entered promiscuous mode [ 221.899459][T13187] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 221.900175][T13273] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.914800][T13187] Cannot create hsr debugfs directory [ 221.928970][T13275] netlink: 184 bytes leftover after parsing attributes in process `syz.4.2749'. [ 221.935505][T13273] ext4 filesystem being mounted at /322/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 221.956387][T13276] EXT4-fs error (device loop2): ext4_add_entry:2435: inode #2: comm syz.2.2744: Directory hole found for htree leaf block 0 [ 222.020679][T13273] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2748: bg 0: block 256: padding at end of block bitmap is not set [ 222.059617][T13273] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.2748: Failed to acquire dquot type 1 [ 222.097394][T13292] loop0: detected capacity change from 0 to 512 [ 222.122812][T13292] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 222.156717][T13292] EXT4-fs (loop0): 1 orphan inode deleted [ 222.162648][T13292] EXT4-fs (loop0): 1 truncate cleaned up [ 222.179417][ T8807] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.191525][T13292] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 222.251455][ T8826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.292471][T13300] loop1: detected capacity change from 0 to 128 [ 222.315640][T13304] loop0: detected capacity change from 0 to 128 [ 222.342260][T13187] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 222.364417][T13187] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 222.384580][T13300] loop1: detected capacity change from 0 to 128 [ 222.391163][T13187] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 222.438616][T13187] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 222.622231][T10197] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.642126][T13187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.682828][T13187] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.722077][ T3345] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.729251][ T3345] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.739211][T13308] netlink: 268 bytes leftover after parsing attributes in process `syz.1.2756'. [ 222.755094][ T3335] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.762317][ T3335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.928637][T13187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 222.993808][ T29] kauditd_printk_skb: 1172 callbacks suppressed [ 222.993848][ T29] audit: type=1400 audit(1721958133.232:3486): avc: denied { read write } for pid=11869 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 223.041047][ T29] audit: type=1400 audit(1721958133.232:3487): avc: denied { recv } for pid=1616 comm="kworker/u8:5" saddr=10.128.0.163 src=30030 daddr=10.128.1.144 dest=42290 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 223.066891][ T29] audit: type=1400 audit(1721958133.252:3488): avc: denied { read write open } for pid=11869 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 223.092320][ T29] audit: type=1400 audit(1721958133.252:3489): avc: denied { ioctl } for pid=11869 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=104 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 223.103424][T13327] netlink: 184 bytes leftover after parsing attributes in process `syz.4.2760'. [ 223.118221][ T29] audit: type=1400 audit(1721958133.252:3490): avc: denied { prog_load } for pid=13317 comm="syz.1.2759" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 223.146583][ T29] audit: type=1400 audit(1721958133.252:3491): avc: denied { bpf } for pid=13317 comm="syz.1.2759" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 223.167314][ T29] audit: type=1400 audit(1721958133.282:3492): avc: denied { egress } for pid=50 comm="kworker/u8:3" daddr=ff02::1:ffaa:aa1c netif=gretap0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1 [ 223.190658][ T29] audit: type=1400 audit(1721958133.282:3493): avc: denied { sendto } for pid=50 comm="kworker/u8:3" daddr=ff02::1:ffaa:aa1c netif=gretap0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1 [ 223.214038][ T29] audit: type=1400 audit(1721958133.282:3494): avc: denied { module_request } for pid=13187 comm="syz-executor" kmod="netdev-virt_wifi0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 223.241296][ T29] audit: type=1400 audit(1721958133.312:3495): avc: denied { create } for pid=13325 comm="syz.4.2760" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 223.270949][T13187] veth0_vlan: entered promiscuous mode [ 223.285969][T13187] veth1_vlan: entered promiscuous mode [ 223.348033][T13187] veth0_macvtap: entered promiscuous mode [ 223.371107][T13187] veth1_macvtap: entered promiscuous mode [ 223.383602][T13339] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 223.403704][T13187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.414479][T13187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.420973][T13339] loop1: detected capacity change from 0 to 512 [ 223.424475][T13187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.441424][T13187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.451137][T13343] loop0: detected capacity change from 0 to 128 [ 223.451271][T13187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.468093][T13187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.477940][T13187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.488480][T13187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.489152][T13339] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 223.498411][T13187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.498430][T13187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.521358][T13339] ext4 filesystem being mounted at /326/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 223.549642][T13187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 223.571644][T13187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.573229][T13339] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2763: bg 0: block 256: padding at end of block bitmap is not set [ 223.582236][T13187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.606795][T13187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.617355][T13187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.627335][T13187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.638068][T13187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.647929][T13187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.658496][T13187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.668380][T13187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.678893][T13187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.691821][T13339] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.2763: Failed to acquire dquot type 1 [ 223.706977][T13187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 223.714754][T13355] loop0: detected capacity change from 0 to 128 [ 223.739286][T13187] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.748108][T13187] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.756872][T13187] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.765623][T13187] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.794131][T13358] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2769'. [ 223.821620][T13339] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2763'. [ 223.895518][ T8807] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.923946][T13366] lo speed is unknown, defaulting to 1000 [ 223.932596][T13366] lo speed is unknown, defaulting to 1000 [ 223.938888][T13366] lo speed is unknown, defaulting to 1000 [ 223.982198][T13369] devtmpfs: Too few inodes for current use [ 224.035441][T13366] infiniband syz0: set active [ 224.039366][T13373] loop1: detected capacity change from 0 to 128 [ 224.040200][T13366] infiniband syz0: added lo [ 224.051149][ T4554] lo speed is unknown, defaulting to 1000 [ 224.067147][T13373] vfat: Unknown parameter 'nonumtailµšK{4ùname' [ 224.087615][T13366] RDS/IB: syz0: added [ 224.095312][T13366] smc: adding ib device syz0 with port count 1 [ 224.101655][T13366] smc: ib device syz0 port 1 has pnetid [ 224.107718][ T3338] lo speed is unknown, defaulting to 1000 [ 224.114037][T13366] lo speed is unknown, defaulting to 1000 [ 224.151044][T13366] lo speed is unknown, defaulting to 1000 [ 224.192984][T13366] lo speed is unknown, defaulting to 1000 [ 224.224171][T13388] loop1: detected capacity change from 0 to 128 [ 224.235083][T13366] lo speed is unknown, defaulting to 1000 [ 224.254565][T13394] loop4: detected capacity change from 0 to 512 [ 224.278860][T13366] lo speed is unknown, defaulting to 1000 [ 224.291826][T13394] dccp_invalid_packet: P.Data Offset(0) too small [ 224.333371][T13398] FAULT_INJECTION: forcing a failure. [ 224.333371][T13398] name failslab, interval 1, probability 0, space 0, times 0 [ 224.346078][T13398] CPU: 1 UID: 0 PID: 13398 Comm: syz.3.2780 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 224.348817][T13397] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2779'. [ 224.356530][T13398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 224.356551][T13398] Call Trace: [ 224.356560][T13398] [ 224.356569][T13398] dump_stack_lvl+0xf2/0x150 [ 224.386655][T13398] dump_stack+0x15/0x20 [ 224.390867][T13398] should_fail_ex+0x229/0x230 [ 224.395564][T13398] ? skb_clone+0x154/0x1f0 [ 224.400049][T13398] should_failslab+0x8f/0xb0 [ 224.404827][T13398] kmem_cache_alloc_noprof+0x4c/0x290 [ 224.410335][T13398] skb_clone+0x154/0x1f0 [ 224.414700][T13398] netlink_trim+0xd9/0x140 [ 224.419137][T13398] netlink_broadcast_filtered+0x4e/0xbe0 [ 224.424794][T13398] ? nf_tables_fill_rule_info+0x603/0x640 [ 224.430532][T13398] nlmsg_notify+0xca/0x170 [ 224.434973][T13398] nfnetlink_send+0x89/0xa0 [ 224.439531][T13398] nf_tables_commit+0x3a8c/0x45a0 [ 224.444662][T13398] ? obj_cgroup_uncharge_pages+0x164/0x1d0 [ 224.450562][T13398] ? nft_trans_commit_list_add_tail+0x134/0x280 [ 224.456905][T13398] ? kvfree+0x39/0x40 [ 224.460895][T13398] ? nf_tables_newrule+0x14d3/0x1620 [ 224.466249][T13398] ? skb_pull+0x94/0x100 [ 224.470518][T13398] nfnetlink_rcv+0xf89/0x15b0 [ 224.475233][T13398] netlink_unicast+0x593/0x670 [ 224.480102][T13398] netlink_sendmsg+0x5cc/0x6e0 [ 224.484884][T13398] ? __pfx_netlink_sendmsg+0x10/0x10 [ 224.490184][T13398] __sock_sendmsg+0x140/0x180 [ 224.494900][T13398] ____sys_sendmsg+0x312/0x410 [ 224.499771][T13398] __sys_sendmsg+0x1e9/0x280 [ 224.504481][T13398] __x64_sys_sendmsg+0x46/0x50 [ 224.509328][T13398] x64_sys_call+0x26f8/0x2e00 [ 224.514057][T13398] do_syscall_64+0xc9/0x1c0 [ 224.518601][T13398] ? clear_bhb_loop+0x55/0xb0 [ 224.523356][T13398] ? clear_bhb_loop+0x55/0xb0 [ 224.528155][T13398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.534121][T13398] RIP: 0033:0x7f1357ab7299 [ 224.538543][T13398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.558163][T13398] RSP: 002b:00007f1356737048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 224.566595][T13398] RAX: ffffffffffffffda RBX: 00007f1357c45f80 RCX: 00007f1357ab7299 [ 224.574598][T13398] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 224.582665][T13398] RBP: 00007f13567370a0 R08: 0000000000000000 R09: 0000000000000000 [ 224.590655][T13398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 224.598843][T13398] R13: 000000000000000b R14: 00007f1357c45f80 R15: 00007fffbb5bd578 [ 224.606866][T13398] [ 224.632919][T13400] loop4: detected capacity change from 0 to 128 [ 224.633308][T13366] lo speed is unknown, defaulting to 1000 [ 224.669751][T13402] loop1: detected capacity change from 0 to 128 [ 224.712676][T13400] loop4: detected capacity change from 0 to 128 [ 224.733507][T13366] lo speed is unknown, defaulting to 1000 [ 224.774492][T13406] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 224.799993][T13406] loop0: detected capacity change from 0 to 512 [ 224.854803][T13406] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.896132][T13406] ext4 filesystem being mounted at /271/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 224.934760][T13406] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2782: bg 0: block 256: padding at end of block bitmap is not set [ 224.961957][T13406] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.2782: Failed to acquire dquot type 1 [ 224.980800][T13406] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2782'. [ 225.019859][T13418] loop1: detected capacity change from 0 to 1024 [ 225.028386][T13418] EXT4-fs: Ignoring removed oldalloc option [ 225.038724][T13418] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 225.068595][T13418] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 225.076319][T13419] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2786'. [ 225.091302][ T8826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.134625][ T8807] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.188186][T13433] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2792'. [ 225.227628][T13437] loop1: detected capacity change from 0 to 1024 [ 225.240016][T13439] loop2: detected capacity change from 0 to 128 [ 225.270484][T13437] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 225.289886][T13439] loop2: detected capacity change from 0 to 128 [ 225.418814][T13447] loop0: detected capacity change from 0 to 132 [ 225.442482][T13452] loop2: detected capacity change from 0 to 512 [ 225.449568][T13452] EXT4-fs: Ignoring removed mblk_io_submit option [ 225.458581][T13452] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 225.471223][T13452] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002] [ 225.480004][T13452] System zones: 1-12 [ 225.485249][T13452] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.2797: corrupted in-inode xattr: e_value size too large [ 225.500716][T13452] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2797: couldn't read orphan inode 15 (err -117) [ 225.514961][T13452] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 225.562105][T13457] loop0: detected capacity change from 0 to 128 [ 225.585427][T10197] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.661507][T13461] netlink: 184 bytes leftover after parsing attributes in process `syz.2.2801'. [ 225.695706][T13470] loop3: detected capacity change from 0 to 1024 [ 225.703337][T13470] EXT4-fs: Ignoring removed orlov option [ 225.709101][T13470] EXT4-fs: Ignoring removed nomblk_io_submit option [ 225.752878][T13470] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 225.794100][T13477] loop4: detected capacity change from 0 to 128 [ 225.817844][T13477] loop4: detected capacity change from 0 to 128 [ 225.905855][T13187] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.991786][T13484] loop3: detected capacity change from 0 to 512 [ 226.008001][T13484] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 226.028729][T13487] cgroup: Bad value for 'name' [ 226.044025][T13484] EXT4-fs (loop3): 1 orphan inode deleted [ 226.049849][T13484] EXT4-fs (loop3): 1 truncate cleaned up [ 226.059226][T13484] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 226.111386][T13187] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.261866][T13503] netlink: 184 bytes leftover after parsing attributes in process `syz.3.2815'. [ 226.276557][T13501] 9pnet_fd: p9_fd_create_tcp (13501): problem connecting socket to 127.0.0.1 [ 226.483517][T13519] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2816'. [ 226.933566][T13523] loop4: detected capacity change from 0 to 132 [ 227.002581][T13526] loop2: detected capacity change from 0 to 128 [ 227.028469][T13526] loop2: detected capacity change from 0 to 128 [ 227.142302][T13539] loop0: detected capacity change from 0 to 128 [ 227.167160][T13534] netlink: 184 bytes leftover after parsing attributes in process `syz.3.2821'. [ 227.270419][T13549] loop4: detected capacity change from 0 to 1024 [ 227.300354][T13549] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 227.376909][T13555] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 227.406284][T13555] loop0: detected capacity change from 0 to 512 [ 227.440719][T13555] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 227.461474][T13555] ext4 filesystem being mounted at /283/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 227.474902][T13555] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2826: bg 0: block 256: padding at end of block bitmap is not set [ 227.494228][T13555] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.2826: Failed to acquire dquot type 1 [ 227.517422][T13555] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2826'. [ 227.578646][T11869] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.603034][ T8826] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.647305][T13568] loop4: detected capacity change from 0 to 132 [ 227.664776][T13571] netlink: 184 bytes leftover after parsing attributes in process `syz.0.2830'. [ 228.026412][ T29] kauditd_printk_skb: 1435 callbacks suppressed [ 228.026431][ T29] audit: type=1400 audit(1721958138.262:4922): avc: denied { recv } for pid=3249 comm="syz-executor" saddr=10.128.0.163 src=30030 daddr=10.128.1.144 dest=42290 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 228.052218][T13587] loop4: detected capacity change from 0 to 128 [ 228.065142][ T29] audit: type=1400 audit(1721958138.272:4923): avc: denied { read write } for pid=11869 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 228.065174][ T29] audit: type=1400 audit(1721958138.272:4924): avc: denied { open } for pid=11869 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 228.113912][ T29] audit: type=1400 audit(1721958138.272:4925): avc: denied { ioctl } for pid=11869 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=104 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 228.139768][ T29] audit: type=1400 audit(1721958138.272:4926): avc: denied { recv } for pid=29 comm="kauditd" saddr=10.128.0.163 src=30030 daddr=10.128.1.144 dest=42290 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 228.164959][ T29] audit: type=1400 audit(1721958138.292:4927): avc: denied { read write } for pid=13585 comm="syz.4.2833" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 228.172867][T13589] loop4: detected capacity change from 0 to 128 [ 228.189276][ T29] audit: type=1400 audit(1721958138.292:4928): avc: denied { open } for pid=13585 comm="syz.4.2833" path="/dev/loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 228.189316][ T29] audit: type=1400 audit(1721958138.292:4929): avc: denied { ioctl } for pid=13585 comm="syz.4.2833" path="/dev/loop4" dev="devtmpfs" ino=104 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 228.194776][ T29] audit: type=1400 audit(1721958138.332:4930): avc: denied { mounton } for pid=13585 comm="syz.4.2833" path="/89/file0" dev="tmpfs" ino=504 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 228.268344][ T29] audit: type=1400 audit(1721958138.332:4931): avc: denied { read write } for pid=13585 comm="syz.4.2833" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 228.385264][ T8807] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.387982][T13592] xt_connbytes: Forcing CT accounting to be enabled [ 228.401399][T13592] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 228.413105][T13592] xt_bpf: check failed: parse error [ 228.556969][T13604] lo speed is unknown, defaulting to 1000 [ 228.572318][T13609] loop2: detected capacity change from 0 to 132 [ 228.676439][T13615] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 228.815907][T13628] FAULT_INJECTION: forcing a failure. [ 228.815907][T13628] name failslab, interval 1, probability 0, space 0, times 0 [ 228.828744][T13628] CPU: 0 UID: 0 PID: 13628 Comm: syz.4.2846 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 228.839208][T13628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 228.849289][T13628] Call Trace: [ 228.852617][T13628] [ 228.855658][T13628] dump_stack_lvl+0xf2/0x150 [ 228.860435][T13628] dump_stack+0x15/0x20 [ 228.864708][T13628] should_fail_ex+0x229/0x230 [ 228.869514][T13628] ? __d_alloc+0x3d/0x340 [ 228.873888][T13628] should_failslab+0x8f/0xb0 [ 228.878597][T13628] kmem_cache_alloc_lru_noprof+0x51/0x2a0 [ 228.884394][T13628] __d_alloc+0x3d/0x340 [ 228.888595][T13628] d_alloc_pseudo+0x1e/0x80 [ 228.892362][T13625] loop2: detected capacity change from 0 to 128 [ 228.893143][T13628] alloc_file_pseudo+0x70/0x140 [ 228.893181][T13628] ? _raw_spin_unlock+0x26/0x50 [ 228.893228][T13628] anon_inode_getfile+0xa3/0x130 [ 228.914261][T13628] do_epoll_create+0x1ec/0x2d0 [ 228.919138][T13628] __x64_sys_epoll_create+0x35/0x50 [ 228.924426][T13628] x64_sys_call+0x20a/0x2e00 [ 228.929111][T13628] do_syscall_64+0xc9/0x1c0 [ 228.933776][T13628] ? clear_bhb_loop+0x55/0xb0 [ 228.938495][T13628] ? clear_bhb_loop+0x55/0xb0 [ 228.943252][T13628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.949223][T13628] RIP: 0033:0x7fc9ac687299 [ 228.953690][T13628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.973321][T13628] RSP: 002b:00007fc9ab307048 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5 [ 228.981823][T13628] RAX: ffffffffffffffda RBX: 00007fc9ac815f80 RCX: 00007fc9ac687299 [ 228.989805][T13628] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 228.997879][T13628] RBP: 00007fc9ab3070a0 R08: 0000000000000000 R09: 0000000000000000 [ 229.005868][T13628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 229.013855][T13628] R13: 000000000000000b R14: 00007fc9ac815f80 R15: 00007ffd09762318 [ 229.021952][T13628] [ 229.035240][T13631] loop2: detected capacity change from 0 to 128 [ 229.352033][T13648] loop2: detected capacity change from 0 to 132 [ 229.440858][T13657] FAULT_INJECTION: forcing a failure. [ 229.440858][T13657] name failslab, interval 1, probability 0, space 0, times 0 [ 229.453608][T13657] CPU: 1 UID: 0 PID: 13657 Comm: syz.2.2855 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 229.464108][T13657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 229.474185][T13657] Call Trace: [ 229.477490][T13657] [ 229.480511][T13657] dump_stack_lvl+0xf2/0x150 [ 229.485237][T13657] dump_stack+0x15/0x20 [ 229.489457][T13657] should_fail_ex+0x229/0x230 [ 229.494173][T13657] ? p9_client_create+0x1a7/0xa80 [ 229.499356][T13657] should_failslab+0x8f/0xb0 [ 229.504007][T13657] __kmalloc_node_track_caller_noprof+0xa6/0x380 [ 229.510356][T13657] ? should_failslab+0x8f/0xb0 [ 229.515187][T13657] kstrdup+0x3a/0x80 [ 229.519141][T13657] p9_client_create+0x1a7/0xa80 [ 229.524051][T13657] v9fs_session_init+0xf9/0xda0 [ 229.528974][T13657] ? __rcu_read_unlock+0x4e/0x70 [ 229.534003][T13657] ? v9fs_mount+0x53/0x560 [ 229.538450][T13657] ? should_failslab+0x8f/0xb0 [ 229.543280][T13657] v9fs_mount+0x69/0x560 [ 229.547595][T13657] ? __pfx_v9fs_mount+0x10/0x10 [ 229.552479][T13657] legacy_get_tree+0x77/0xd0 [ 229.557108][T13657] vfs_get_tree+0x56/0x1d0 [ 229.561531][T13657] do_new_mount+0x227/0x690 [ 229.566115][T13657] path_mount+0x49b/0xb30 [ 229.570476][T13657] __se_sys_mount+0x27c/0x2d0 [ 229.575248][T13657] __x64_sys_mount+0x67/0x80 [ 229.579933][T13657] x64_sys_call+0xd11/0x2e00 [ 229.584636][T13657] do_syscall_64+0xc9/0x1c0 [ 229.589166][T13657] ? clear_bhb_loop+0x55/0xb0 [ 229.593864][T13657] ? clear_bhb_loop+0x55/0xb0 [ 229.598687][T13657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.604640][T13657] RIP: 0033:0x7f57dcb77299 [ 229.609083][T13657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.628941][T13657] RSP: 002b:00007f57db7f7048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 229.637363][T13657] RAX: ffffffffffffffda RBX: 00007f57dcd05f80 RCX: 00007f57dcb77299 [ 229.645391][T13657] RDX: 0000000020000180 RSI: 0000000020000000 RDI: 0000000000000000 [ 229.653456][T13657] RBP: 00007f57db7f70a0 R08: 0000000020000080 R09: 0000000000000000 [ 229.661469][T13657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 229.669483][T13657] R13: 000000000000000b R14: 00007f57dcd05f80 R15: 00007ffd445a1838 [ 229.677466][T13657] [ 229.714839][T13659] loop0: detected capacity change from 0 to 2048 [ 229.823652][T13670] loop4: detected capacity change from 0 to 128 [ 229.856472][T13659] loop7: detected capacity change from 0 to 16384 [ 229.940020][T13670] loop4: detected capacity change from 0 to 128 [ 230.039198][T13683] loop3: detected capacity change from 0 to 164 [ 230.137991][T13659] I/O error, dev loop7, sector 3840 op 0x0:(READ) flags 0x80700 phys_seg 6 prio class 0 [ 230.166655][T13659] I/O error, dev loop7, sector 3592 op 0x0:(READ) flags 0x80700 phys_seg 29 prio class 0 [ 230.192509][T13659] I/O error, dev loop7, sector 3592 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 230.202074][T13659] Buffer I/O error on dev loop7, logical block 449, async page read [ 230.243213][T13659] I/O error, dev loop7, sector 3592 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 230.252805][T13659] Buffer I/O error on dev loop7, logical block 449, async page read [ 230.269624][T13695] netlink: 'syz.4.2869': attribute type 4 has an invalid length. [ 230.284270][T13656] I/O error, dev loop7, sector 1536 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 230.294522][T13656] Buffer I/O error on dev loop7, logical block 192, lost async page write [ 230.303135][T13656] Buffer I/O error on dev loop7, logical block 193, lost async page write [ 230.311737][T13656] Buffer I/O error on dev loop7, logical block 194, lost async page write [ 230.320432][T13656] Buffer I/O error on dev loop7, logical block 195, lost async page write [ 230.329049][T13656] Buffer I/O error on dev loop7, logical block 196, lost async page write [ 230.337719][T13656] Buffer I/O error on dev loop7, logical block 197, lost async page write [ 230.346381][T13656] Buffer I/O error on dev loop7, logical block 198, lost async page write [ 230.354911][T13656] Buffer I/O error on dev loop7, logical block 199, lost async