last executing test programs: 2.156714883s ago: executing program 0 (id=1742): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = socket$inet(0x2, 0x2, 0x1) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="08001497733f5d3e", 0x8}], 0x1}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000000100)=[{{0x0, 0x3f, &(0x7f0000000300), 0x4e}}], 0x1, 0x7ffff000, 0x0) 2.132703485s ago: executing program 0 (id=1745): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0) readv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000200)=""/215, 0x7ffff000}], 0x6) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) signalfd4(r2, &(0x7f0000000040), 0x8, 0x0) 1.319063912s ago: executing program 2 (id=1765): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) r2 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x62) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4) r5 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) r6 = socket$packet(0x11, 0x2, 0x300) r7 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(r6, &(0x7f00000000c0)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @local}, 0x14) bind$packet(r7, &(0x7f0000000100)={0x11, 0x0, r8}, 0x14) syz_emit_ethernet(0x56, &(0x7f0000000340)={@broadcast, @broadcast, @void, {@mpls_mc={0x8848, {[], @ipv6=@tipc_packet={0x0, 0x6, "04c9d2", 0x20, 0x6, 0x0, @dev, @private0, {[], @payload_direct={{{{0x20, 0x0, 0x0, 0x0, 0x0, 0x8}}}}}}}}}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000540)={@val={0x8, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x8002, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}, 0xfdef) 1.291299894s ago: executing program 1 (id=1766): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000680)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) io_cancel(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x900000000000000}, 0x0) 1.275708245s ago: executing program 3 (id=1767): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x0, &(0x7f0000000100), 0x1, 0x500, &(0x7f0000000d00)="$eJzs3c9vG1kdAPDvTOImm81usrDSAgK2LAsFVbUTdzda7Wm5gNBqJcSKE4duSNwoih1HtbM0oVKT/wGJShwQnDhzQOJQqSeOCG5w66UckApUoAaJg9H4R5o2dhxSJ1bjz0cazbx54/m+V2veq79J/AIYWRcjYiciLkTEJxEx0z6ftLf4oLVl1z1+dGtp79GtpSQajY//kTTrs3Nx4DWZl9v3nIyI738n4kfJ4bi1re21xXI56VQV6pWNQm1r+8pqZXGltFJaLxYX5hfm3rv6bnFgfX2z8puH31798Ad3f/elB3/a+eZPstjT7bqD/RikVv9y+3Ey4xHx4WkEG4Kxdn8uDLshnEgaEZ+JiLeaz/9MjDXfzePp8lgDAC+ARmMmGjMHywDAeZc2c2BJmm/nAqYjTfP5Vg7v9ZhKy9Va/fL16ub6citXNhu59PpquTTXzhXORi7JyvO3s+Mn5WI8Xb4aEa9FxE8nXmqW80vHzzMAAIP18jPz/78nWvM/AHDOTfa74NrZtAMAODt9538A4Nwx/wPA6DH/A8DoMf8DwOgx/wPAqLnfmf/Hht0SAOBMfO+jj7Ktsdf+/uvlT7c216qfXlku1dbylc2l/FL1xkZ+pVpdKZfyS9VKv/uVq9WN+Xdi82ahXqrVC7Wt7WuV6uZ6/dpqZbHRaDTOpFMAwJFee/PeX5KI2Hn/peYWB9ZyyA21ZcBpS4fdAGBo5PxhdPkWbhhdPuMD/dby7PkrwndOEKxx+wQvAgbt0ufl/2FUyf/D6JL/h9El/w+jq9FIeq35n+5fAgCcK3L8wJn+/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOienmNnugnKb5fMQrETEbueT6ark0FxGvRsSfJ3ITWXl+qC0GAJ5f+rekvf7XpZm3p5+tvZD8Z6K5j4gf//zjn91crNdvzGfn/7l/vn6nfb44jPYDAP105unOPN7x+NGtpc721AvGTrc9D7/VWlw0i7vX3lo14zGe7f44GbmImPpX0iq3JQNq2s5uRHyuW/+TZm5ktr3y6bPxs9ivnGn89Kn4abOutc/+LT576M4TPWP2W+sVRsW9bPz5oNvzl8bF5n6y6+LHk80R6vl1xr+9Q+Nf53mfbI413ca/i8eN8c7vv9uzbjfiC+Pd4if78ZMe8d8+Zvz7X/zyW73qGr+MuBTd4x+MVahXNgq1re0rq5XFldJKab1YXJhfmHvv6rvFQjNHXehkqg/7+/uXX+3Z/19HTPWIP9mn/187steN/QH4V//95Idf6RV/N+IbX+3+/r9+RPxsTvz6kfGfWJz6bc/lu7P4y63+7/6/7//lY8Z/8Nft5WNeCgCcgdrW9tpiuVy6MdCDXAz4hgcOkhO2OU6pPQ5ekIPs/+PPe5832imzrtf84Rd338gqh97TgRz0GTiSQXz6BYbpyUM/7JYAAAAAAAAAAAAAAAC9nPqfE6XD7iEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn2f8CAAD//3WdzFY=") r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0) ftruncate(r0, 0xde36) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x90) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) mmap$xdp(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x11, 0xffffffffffffffff, 0x0) getpid() bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000001080)={0x0, 0x0, 0x0, {0x0, 0x1}, {0x3a, 0x2}, @ramp}) r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) write$char_usb(r3, &(0x7f0000000040)="e2", 0x