page write [ 230.414041][T13656] I/O error, dev loop7, sector 2560 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 230.436329][T13656] I/O error, dev loop7, sector 3584 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 230.640987][T13715] loop3: detected capacity change from 0 to 512 [ 230.652438][T13720] loop4: detected capacity change from 0 to 512 [ 230.659913][T13719] __nla_validate_parse: 3 callbacks suppressed [ 230.659928][T13719] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2875'. [ 230.668408][T13720] EXT4-fs: Ignoring removed mblk_io_submit option [ 230.686360][T13715] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 230.692212][T13719] netlink: 116 bytes leftover after parsing attributes in process `syz.0.2875'. [ 230.709031][T13720] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 230.717537][T13715] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 230.718268][T13719] bridge_slave_1: left allmulticast mode [ 230.725502][T13715] EXT4-fs (loop3): orphan cleanup on readonly fs [ 230.731175][T13719] bridge_slave_1: left promiscuous mode [ 230.743205][T13719] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.751595][T13720] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002] [ 230.761308][T13720] System zones: 1-12 [ 230.765441][T13715] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2874: bg 0: block 361: padding at end of block bitmap is not set [ 230.780652][T13719] bridge_slave_0: left allmulticast mode [ 230.782622][T13720] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2876: corrupted in-inode xattr: e_value size too large [ 230.786400][T13719] bridge_slave_0: left promiscuous mode [ 230.806125][T13719] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.806422][T13715] EXT4-fs (loop3): Remounting filesystem read-only [ 230.821737][T13720] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2876: couldn't read orphan inode 15 (err -117) [ 230.822067][T13715] EXT4-fs (loop3): 1 truncate cleaned up [ 230.839935][T13715] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 230.845447][T13720] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 230.851889][T13715] SELinux: (dev loop3, type ext4) getxattr errno 5 [ 230.852465][T13715] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 230.935531][T11869] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.043794][T13727] loop3: detected capacity change from 0 to 128 [ 231.106708][T13727] loop3: detected capacity change from 0 to 128 [ 231.179587][T13733] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2879'. [ 231.466951][T13752] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2884'. [ 231.469903][T13751] loop3: detected capacity change from 0 to 512 [ 231.486316][T13751] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 231.496055][T13752] syz_tun: entered promiscuous mode [ 231.503196][T13751] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 231.516327][T13751] EXT4-fs (loop3): orphan cleanup on readonly fs [ 231.526590][T13751] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2888: bg 0: block 361: padding at end of block bitmap is not set [ 231.557644][T13751] EXT4-fs (loop3): Remounting filesystem read-only [ 231.567059][T13751] EXT4-fs (loop3): 1 truncate cleaned up [ 231.573080][T13751] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 231.614555][ T7799] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.630758][T13751] SELinux: (dev loop3, type ext4) getxattr errno 5 [ 231.637828][T13751] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 231.687139][ T7799] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.754264][ T7799] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.799041][T13767] loop3: detected capacity change from 0 to 128 [ 231.813828][ T7799] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.857270][T13767] loop3: detected capacity change from 0 to 128 [ 231.942637][T13774] loop1: detected capacity change from 0 to 512 [ 231.979513][T13774] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 231.994828][T13687] loop2: detected capacity change from 0 to 512 [ 232.004401][T13774] ext4 filesystem being mounted at /341/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 232.007016][T13687] EXT4-fs: Ignoring removed nomblk_io_submit option [ 232.021895][ T7799] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 232.035714][ T7799] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 232.046924][T13687] EXT4-fs (loop2): orphan cleanup on readonly fs [ 232.047995][ T7799] bond0 (unregistering): Released all slaves [ 232.054031][T13687] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2865: bg 0: block 248: padding at end of block bitmap is not set [ 232.073910][T13687] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.2865: Failed to acquire dquot type 1 [ 232.089994][T13687] EXT4-fs (loop2): 1 truncate cleaned up [ 232.090684][T13779] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2892'. [ 232.096399][T13687] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 232.169025][T13684] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2865'. [ 232.175723][T13760] lo speed is unknown, defaulting to 1000 [ 232.360024][ T7799] hsr_slave_0: left promiscuous mode [ 232.373504][ T7799] hsr_slave_1: left promiscuous mode [ 232.382944][ T7799] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 232.390570][ T7799] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 232.400083][ T7799] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 232.407569][ T7799] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 232.417563][ T7799] veth1_macvtap: left promiscuous mode [ 232.423107][ T7799] veth0_macvtap: left promiscuous mode [ 232.428651][ T7799] veth1_vlan: left promiscuous mode [ 232.433921][ T7799] veth0_vlan: left promiscuous mode [ 232.566252][T13687] syz.2.2865 (13687) used greatest stack depth: 9408 bytes left [ 232.577233][T10197] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.641394][ T7799] team0 (unregistering): Port device team_slave_1 removed [ 232.668132][ T7799] team0 (unregistering): Port device team_slave_0 removed [ 232.816691][ T8807] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.842769][T13799] netlink: 'syz.2.2901': attribute type 15 has an invalid length. [ 232.850830][T13799] netlink: 723 bytes leftover after parsing attributes in process `syz.2.2901'. [ 232.910697][T13760] chnl_net:caif_netlink_parms(): no params data found [ 232.962060][T13812] loop2: detected capacity change from 0 to 128 [ 232.990567][T13812] loop2: detected capacity change from 0 to 128 [ 233.000099][T13817] netlink: 'syz.1.2903': attribute type 1 has an invalid length. [ 233.037104][ T29] kauditd_printk_skb: 1147 callbacks suppressed [ 233.037120][ T29] audit: type=1400 audit(1721958143.282:6075): avc: denied { read } for pid=13811 comm="syz.2.2904" dev="nsfs" ino=4026532431 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 233.093568][T13760] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.100716][T13760] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.114584][ T29] audit: type=1400 audit(1721958143.312:6076): avc: denied { open } for pid=13811 comm="syz.2.2904" path="net:[4026532431]" dev="nsfs" ino=4026532431 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 233.138077][ T29] audit: type=1400 audit(1721958143.312:6077): avc: denied { create } for pid=13811 comm="syz.2.2904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 233.158306][T13760] bridge_slave_0: entered allmulticast mode [ 233.158719][ T29] audit: type=1400 audit(1721958143.322:6078): avc: denied { write } for pid=13811 comm="syz.2.2904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 233.165474][T13760] bridge_slave_0: entered promiscuous mode [ 233.184976][ T29] audit: type=1400 audit(1721958143.322:6079): avc: denied { read } for pid=13811 comm="syz.2.2904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 233.185007][ T29] audit: type=1400 audit(1721958143.322:6080): avc: denied { write } for pid=13811 comm="syz.2.2904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 233.185035][ T29] audit: type=1400 audit(1721958143.322:6081): avc: denied { nlmsg_write } for pid=13811 comm="syz.2.2904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 233.196472][ T29] audit: type=1400 audit(1721958143.432:6082): avc: denied { create } for pid=13818 comm="syz.3.2905" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 233.238563][T13760] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.279144][T13760] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.288878][ T29] audit: type=1400 audit(1721958143.462:6083): avc: denied { read } for pid=13818 comm="syz.3.2905" dev="nsfs" ino=4026532399 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 233.310283][ T29] audit: type=1400 audit(1721958143.462:6084): avc: denied { open } for pid=13818 comm="syz.3.2905" path="net:[4026532399]" dev="nsfs" ino=4026532399 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 233.312445][T13760] bridge_slave_1: entered allmulticast mode [ 233.375349][T13824] loop3: detected capacity change from 0 to 128 [ 233.386917][T13760] bridge_slave_1: entered promiscuous mode [ 233.404897][T13824] FAULT_INJECTION: forcing a failure. [ 233.404897][T13824] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 233.418046][T13824] CPU: 0 UID: 0 PID: 13824 Comm: syz.3.2907 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 233.428646][T13824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 233.438717][T13824] Call Trace: [ 233.442042][T13824] [ 233.444991][T13824] dump_stack_lvl+0xf2/0x150 [ 233.449625][T13824] dump_stack+0x15/0x20 [ 233.453956][T13824] should_fail_ex+0x229/0x230 [ 233.458666][T13824] should_fail+0xb/0x10 [ 233.462838][T13824] should_fail_usercopy+0x1a/0x20 [ 233.467957][T13824] strncpy_from_user+0x25/0x270 [ 233.472885][T13824] ? kmem_cache_alloc_noprof+0x10c/0x290 [ 233.478675][T13824] getname_flags+0xb0/0x3b0 [ 233.483204][T13824] __x64_sys_mkdir+0x33/0x50 [ 233.487852][T13824] x64_sys_call+0x20cb/0x2e00 [ 233.492627][T13824] do_syscall_64+0xc9/0x1c0 [ 233.497192][T13824] ? clear_bhb_loop+0x55/0xb0 [ 233.501903][T13824] ? clear_bhb_loop+0x55/0xb0 [ 233.506615][T13824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.512549][T13824] RIP: 0033:0x7f1357ab7299 [ 233.516982][T13824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.536625][T13824] RSP: 002b:00007f1356737048 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 233.545136][T13824] RAX: ffffffffffffffda RBX: 00007f1357c45f80 RCX: 00007f1357ab7299 [ 233.553179][T13824] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020002200 [ 233.561176][T13824] RBP: 00007f13567370a0 R08: 0000000000000000 R09: 0000000000000000 [ 233.569180][T13824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.577170][T13824] R13: 000000000000000b R14: 00007f1357c45f80 R15: 00007fffbb5bd578 [ 233.585291][T13824] [ 233.627289][T13760] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.638596][T13760] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.692751][T13760] team0: Port device team_slave_0 added [ 233.724675][T13760] team0: Port device team_slave_1 added [ 233.782583][T13760] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 233.789608][T13760] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.815578][T13760] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 233.828201][T13835] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2911'. [ 233.868629][T13760] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 233.875695][T13760] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.901845][T13760] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 233.919140][T13839] FAULT_INJECTION: forcing a failure. [ 233.919140][T13839] name failslab, interval 1, probability 0, space 0, times 0 [ 233.931822][T13839] CPU: 1 UID: 0 PID: 13839 Comm: syz.2.2913 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 233.942432][T13839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 233.952509][T13839] Call Trace: [ 233.955847][T13839] [ 233.958795][T13839] dump_stack_lvl+0xf2/0x150 [ 233.963415][T13839] dump_stack+0x15/0x20 [ 233.967591][T13839] should_fail_ex+0x229/0x230 [ 233.972322][T13839] ? getname_flags+0x81/0x3b0 [ 233.977042][T13839] should_failslab+0x8f/0xb0 [ 233.981688][T13839] kmem_cache_alloc_noprof+0x4c/0x290 [ 233.987079][T13839] getname_flags+0x81/0x3b0 [ 233.991609][T13839] user_path_at+0x26/0x110 [ 233.996067][T13839] __se_sys_move_mount+0xfd/0x730 [ 234.001170][T13839] ? fput+0x13b/0x180 [ 234.005172][T13839] __x64_sys_move_mount+0x67/0x80 [ 234.010316][T13839] x64_sys_call+0x1dc9/0x2e00 [ 234.015014][T13839] do_syscall_64+0xc9/0x1c0 [ 234.019629][T13839] ? clear_bhb_loop+0x55/0xb0 [ 234.024520][T13839] ? clear_bhb_loop+0x55/0xb0 [ 234.029236][T13839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.035239][T13839] RIP: 0033:0x7f57dcb77299 [ 234.039753][T13839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.059447][T13839] RSP: 002b:00007f57db7f7048 EFLAGS: 00000246 ORIG_RAX: 00000000000001ad [ 234.067917][T13839] RAX: ffffffffffffffda RBX: 00007f57dcd05f80 RCX: 00007f57dcb77299 [ 234.075896][T13839] RDX: ffffffffffffff9c RSI: 0000000020000040 RDI: ffffffffffffffff [ 234.083898][T13839] RBP: 00007f57db7f70a0 R08: 0000000000000000 R09: 0000000000000000 [ 234.091937][T13839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 234.100016][T13839] R13: 000000000000000b R14: 00007f57dcd05f80 R15: 00007ffd445a1838 [ 234.108053][T13839] [ 234.235896][T13760] hsr_slave_0: entered promiscuous mode [ 234.244163][T13760] hsr_slave_1: entered promiscuous mode [ 234.262732][T13760] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 234.276209][T13760] Cannot create hsr debugfs directory [ 234.631221][T13857] loop1: detected capacity change from 0 to 2048 [ 234.684579][T13862] loop3: detected capacity change from 0 to 128 [ 234.713743][T13760] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 234.721299][T13857] loop7: detected capacity change from 0 to 16384 [ 234.741600][T13760] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 234.770686][T13760] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 234.773328][T13862] loop3: detected capacity change from 0 to 128 [ 234.794957][T13760] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 234.949577][T13857] I/O error, dev loop7, sector 6912 op 0x0:(READ) flags 0x80700 phys_seg 10 prio class 0 [ 234.991377][T13857] I/O error, dev loop7, sector 7168 op 0x0:(READ) flags 0x80700 phys_seg 31 prio class 0 [ 234.999416][T13760] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.016308][T13857] I/O error, dev loop7, sector 6912 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 235.051445][T13760] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.114456][ T3340] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.121788][ T3340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.147325][ T3340] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.154453][ T3340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 235.200722][T13870] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 235.226524][T13870] loop3: detected capacity change from 0 to 512 [ 235.275698][T13870] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.323556][T13870] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 235.390073][T13870] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2922: bg 0: block 256: padding at end of block bitmap is not set [ 235.465748][T13870] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.2922: Failed to acquire dquot type 1 [ 235.474117][T13760] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 235.550526][T13187] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.629113][T13883] loop1: detected capacity change from 0 to 512 [ 235.710469][T13883] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.2924: invalid indirect mapped block 256 (level 2) [ 235.780458][T13760] veth0_vlan: entered promiscuous mode [ 235.789439][T13760] veth1_vlan: entered promiscuous mode [ 235.800677][T13883] EXT4-fs (loop1): 2 truncates cleaned up [ 235.826163][T13760] veth0_macvtap: entered promiscuous mode [ 235.841600][T13883] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.876121][T13760] veth1_macvtap: entered promiscuous mode [ 235.891236][T13760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.901771][T13760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.911670][T13760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.922195][T13760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.932164][T13760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.942726][T13760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.952569][T13760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.963043][T13760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.973039][T13760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.983600][T13760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.996557][T13760] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 236.011097][T13760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.021596][T13760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.031614][T13760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.042083][T13760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.051997][T13760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.062852][T13760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.072854][T13760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.083590][T13760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.093423][T13760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 236.103883][T13760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 236.116211][T13760] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 236.126730][T13760] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.135486][T13760] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.144283][T13760] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.153148][T13760] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.280115][T13852] loop4: detected capacity change from 0 to 512 [ 236.294444][T13852] EXT4-fs: Ignoring removed nomblk_io_submit option [ 236.302911][T13898] loop2: detected capacity change from 0 to 512 [ 236.327536][T13898] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 236.329306][T13899] loop0: detected capacity change from 0 to 132 [ 236.344022][T13852] EXT4-fs (loop4): orphan cleanup on readonly fs [ 236.363690][T13852] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2910: bg 0: block 248: padding at end of block bitmap is not set [ 236.387163][T13898] EXT4-fs (loop2): 1 orphan inode deleted [ 236.392989][T13898] EXT4-fs (loop2): 1 truncate cleaned up [ 236.418866][T13852] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.2910: Failed to acquire dquot type 1 [ 236.439709][T13898] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 236.463065][T13852] EXT4-fs (loop4): 1 truncate cleaned up [ 236.484538][T13852] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 236.518908][T10197] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.569455][T13906] loop3: detected capacity change from 0 to 128 [ 236.610417][T13906] loop3: detected capacity change from 0 to 128 [ 236.651977][T13832] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2910'. [ 236.785635][T13915] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 236.812214][T13915] loop2: detected capacity change from 0 to 512 [ 236.829915][T13919] loop0: detected capacity change from 0 to 512 [ 236.853650][T10123] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.871632][T13915] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 236.911086][T13919] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 236.924835][T13915] ext4 filesystem being mounted at /237/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 236.935312][T13919] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 236.946038][T11869] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.963393][T13915] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2934: bg 0: block 256: padding at end of block bitmap is not set [ 236.981161][T13915] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.2934: Failed to acquire dquot type 1 [ 237.039123][T10197] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.039815][T13760] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.093846][T13931] loop2: detected capacity change from 0 to 164 [ 237.159427][ T7799] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.201577][ T7799] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.247956][T13944] loop2: detected capacity change from 0 to 128 [ 237.262898][ T7799] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.311300][ T7799] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.415778][ T7799] bridge_slave_1: left allmulticast mode [ 237.421823][ T7799] bridge_slave_1: left promiscuous mode [ 237.427624][ T7799] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.438781][ T7799] bridge_slave_0: left allmulticast mode [ 237.444472][ T7799] bridge_slave_0: left promiscuous mode [ 237.450346][ T7799] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.459632][T13953] loop4: detected capacity change from 0 to 2048 [ 237.502547][T13953] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.2946: bad orphan inode 8192 [ 237.522984][T13953] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 237.599127][ T7799] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 237.621422][ T7799] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 237.657848][ T7799] bond0 (unregistering): Released all slaves [ 237.740319][T11869] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.749841][ T7799] IPVS: stopping master sync thread 13058 ... [ 237.764992][ T7799] IPVS: stopping master sync thread 13057 ... [ 237.783559][ T7799] IPVS: stopping master sync thread 13056 ... [ 237.814119][ T7799] IPVS: stopping master sync thread 13055 ... [ 237.881367][T13946] lo speed is unknown, defaulting to 1000 [ 237.888833][ T7799] hsr_slave_0: left promiscuous mode [ 237.895544][ T7799] hsr_slave_1: left promiscuous mode [ 237.903675][ T7799] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 237.911290][ T7799] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 237.930894][ T7799] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 237.938448][ T7799] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 237.970815][ T7799] veth1_macvtap: left promiscuous mode [ 237.976493][ T7799] veth0_macvtap: left promiscuous mode [ 237.982054][ T7799] veth1_vlan: left promiscuous mode [ 237.983549][T13972] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 237.987321][ T7799] veth0_vlan: left promiscuous mode [ 238.020027][T13972] loop4: detected capacity change from 0 to 512 [ 238.023362][T13973] loop3: detected capacity change from 0 to 512 [ 238.042175][T13972] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 238.068883][T13972] ext4 filesystem being mounted at /115/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 238.080112][ T29] kauditd_printk_skb: 735 callbacks suppressed [ 238.080150][ T29] audit: type=1400 audit(1721958148.312:6812): avc: denied { mount } for pid=13969 comm="syz.4.2949" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 238.111816][T13973] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 238.136767][T13972] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2949: bg 0: block 256: padding at end of block bitmap is not set [ 238.156193][T13973] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 238.169802][T13972] Quota error (device loop4): write_blk: dquota write failed [ 238.177249][T13972] Quota error (device loop4): find_free_dqentry: Can't write quota data block 5 [ 238.186404][T13972] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 238.196343][T13972] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.2949: Failed to acquire dquot type 1 [ 238.209673][ T29] audit: type=1400 audit(1721958148.352:6813): avc: denied { read write } for pid=13969 comm="syz.4.2949" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 238.233935][ T29] audit: type=1400 audit(1721958148.352:6814): avc: denied { open } for pid=13969 comm="syz.4.2949" path="/dev/loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 238.257974][ T29] audit: type=1400 audit(1721958148.362:6815): avc: denied { write } for pid=13969 comm="syz.4.2949" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 238.263526][T13980] loop2: detected capacity change from 0 to 164 [ 238.279768][ T29] audit: type=1400 audit(1721958148.362:6816): avc: denied { remove_name } for pid=13969 comm="syz.4.2949" name="file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 238.279804][ T29] audit: type=1400 audit(1721958148.362:6817): avc: denied { rmdir } for pid=13969 comm="syz.4.2949" name="file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 238.331104][ T29] audit: type=1400 audit(1721958148.382:6818): avc: denied { unmount } for pid=10197 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 238.472311][T13187] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.481897][ T7799] team0 (unregistering): Port device team_slave_1 removed [ 238.499899][ T7799] team0 (unregistering): Port device team_slave_0 removed [ 238.531848][T13985] FAULT_INJECTION: forcing a failure. [ 238.531848][T13985] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 238.545175][T13985] CPU: 1 UID: 0 PID: 13985 Comm: syz.3.2952 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 238.555614][T13985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 238.565696][T13985] Call Trace: [ 238.568996][T13985] [ 238.571945][T13985] dump_stack_lvl+0xf2/0x150 [ 238.576677][T13985] dump_stack+0x15/0x20 [ 238.580855][T13985] should_fail_ex+0x229/0x230 [ 238.585662][T13985] should_fail+0xb/0x10 [ 238.589911][T13985] should_fail_usercopy+0x1a/0x20 [ 238.595011][T13985] _copy_from_user+0x1e/0xd0 [ 238.599662][T13985] io_eventfd_register+0x77/0x1f0 [ 238.604728][T13985] __se_sys_io_uring_register+0x3f6/0x1070 [ 238.610556][T13985] __x64_sys_io_uring_register+0x55/0x70 [ 238.616224][T13985] x64_sys_call+0xb9d/0x2e00 [ 238.620847][T13985] do_syscall_64+0xc9/0x1c0 [ 238.625475][T13985] ? clear_bhb_loop+0x55/0xb0 [ 238.630342][T13985] ? clear_bhb_loop+0x55/0xb0 [ 238.635137][T13985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.641095][T13985] RIP: 0033:0x7f1357ab7299 [ 238.645530][T13985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.665277][T13985] RSP: 002b:00007f1356737048 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 238.673799][T13985] RAX: ffffffffffffffda RBX: 00007f1357c45f80 RCX: 00007f1357ab7299 [ 238.681880][T13985] RDX: 0000000020000040 RSI: 0000000000000004 RDI: 0000000000000005 [ 238.689868][T13985] RBP: 00007f13567370a0 R08: 0000000000000000 R09: 0000000000000000 [ 238.697865][T13985] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 238.706004][T13985] R13: 000000000000000b R14: 00007f1357c45f80 R15: 00007fffbb5bd578 [ 238.714001][T13985] [ 238.741699][T11869] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.901726][T13946] chnl_net:caif_netlink_parms(): no params data found [ 239.009012][T13946] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.016600][T13946] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.051389][T13946] bridge_slave_0: entered allmulticast mode [ 239.058159][T13946] bridge_slave_0: entered promiscuous mode [ 239.068124][T13946] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.075299][T13946] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.082653][T13946] bridge_slave_1: entered allmulticast mode [ 239.092347][T13946] bridge_slave_1: entered promiscuous mode [ 239.128893][T14008] loop2: detected capacity change from 0 to 512 [ 239.139786][T14008] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 239.154853][T14008] EXT4-fs (loop2): 1 orphan inode deleted [ 239.160797][T14008] EXT4-fs (loop2): 1 truncate cleaned up [ 239.169955][T14008] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 239.321239][T13946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 239.334862][T10197] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.380313][T13946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 239.437421][T14013] netlink: 'syz.2.2961': attribute type 12 has an invalid length. [ 239.445299][T14013] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2961'. [ 239.490184][T13946] team0: Port device team_slave_0 added [ 239.501104][T13946] team0: Port device team_slave_1 added [ 239.525124][T13946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 239.532255][T13946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.558307][T13946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 239.569709][T13946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 239.576765][T13946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.603142][T13946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 239.632272][T14019] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2962'. [ 239.661815][T13946] hsr_slave_0: entered promiscuous mode [ 239.678725][T13946] hsr_slave_1: entered promiscuous mode [ 239.689634][T13946] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 239.690393][T13967] loop0: detected capacity change from 0 to 512 [ 239.706215][T14021] loop3: detected capacity change from 0 to 164 [ 239.707437][T13967] EXT4-fs: Ignoring removed nomblk_io_submit option [ 239.712553][T13946] Cannot create hsr debugfs directory [ 239.724636][T14022] netlink: 'syz.2.2962': attribute type 16 has an invalid length. [ 239.736358][T13967] EXT4-fs (loop0): orphan cleanup on readonly fs [ 239.747689][T13967] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2947: bg 0: block 248: padding at end of block bitmap is not set [ 239.767188][T13967] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.2947: Failed to acquire dquot type 1 [ 239.791389][T13967] EXT4-fs (loop0): 1 truncate cleaned up [ 239.805185][T13967] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 239.844251][T14026] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 239.888418][T14026] loop3: detected capacity change from 0 to 512 [ 239.941287][T13956] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2947'. [ 239.944675][T14033] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2966'. [ 239.953440][T14026] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 239.989391][T14026] ext4 filesystem being mounted at /50/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 240.011828][T14036] FAULT_INJECTION: forcing a failure. [ 240.011828][T14036] name failslab, interval 1, probability 0, space 0, times 0 [ 240.017627][T14026] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2964: bg 0: block 256: padding at end of block bitmap is not set [ 240.024495][T14036] CPU: 0 UID: 0 PID: 14036 Comm: syz.2.2968 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 240.049201][T14036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 240.056456][T14026] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.2964: Failed to acquire dquot type 1 [ 240.059306][T14036] Call Trace: [ 240.059318][T14036] [ 240.077003][T14036] dump_stack_lvl+0xf2/0x150 [ 240.081719][T14036] dump_stack+0x15/0x20 [ 240.086031][T14036] should_fail_ex+0x229/0x230 [ 240.090740][T14036] ? getname_flags+0x81/0x3b0 [ 240.095531][T14036] should_failslab+0x8f/0xb0 [ 240.100168][T14036] kmem_cache_alloc_noprof+0x4c/0x290 [ 240.105653][T14036] getname_flags+0x81/0x3b0 [ 240.110194][T14036] getname+0x17/0x20 [ 240.114111][T14036] do_sys_openat2+0x67/0x120 [ 240.118728][T14036] __x64_sys_openat+0xf3/0x120 [ 240.123548][T14036] x64_sys_call+0x1ac/0x2e00 [ 240.128243][T14036] do_syscall_64+0xc9/0x1c0 [ 240.132948][T14036] ? clear_bhb_loop+0x55/0xb0 [ 240.137710][T14036] ? clear_bhb_loop+0x55/0xb0 [ 240.142425][T14036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.148355][T14036] RIP: 0033:0x7f57dcb75cd0 [ 240.152788][T14036] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 79 8d 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 cc 8d 02 00 8b 44 [ 240.172424][T14036] RSP: 002b:00007f57db7f6f20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 240.181002][T14036] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f57dcb75cd0 [ 240.188997][T14036] RDX: 0000000000000002 RSI: 00007f57db7f6fb0 RDI: 00000000ffffff9c [ 240.196993][T14036] RBP: 00007f57db7f6fb0 R08: 0000000000000000 R09: 0000000000000000 [ 240.204983][T14036] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 240.213009][T14036] R13: 000000000000000b R14: 00007f57dcd05f80 R15: 00007ffd445a1838 [ 240.221008][T14036] [ 240.234735][T13187] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.252214][T13760] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.326098][T14047] loop3: detected capacity change from 0 to 164 [ 240.385654][T13946] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 240.406164][T13946] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 240.413011][T14057] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2977'. [ 240.448070][T13946] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 240.471329][T13946] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 240.507404][T14064] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 240.524228][T14064] loop3: detected capacity change from 0 to 512 [ 240.541383][T13946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.553727][T14064] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 240.568934][T14064] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 240.589332][T13946] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.593972][T14064] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2979: bg 0: block 256: padding at end of block bitmap is not set [ 240.612806][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.620000][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.629287][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.636408][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.650599][T14064] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.2979: Failed to acquire dquot type 1 [ 240.710741][T14074] loop4: detected capacity change from 0 to 512 [ 240.720432][T14074] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 240.736187][T14074] EXT4-fs (loop4): 1 orphan inode deleted [ 240.742066][T14074] EXT4-fs (loop4): 1 truncate cleaned up [ 240.753288][T14074] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 240.843912][T13946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 240.881882][T14087] loop0: detected capacity change from 0 to 1024 [ 240.908422][T14087] loop0: detected capacity change from 0 to 512 [ 240.916931][T14086] loop4: detected capacity change from 0 to 4096 [ 240.948883][T14087] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 240.975756][T14086] FAULT_INJECTION: forcing a failure. [ 240.975756][T14086] name failslab, interval 1, probability 0, space 0, times 0 [ 240.988699][T14086] CPU: 0 UID: 0 PID: 14086 Comm: syz.4.2986 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 240.999139][T14086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 241.009249][T14086] Call Trace: [ 241.012611][T14086] [ 241.015590][T14086] dump_stack_lvl+0xf2/0x150 [ 241.020266][T14086] dump_stack+0x15/0x20 [ 241.024457][T14086] should_fail_ex+0x229/0x230 [ 241.029173][T14086] ? __iomap_dio_rw+0x14e/0x1090 [ 241.034163][T14086] should_failslab+0x8f/0xb0 [ 241.038799][T14086] __kmalloc_cache_noprof+0x4b/0x2a0 [ 241.044121][T14086] __iomap_dio_rw+0x14e/0x1090 [ 241.049086][T14086] ? __rcu_read_unlock+0x4e/0x70 [ 241.054037][T14086] ? avc_has_perm+0xd4/0x160 [ 241.058659][T14086] iomap_dio_rw+0x40/0x90 [ 241.063025][T14086] ext4_file_write_iter+0xaa4/0xe30 [ 241.068267][T14086] ? ext4_file_write_iter+0x501/0xe30 [ 241.073717][T14086] do_iter_readv_writev+0x3b0/0x470 [ 241.079003][T14086] vfs_writev+0x2e0/0x880 [ 241.083481][T14086] __se_sys_pwritev2+0x10c/0x1d0 [ 241.088444][T14086] __x64_sys_pwritev2+0x78/0x90 [ 241.093308][T14086] x64_sys_call+0x1c81/0x2e00 [ 241.098043][T14086] do_syscall_64+0xc9/0x1c0 [ 241.102703][T14086] ? clear_bhb_loop+0x55/0xb0 [ 241.107435][T14086] ? clear_bhb_loop+0x55/0xb0 [ 241.112386][T14086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.118301][T14086] RIP: 0033:0x7fc9ac687299 [ 241.122795][T14086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.142473][T14086] RSP: 002b:00007fc9ab307048 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 241.151176][T14086] RAX: ffffffffffffffda RBX: 00007fc9ac815f80 RCX: 00007fc9ac687299 [ 241.159232][T14086] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000005 [ 241.167483][T14086] RBP: 00007fc9ab3070a0 R08: 0000000000000000 R09: 0000000000000003 [ 241.175497][T14086] R10: 0000000000007a00 R11: 0000000000000246 R12: 0000000000000001 [ 241.183562][T14086] R13: 000000000000000b R14: 00007fc9ac815f80 R15: 00007ffd09762318 [ 241.191644][T14086] [ 241.206173][T13946] veth0_vlan: entered promiscuous mode [ 241.233884][T13946] veth1_vlan: entered promiscuous mode [ 241.299207][T14107] loop0: detected capacity change from 0 to 1764 [ 241.306248][T14102] loop2: detected capacity change from 0 to 132 [ 241.321360][T13946] veth0_macvtap: entered promiscuous mode [ 241.378199][T14109] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2988'. [ 241.391352][T13946] veth1_macvtap: entered promiscuous mode [ 241.427294][T13946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.437842][T13946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.447782][T13946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.458435][T13946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.468951][T13946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.479621][T13946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.489862][T13946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.500456][T13946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.510391][T13946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.520878][T13946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.537099][T13946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 241.548649][T14115] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 241.560746][T13946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 241.571328][T13946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.581246][T13946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 241.591710][T13946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.600289][T14119] loop4: detected capacity change from 0 to 512 [ 241.601683][T13946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 241.619226][T13946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.620342][T14119] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 241.629596][T13946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 241.649659][T13946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.651826][T14124] FAULT_INJECTION: forcing a failure. [ 241.651826][T14124] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 241.659541][T13946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 241.659559][T13946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.663160][T13946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 241.673050][T14124] CPU: 0 UID: 0 PID: 14124 Comm: syz.0.2997 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 241.687135][T13946] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.693155][T14124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 241.693178][T14124] Call Trace: [ 241.693186][T14124] [ 241.700425][T13946] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.710783][T14124] dump_stack_lvl+0xf2/0x150 [ 241.719498][T13946] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.729586][T14124] dump_stack+0x15/0x20 [ 241.729678][T14124] should_fail_ex+0x229/0x230 [ 241.732961][T13946] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.735877][T14124] should_fail+0xb/0x10 [ 241.752665][T14119] EXT4-fs (loop4): 1 orphan inode deleted [ 241.757816][T14124] should_fail_usercopy+0x1a/0x20 [ 241.762056][T14119] EXT4-fs (loop4): 1 truncate cleaned up [ 241.766740][T14124] _copy_from_user+0x1e/0xd0 [ 241.800827][T14124] copy_msghdr_from_user+0x54/0x2a0 [ 241.806153][T14124] __sys_sendmsg+0x17d/0x280 [ 241.810775][T14124] __x64_sys_sendmsg+0x46/0x50 [ 241.815669][T14124] x64_sys_call+0x26f8/0x2e00 [ 241.820474][T14124] do_syscall_64+0xc9/0x1c0 [ 241.825154][T14124] ? clear_bhb_loop+0x55/0xb0 [ 241.829917][T14124] ? clear_bhb_loop+0x55/0xb0 [ 241.834685][T14124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.840596][T14124] RIP: 0033:0x7f2a67057299 [ 241.845105][T14124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.864755][T14124] RSP: 002b:00007f2a65cd7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 241.873272][T14124] RAX: ffffffffffffffda RBX: 00007f2a671e5f80 RCX: 00007f2a67057299 [ 241.881361][T14124] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 241.889411][T14124] RBP: 00007f2a65cd70a0 R08: 0000000000000000 R09: 0000000000000000 [ 241.897476][T14124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 241.905531][T14124] R13: 000000000000000b R14: 00007f2a671e5f80 R15: 00007fffb1270d68 [ 241.913555][T14124] [ 241.928590][T14115] loop2: detected capacity change from 0 to 512 [ 242.023091][T14115] ext4 filesystem being mounted at /254/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 242.039909][T14115] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2993: bg 0: block 256: padding at end of block bitmap is not set [ 242.063954][T14115] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.2993: Failed to acquire dquot type 1 [ 242.115988][T14140] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3001'. [ 242.149808][T14143] loop2: detected capacity change from 0 to 132 [ 242.222113][T14151] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3004'. [ 242.276269][T14156] loop0: detected capacity change from 0 to 128 [ 242.330417][T14156] loop0: detected capacity change from 0 to 128 [ 242.340845][T14162] loop2: detected capacity change from 0 to 512 [ 242.371720][T14162] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 242.402391][T14162] EXT4-fs (loop2): 1 orphan inode deleted [ 242.408287][T14162] EXT4-fs (loop2): 1 truncate cleaned up [ 243.042010][T14181] loop0: detected capacity change from 0 to 1024 [ 243.050468][T14178] loop3: detected capacity change from 0 to 132 [ 243.087257][ T29] kauditd_printk_skb: 992 callbacks suppressed [ 243.087275][ T29] audit: type=1400 audit(1721958153.332:7800): avc: denied { prog_load } for pid=14183 comm="syz.4.3015" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 243.112789][ T29] audit: type=1400 audit(1721958153.332:7801): avc: denied { bpf } for pid=14183 comm="syz.4.3015" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 243.134701][ T29] audit: type=1400 audit(1721958153.332:7802): avc: denied { unmount } for pid=13187 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 243.154955][ T29] audit: type=1400 audit(1721958153.332:7803): avc: denied { recv } for pid=14185 comm="kworker/u8:7" saddr=10.128.0.163 src=30030 daddr=10.128.1.144 dest=42290 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 243.183007][ T29] audit: type=1400 audit(1721958153.382:7804): avc: denied { write } for pid=14180 comm="syz.0.3014" name="dev" dev="proc" ino=4026533328 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 243.199704][T14189] loop3: detected capacity change from 0 to 512 [ 243.205752][ T29] audit: type=1400 audit(1721958153.382:7805): avc: denied { read write } for pid=13187 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 243.213245][T14189] EXT4-fs: Ignoring removed i_version option [ 243.236153][ T29] audit: type=1400 audit(1721958153.382:7806): avc: denied { open } for pid=13187 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 243.242158][T14189] EXT4-fs: Ignoring removed nobh option [ 243.266273][ T29] audit: type=1400 audit(1721958153.382:7807): avc: denied { ioctl } for pid=13187 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 243.266310][ T29] audit: type=1400 audit(1721958153.382:7808): avc: denied { create } for pid=14180 comm="syz.0.3014" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 243.280339][T14189] EXT4-fs (loop3): can't mount with both data=journal and delalloc [ 243.297754][ T29] audit: type=1400 audit(1721958153.382:7809): avc: denied { map } for pid=14180 comm="syz.0.3014" path="socket:[61623]" dev="sockfs" ino=61623 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 243.434230][T14194] loop0: detected capacity change from 0 to 128 [ 243.435185][T14196] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3017'. [ 243.487156][T14200] loop4: detected capacity change from 0 to 128 [ 243.508306][T14202] loop2: detected capacity change from 0 to 164 [ 243.573202][T14200] loop4: detected capacity change from 0 to 128 [ 243.632486][T14209] FAULT_INJECTION: forcing a failure. [ 243.632486][T14209] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 243.645718][T14209] CPU: 1 UID: 0 PID: 14209 Comm: syz.2.3024 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 243.656171][T14209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 243.666253][T14209] Call Trace: [ 243.669553][T14209] [ 243.672502][T14209] dump_stack_lvl+0xf2/0x150 [ 243.677237][T14209] dump_stack+0x15/0x20 [ 243.681623][T14209] should_fail_ex+0x229/0x230 [ 243.686474][T14209] should_fail+0xb/0x10 [ 243.690814][T14209] should_fail_usercopy+0x1a/0x20 [ 243.695891][T14209] _copy_from_user+0x1e/0xd0 [ 243.700560][T14209] get_timespec64+0x49/0x140 [ 243.705233][T14209] __se_sys_ppoll+0x76/0x1f0 [ 243.709868][T14209] ? fput+0x13b/0x180 [ 243.713886][T14209] __x64_sys_ppoll+0x67/0x80 [ 243.718562][T14209] x64_sys_call+0x2c84/0x2e00 [ 243.723382][T14209] do_syscall_64+0xc9/0x1c0 [ 243.728017][T14209] ? clear_bhb_loop+0x55/0xb0 [ 243.732732][T14209] ? clear_bhb_loop+0x55/0xb0 [ 243.737469][T14209] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.743472][T14209] RIP: 0033:0x7f57dcb77299 [ 243.747912][T14209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.767667][T14209] RSP: 002b:00007f57db7f7048 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 243.776137][T14209] RAX: ffffffffffffffda RBX: 00007f57dcd05f80 RCX: 00007f57dcb77299 [ 243.784144][T14209] RDX: 0000000020000dc0 RSI: 0000000000000001 RDI: 0000000020000d40 [ 243.792296][T14209] RBP: 00007f57db7f70a0 R08: 0000000000000000 R09: 0000000000000000 [ 243.800302][T14209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 243.808325][T14209] R13: 000000000000000b R14: 00007f57dcd05f80 R15: 00007ffd445a1838 [ 243.816408][T14209] [ 243.967078][T14216] loop4: detected capacity change from 0 to 132 [ 244.080843][T14221] netlink: 184 bytes leftover after parsing attributes in process `syz.4.3028'. [ 244.095352][T14227] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3030'. [ 244.184147][T14235] loop0: detected capacity change from 0 to 1024 [ 244.203829][T14235] loop0: detected capacity change from 0 to 512 [ 244.230327][T14235] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 244.253976][T14240] loop4: detected capacity change from 0 to 1024 [ 244.264668][T14240] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 244.277670][T14240] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 244.286386][T14240] EXT4-fs (loop4): orphan cleanup on readonly fs [ 244.293432][T14240] EXT4-fs error (device loop4): __ext4_get_inode_loc:4436: comm syz.4.3035: Invalid inode table block 0 in block_group 0 [ 244.310381][T14240] EXT4-fs (loop4): Remounting filesystem read-only [ 244.317165][T14240] EXT4-fs (loop4): 1 truncate cleaned up [ 244.324630][T14240] SELinux: (dev loop4, type ext4) getxattr errno 5 [ 244.343175][T14247] loop0: detected capacity change from 0 to 128 [ 244.367256][T14240] loop4: detected capacity change from 0 to 1024 [ 244.384691][T14240] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 244.398870][T14240] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 244.405619][T14247] loop0: detected capacity change from 0 to 128 [ 244.411141][T14240] jbd2_journal_init_inode: Cannot locate journal superblock [ 244.422768][T14240] EXT4-fs (loop4): Could not load journal inode [ 244.464350][T14251] loop2: detected capacity change from 0 to 132 [ 244.514673][T14257] loop3: detected capacity change from 0 to 128 [ 244.547333][T14260] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3042'. [ 244.558345][ C1] eth0: bad gso: type: 1, size: 1408 [ 244.755503][T14274] loop0: detected capacity change from 0 to 1024 [ 244.774701][T14274] loop0: detected capacity change from 0 to 512 [ 244.798895][T14274] ext4 filesystem being mounted at /27/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 244.979279][T14286] loop0: detected capacity change from 0 to 132 [ 245.090438][T14293] loop4: detected capacity change from 0 to 2048 [ 245.113285][T14296] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3053'. [ 245.125779][T14293] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 245.212739][T14300] loop0: detected capacity change from 0 to 128 [ 245.249512][T14300] loop0: detected capacity change from 0 to 128 [ 245.421634][T14315] loop2: detected capacity change from 0 to 128 [ 245.437916][T14315] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (39871!=39978) [ 245.470200][T14315] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:406: inode #2: comm syz.2.3061: No space for directory leaf checksum. Please run e2fsck -D. [ 245.485620][T14315] EXT4-fs error (device loop2): __ext4_find_entry:1652: inode #2: comm syz.2.3061: checksumming directory block 0 [ 245.504867][T14315] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:406: inode #2: comm syz.2.3061: No space for directory leaf checksum. Please run e2fsck -D. [ 245.520345][T14315] EXT4-fs error (device loop2): __ext4_find_entry:1652: inode #2: comm syz.2.3061: checksumming directory block 0 [ 245.536738][T14323] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3064'. [ 245.538331][T14315] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:406: inode #2: comm syz.2.3061: No space for directory leaf checksum. Please run e2fsck -D. [ 245.561366][T14315] EXT4-fs error (device loop2): __ext4_find_entry:1652: inode #2: comm syz.2.3061: checksumming directory block 0 [ 245.614133][T14315] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3061'. [ 245.624940][T14315] xt_hashlimit: invalid rate [ 245.654944][T14330] loop4: detected capacity change from 0 to 512 [ 245.674304][ T3345] kernel read not supported for file inotify (pid: 3345 comm: kworker/1:5) [ 245.677017][T14330] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 245.707950][T14332] loop3: detected capacity change from 0 to 512 [ 245.714676][T14332] EXT4-fs: Ignoring removed orlov option [ 245.728360][T14335] loop0: detected capacity change from 0 to 164 [ 245.736104][T14330] EXT4-fs (loop4): 1 orphan inode deleted [ 245.742154][T14330] EXT4-fs (loop4): 1 truncate cleaned up [ 245.766517][T14339] loop2: detected capacity change from 0 to 512 [ 245.777612][T14339] EXT4-fs warning (device loop2): ext4_init_metadata_csum:4579: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 245.777657][T14332] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.3065: Failed to acquire dquot type 1 [ 245.791160][T14339] EXT4-fs (loop2): VFS: Found ext4 filesystem with unknown checksum algorithm. [ 245.817009][T14332] EXT4-fs (loop3): 1 truncate cleaned up [ 245.823749][T14332] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 245.868255][T14345] loop0: detected capacity change from 0 to 128 [ 245.927738][T14345] loop0: detected capacity change from 0 to 128 [ 246.209408][T14377] loop2: detected capacity change from 0 to 1024 [ 246.370367][T14390] loop0: detected capacity change from 0 to 164 [ 246.415475][T14391] loop3: detected capacity change from 0 to 8192 [ 246.457789][T14391] loop3: p1 p2 p3 p4 [ 246.462789][T14391] loop3: p1 size 108922248 extends beyond EOD, truncated [ 246.468053][T14396] loop0: detected capacity change from 0 to 128 [ 246.472447][T14391] loop3: p2 start 861536256 is beyond EOD, truncated [ 246.482926][T14391] loop3: p3 start 851968 is beyond EOD, truncated [ 246.489466][T14391] loop3: p4 size 65536 extends beyond EOD, truncated [ 246.503516][T14396] loop0: detected capacity change from 0 to 128 [ 246.602701][T14403] loop2: detected capacity change from 0 to 512 [ 246.621278][T14403] ext4 filesystem being mounted at /276/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 246.637986][T14403] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3087: bg 0: block 256: padding at end of block bitmap is not set [ 246.653500][T14403] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.3087: Failed to acquire dquot type 1 [ 246.708355][T14410] loop2: detected capacity change from 0 to 1024 [ 246.782955][T14414] netlink: 184 bytes leftover after parsing attributes in process `syz.4.3091'. [ 246.861597][T14423] FAULT_INJECTION: forcing a failure. [ 246.861597][T14423] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 246.874741][T14423] CPU: 1 UID: 0 PID: 14423 Comm: syz.0.3094 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 246.885203][T14423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 246.895413][T14423] Call Trace: [ 246.898716][T14423] [ 246.901704][T14423] dump_stack_lvl+0xf2/0x150 [ 246.906440][T14423] dump_stack+0x15/0x20 [ 246.910639][T14423] should_fail_ex+0x229/0x230 [ 246.915442][T14423] should_fail+0xb/0x10 [ 246.919725][T14423] should_fail_usercopy+0x1a/0x20 [ 246.924823][T14423] _copy_from_iter+0xd3/0xb00 [ 246.929558][T14423] ? kmalloc_reserve+0x16e/0x190 [ 246.934617][T14423] ? __build_skb_around+0x196/0x1f0 [ 246.939921][T14423] ? __virt_addr_valid+0x1ed/0x250 [ 246.945044][T14423] ? __check_object_size+0x35b/0x510 [ 246.950357][T14423] pfkey_sendmsg+0x16c/0x970 [ 246.955188][T14423] ? avc_has_perm+0x129/0x160 [ 246.959873][T14423] ? avc_has_perm+0x14a/0x160 [ 246.964563][T14423] ? selinux_socket_sendmsg+0x182/0x1b0 [ 246.970125][T14423] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 246.975356][T14423] __sock_sendmsg+0x140/0x180 [ 246.980058][T14423] ____sys_sendmsg+0x312/0x410 [ 246.985170][T14423] __sys_sendmsg+0x1e9/0x280 [ 246.989836][T14423] __x64_sys_sendmsg+0x46/0x50 [ 246.994668][T14423] x64_sys_call+0x26f8/0x2e00 [ 246.999397][T14423] do_syscall_64+0xc9/0x1c0 [ 247.003962][T14423] ? clear_bhb_loop+0x55/0xb0 [ 247.008681][T14423] ? clear_bhb_loop+0x55/0xb0 [ 247.013484][T14423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.019404][T14423] RIP: 0033:0x7f2a67057299 [ 247.023824][T14423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.043462][T14423] RSP: 002b:00007f2a65cd7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 247.051915][T14423] RAX: ffffffffffffffda RBX: 00007f2a671e5f80 RCX: 00007f2a67057299 [ 247.059919][T14423] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003 [ 247.067901][T14423] RBP: 00007f2a65cd70a0 R08: 0000000000000000 R09: 0000000000000000 [ 247.075996][T14423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 247.084071][T14423] R13: 000000000000000b R14: 00007f2a671e5f80 R15: 00007fffb1270d68 [ 247.092116][T14423] [ 247.177781][T14432] loop2: detected capacity change from 0 to 128 [ 247.189741][T14429] loop1: detected capacity change from 0 to 512 [ 247.202047][T14429] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 247.219205][T14429] EXT4-fs (loop1): 1 orphan inode deleted [ 247.224999][T14429] EXT4-fs (loop1): 1 truncate cleaned up [ 247.241627][T14432] loop2: detected capacity change from 0 to 128 [ 247.283244][T14436] loop4: detected capacity change from 0 to 512 [ 247.332706][T14436] ext4 filesystem being mounted at /154/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 247.364723][T14446] loop3: detected capacity change from 0 to 512 [ 247.383354][T14436] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3099: bg 0: block 256: padding at end of block bitmap is not set [ 247.405943][T14436] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.3099: Failed to acquire dquot type 1 [ 247.438875][T14446] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 247.474216][T14456] __nla_validate_parse: 1 callbacks suppressed [ 247.474233][T14456] netlink: 184 bytes leftover after parsing attributes in process `syz.2.3103'. [ 247.585118][ C1] eth0: bad gso: type: 1, size: 1408 [ 247.712001][T14483] loop0: detected capacity change from 0 to 128 [ 247.741628][T14483] loop0: detected capacity change from 0 to 128 [ 247.872967][T14491] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 247.884966][T14491] loop0: detected capacity change from 0 to 512 [ 247.899437][T14491] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 247.913421][T14491] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.3116: bg 0: block 256: padding at end of block bitmap is not set [ 247.929608][T14491] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.3116: Failed to acquire dquot type 1 [ 247.975362][T14497] loop1: detected capacity change from 0 to 512 [ 247.990810][T14497] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 248.096233][ T29] kauditd_printk_skb: 1716 callbacks suppressed [ 248.096249][ T29] audit: type=1400 audit(1721958158.332:9513): avc: denied { recv } for pid=13760 comm="syz-executor" saddr=10.128.0.163 src=30030 daddr=10.128.1.144 dest=42290 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 248.128398][ T29] audit: type=1400 audit(1721958158.332:9514): avc: denied { unmount } for pid=13760 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 248.148491][ T29] audit: type=1400 audit(1721958158.332:9515): avc: denied { recv } for pid=3249 comm="syz-executor" saddr=10.128.0.163 src=30030 daddr=10.128.1.144 dest=42290 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 248.174095][ T29] audit: type=1400 audit(1721958158.332:9516): avc: denied { recv } for pid=3249 comm="syz-executor" saddr=10.128.0.163 src=30030 daddr=10.128.1.144 dest=42290 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 248.201237][ T29] audit: type=1400 audit(1721958158.342:9517): avc: denied { create } for pid=14506 comm="syz.1.3119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 248.220877][ T29] audit: type=1400 audit(1721958158.342:9518): avc: denied { bind } for pid=14506 comm="syz.1.3119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 248.237215][T14512] loop0: detected capacity change from 0 to 512 [ 248.240314][ T29] audit: type=1400 audit(1721958158.342:9519): avc: denied { name_bind } for pid=14506 comm="syz.1.3119" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 248.267631][ T29] audit: type=1400 audit(1721958158.342:9520): avc: denied { node_bind } for pid=14506 comm="syz.1.3119" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 248.288617][ T29] audit: type=1400 audit(1721958158.342:9521): avc: denied { listen } for pid=14506 comm="syz.1.3119" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 248.309361][ T29] audit: type=1400 audit(1721958158.342:9522): avc: denied { open } for pid=14506 comm="syz.1.3119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 248.333065][T14512] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 248.360129][T14506] dccp_close: ABORT with 36 bytes unread [ 248.369360][T14512] netlink: 'syz.0.3120': attribute type 4 has an invalid length. [ 248.527472][T14529] loop2: detected capacity change from 0 to 128 [ 248.562175][T14529] loop2: detected capacity change from 0 to 128 [ 248.626701][T14536] loop0: detected capacity change from 0 to 512 [ 248.657634][T14536] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 248.761771][T14551] netlink: 'syz.3.3125': attribute type 10 has an invalid length. [ 248.769774][T14551] netlink: 'syz.3.3125': attribute type 12 has an invalid length. [ 248.789526][T14553] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 248.803736][T14546] netlink: 184 bytes leftover after parsing attributes in process `syz.2.3131'. [ 248.808098][T14553] loop0: detected capacity change from 0 to 512 [ 248.856570][T14553] ext4 filesystem being mounted at /52/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 248.876015][T14553] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.3130: bg 0: block 256: padding at end of block bitmap is not set [ 248.908593][T14553] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.3130: Failed to acquire dquot type 1 [ 249.040881][T14578] loop0: detected capacity change from 0 to 512 [ 249.061018][T14578] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 249.134414][T14591] netlink: 'syz.0.3143': attribute type 1 has an invalid length. [ 249.194652][T14591] netlink: 'syz.0.3143': attribute type 1 has an invalid length. [ 249.205435][T14598] netlink: 184 bytes leftover after parsing attributes in process `syz.1.3145'. [ 249.438207][T14617] loop3: detected capacity change from 0 to 256 [ 249.448067][T14619] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3153'. [ 249.458677][T14617] vfat: Unknown parameter ' -1 NI 0 yes kernel n n n n n n n n n ' [ 249.530323][T14623] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3155'. [ 249.777003][T14650] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3163'. [ 249.803936][T14652] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3164'. [ 249.839211][T14655] loop2: detected capacity change from 0 to 1024 [ 249.850755][T14655] EXT4-fs: Ignoring removed nomblk_io_submit option [ 249.860970][T14655] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 249.877463][T14659] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3166'. [ 249.930906][T14666] loop3: detected capacity change from 0 to 512 [ 249.965934][T14666] ext4 filesystem being mounted at /88/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 249.997688][T14655] loop2: detected capacity change from 1024 to 0 [ 250.028962][T14655] syz.2.3165: attempt to access beyond end of device [ 250.028962][T14655] loop2: rw=12288, sector=6, nr_sectors = 2 limit=0 [ 250.058340][T14655] EXT4-fs error (device loop2): ext4_wait_block_bitmap:584: comm syz.2.3165: Cannot read block bitmap - block_group = 0, block_bitmap = 3 [ 250.073024][T14655] syz.2.3165: attempt to access beyond end of device [ 250.073024][T14655] loop2: rw=145409, sector=2, nr_sectors = 2 limit=0 [ 250.086360][T14655] buffer_io_error: 666 callbacks suppressed [ 250.086375][T14655] Buffer I/O error on dev loop2, logical block 1, lost sync page write [ 250.090558][T14680] loop1: detected capacity change from 0 to 512 [ 250.092631][T14655] EXT4-fs (loop2): I/O error while writing superblock [ 250.114029][T14655] EXT4-fs (loop2): Remounting filesystem read-only [ 250.136534][T14678] syz.2.3165: attempt to access beyond end of device [ 250.136534][T14678] loop2: rw=12288, sector=32, nr_sectors = 2 limit=0 [ 250.160147][T14680] EXT4-fs (loop1): too many log groups per flexible block group [ 250.160972][T14678] syz.2.3165: attempt to access beyond end of device [ 250.160972][T14678] loop2: rw=12288, sector=32, nr_sectors = 2 limit=0 [ 250.167959][T14680] EXT4-fs (loop1): failed to initialize mballoc (-12) [ 250.185643][T14678] syz.2.3165: attempt to access beyond end of device [ 250.185643][T14678] loop2: rw=12288, sector=32, nr_sectors = 2 limit=0 [ 250.195476][T14690] loop0: detected capacity change from 0 to 1024 [ 250.204090][T14678] syz.2.3165: attempt to access beyond end of device [ 250.204090][T14678] loop2: rw=12288, sector=32, nr_sectors = 2 limit=0 [ 250.228392][T14688] loop4: detected capacity change from 0 to 1024 [ 250.238215][T14655] syz.2.3165: attempt to access beyond end of device [ 250.238215][T14655] loop2: rw=12288, sector=32, nr_sectors = 2 limit=0 [ 250.253425][T14655] syz.2.3165: attempt to access beyond end of device [ 250.253425][T14655] loop2: rw=12288, sector=32, nr_sectors = 2 limit=0 [ 250.266900][T14680] EXT4-fs (loop1): mount failed [ 250.271810][T14688] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 250.283534][T14690] EXT4-fs: Ignoring removed bh option [ 250.286498][T14655] syz.2.3165: attempt to access beyond end of device [ 250.286498][T14655] loop2: rw=12288, sector=32, nr_sectors = 2 limit=0 [ 250.303195][T14655] syz.2.3165: attempt to access beyond end of device [ 250.303195][T14655] loop2: rw=12288, sector=32, nr_sectors = 2 limit=0 [ 250.312462][T14680] netlink: 'syz.1.3173': attribute type 10 has an invalid length. [ 250.330445][T14688] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.3175: Invalid block bitmap block 0 in block_group 0 [ 250.336284][T14680] lo: entered promiscuous mode [ 250.349280][T14688] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.3175: Failed to acquire dquot type 0 [ 250.376224][T14688] EXT4-fs error (device loop4): ext4_free_blocks:6590: comm syz.4.3175: Freeing blocks not in datazone - block = 0, count = 4096 [ 250.403055][T14688] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.3175: Invalid inode bitmap blk 0 in block_group 0 [ 250.403239][T14688] EXT4-fs error (device loop4) in ext4_free_inode:362: Corrupt filesystem [ 250.416481][T14688] EXT4-fs (loop4): 1 orphan inode deleted [ 250.423196][T14688] EXT4-fs error (device loop4): __ext4_get_inode_loc:4436: comm syz.4.3175: Invalid inode table block 12884901889 in block_group 0 [ 250.434065][T14688] xt_l2tp: invalid flags combination: 0 [ 250.449302][ T1616] EXT4-fs error (device loop4): __ext4_get_inode_loc:4436: comm kworker/u8:5: Invalid inode table block 12884901889 in block_group 0 [ 250.520763][T14662] Buffer I/O error on dev loop2, logical block 64, lost sync page write [ 250.541226][T14713] loop3: detected capacity change from 0 to 128 [ 250.612842][T14716] loop4: detected capacity change from 0 to 512 [ 250.666469][T14680] lo: left promiscuous mode [ 250.679341][T14716] ext4 filesystem being mounted at /167/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 250.793051][T14723] netlink: 184 bytes leftover after parsing attributes in process `syz.1.3183'. [ 250.907394][T14729] usb usb8: usbfs: process 14729 (syz.0.3185) did not claim interface 3 before use [ 251.014424][T14732] loop0: detected capacity change from 0 to 256 [ 251.178698][T14753] loop1: detected capacity change from 0 to 512 [ 251.204430][T14736] Failed to initialize the IGMP autojoin socket (err -2) [ 251.210242][T14753] EXT4-fs mount: 56 callbacks suppressed [ 251.210261][T14753] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 251.249050][T14753] EXT4-fs warning (device loop1): dx_probe:869: inode #2: comm syz.1.3192: Unimplemented hash flags: 0x0001 [ 251.260732][T14753] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.3192: Corrupt directory, running e2fsck is recommended [ 251.308411][T14753] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz.1.3192: path /25/file0: bad entry in directory: rec_len is smaller than minimal - offset=7, inode=0, rec_len=0, size=1024 fake=0 [ 251.350174][T14736] chnl_net:caif_netlink_parms(): no params data found [ 251.404396][T13946] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.488634][T14776] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3198'. [ 251.500116][T14736] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.508086][T14736] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.528388][T14736] bridge_slave_0: entered allmulticast mode [ 251.535038][T14736] bridge_slave_0: entered promiscuous mode [ 251.549163][T14736] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.556367][T14736] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.573008][T14736] bridge_slave_1: entered allmulticast mode [ 251.587796][T14736] bridge_slave_1: entered promiscuous mode [ 251.598601][T14784] loop1: detected capacity change from 0 to 128 [ 251.618832][T14787] loop4: detected capacity change from 0 to 128 [ 251.648584][T14736] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 251.666317][T14736] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 251.707720][T14736] team0: Port device team_slave_0 added [ 251.728355][T14736] team0: Port device team_slave_1 added [ 251.760302][T14736] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 251.767335][T14736] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.793589][T14736] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.809147][T14736] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.816465][T14736] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.842531][T14736] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.892152][T14736] hsr_slave_0: entered promiscuous mode [ 251.908482][T14736] hsr_slave_1: entered promiscuous mode [ 251.921366][T14736] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 251.930080][T14736] Cannot create hsr debugfs directory [ 252.065672][T14736] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.134631][T14736] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.192642][T14736] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.240082][T14736] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.305038][ T36] bridge_slave_1: left allmulticast mode [ 252.310937][ T36] bridge_slave_1: left promiscuous mode [ 252.316685][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.324394][ T36] bridge_slave_0: left allmulticast mode [ 252.330199][ T36] bridge_slave_0: left promiscuous mode [ 252.335860][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.453226][ C1] eth0: bad gso: type: 1, size: 1408 [ 252.485220][T14812] loop3: detected capacity change from 0 to 128 [ 252.515266][T14815] loop4: detected capacity change from 0 to 1024 [ 252.533691][T14815] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.610914][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 252.654963][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 252.666955][ T36] bond0 (unregistering): Released all slaves [ 252.705838][T14736] netdevsim netdevsim2 netdevsim0: renamed from eth1 [ 252.734938][T14736] netdevsim netdevsim2 netdevsim1: renamed from eth2 [ 252.759679][T14736] netdevsim netdevsim2 netdevsim2: renamed from eth3 [ 252.775211][T14736] netdevsim netdevsim2 netdevsim3: renamed from eth4 [ 252.796857][ T36] hsr_slave_0: left promiscuous mode [ 252.803435][ T36] hsr_slave_1: left promiscuous mode [ 252.813965][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 252.821536][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 252.835455][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 252.843209][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 252.855850][ T36] veth1_macvtap: left promiscuous mode [ 252.861459][ T36] veth0_macvtap: left promiscuous mode [ 252.867159][ T36] veth1_vlan: left promiscuous mode [ 252.872473][ T36] veth0_vlan: left promiscuous mode [ 252.923818][T14819] ================================================================== [ 252.932046][T14819] BUG: KCSAN: data-race in __mark_inode_dirty / writeback_single_inode [ 252.940343][T14819] [ 252.942693][T14819] write to 0xffff888105cbab28 of 8 bytes by task 14812 on cpu 1: [ 252.950447][T14819] writeback_single_inode+0x10e/0x4a0 [ 252.955856][T14819] sync_inode_metadata+0x5c/0x90 [ 252.960825][T14819] __generic_file_fsync+0xf9/0x140 [ 252.965975][T14819] fat_file_fsync+0x4c/0x100 [ 252.970605][T14819] vfs_fsync_range+0x122/0x140 [ 252.975421][T14819] generic_file_write_iter+0x191/0x1d0 [ 252.980911][T14819] iter_file_splice_write+0x5e6/0x970 [ 252.986308][T14819] direct_splice_actor+0x16c/0x2c0 [ 252.991514][T14819] splice_direct_to_actor+0x305/0x670 [ 252.996922][T14819] do_splice_direct+0xd7/0x150 [ 253.001721][T14819] do_sendfile+0x3ab/0x950 [ 253.006171][T14819] __x64_sys_sendfile64+0x110/0x150 [ 253.011406][T14819] x64_sys_call+0xfc3/0x2e00 [ 253.016036][T14819] do_syscall_64+0xc9/0x1c0 [ 253.020586][T14819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.026531][T14819] [ 253.028885][T14819] read to 0xffff888105cbab28 of 8 bytes by task 14819 on cpu 0: [ 253.036532][T14819] __mark_inode_dirty+0x19f/0x7e0 [ 253.041610][T14819] fat_update_time+0x1f5/0x210 [ 253.046427][T14819] touch_atime+0x14f/0x350 [ 253.050879][T14819] filemap_splice_read+0x8b0/0x920 [ 253.056124][T14819] splice_direct_to_actor+0x26c/0x670 [ 253.061524][T14819] do_splice_direct+0xd7/0x150 [ 253.066302][T14819] do_sendfile+0x3ab/0x950 [ 253.070858][T14819] __x64_sys_sendfile64+0x110/0x150 [ 253.076159][T14819] x64_sys_call+0xfc3/0x2e00 [ 253.080775][T14819] do_syscall_64+0xc9/0x1c0 [ 253.085304][T14819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.091212][T14819] [ 253.093537][T14819] value changed: 0x0000000000000007 -> 0x0000000000000080 [ 253.100657][T14819] [ 253.102996][T14819] Reported by Kernel Concurrency Sanitizer on: [ 253.109156][T14819] CPU: 0 UID: 0 PID: 14819 Comm: syz.3.3211 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 253.119668][T14819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 253.129826][T14819] ================================================================== [ 253.166331][ T36] infiniband syz0: set down [ 253.171399][ T3336] infiniband syz0: ib_query_port failed (-19) [ 253.194133][ T29] kauditd_printk_skb: 1368 callbacks suppressed [ 253.194150][ T29] audit: type=1400 audit(1721958163.432:10882): avc: denied { unmount } for pid=13187 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 253.223333][ T36] team0 (unregistering): Port device team_slave_1 removed [ 253.226378][ T29] audit: type=1400 audit(1721958163.462:10883): avc: denied { read write } for pid=13187 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 253.254949][ T29] audit: type=1400 audit(1721958163.462:10884): avc: denied { open } for pid=13187 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 253.279375][ T29] audit: type=1400 audit(1721958163.462:10885): avc: denied { ioctl } for pid=13187 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 253.305554][ T36] team0 (unregistering): Port device team_slave_0 removed [ 253.330560][ T29] audit: type=1400 audit(1721958163.572:10886): avc: denied { read write } for pid=13760 comm="syz-executor" name="loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 253.352402][ T11] smc: removing ib device syz0 [ 253.355095][ T29] audit: type=1400 audit(1721958163.572:10887): avc: denied { read write open } for pid=13760 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 253.385247][ T29] audit: type=1400 audit(1721958163.572:10888): avc: denied { ioctl } for pid=13760 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=100 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 253.416661][ T29] audit: type=1400 audit(1721958163.662:10889): avc: denied { read } for pid=14736 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 253.462264][ T29] audit: type=1400 audit(1721958163.702:10890): avc: denied { write } for pid=14736 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 253.502788][ T29] audit: type=1400 audit(1721958163.702:10891): avc: denied { unmount } for pid=11869 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 253.503149][T11869] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.585384][T14736] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.601295][ T3339] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.608443][ T3339] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.622679][ T3336] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.629865][ T3336] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.753023][T14736] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 253.883663][T14736] veth0_vlan: entered promiscuous mode [ 253.892585][T14736] veth1_vlan: entered promiscuous mode [ 253.916480][T14736] veth0_macvtap: entered promiscuous mode [ 253.925659][T14736] veth1_macvtap: entered promiscuous mode [ 253.941877][T14736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 253.952389][T14736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.962232][T14736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 253.972755][T14736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 253.982672][T14736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 253.993214][T14736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.003157][T14736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 254.013588][T14736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.023558][T14736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 254.033979][T14736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.046564][T14736] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 254.058059][T14736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 254.068689][T14736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.078594][T14736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 254.089038][T14736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.098860][T14736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 254.109285][T14736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.119106][T14736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 254.129545][T14736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.139368][T14736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 254.149786][T14736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 254.162350][T14736] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 254.173678][T14736] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 254.191809][T14736] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 254.208693][T14736] wireguard: wg0: Could not create IPv4 socket [ 254.215783][T14736] wireguard: wg1: Could not create IPv4 socket [ 254.223594][T14736] wireguard: wg2: Could not create IPv4 socket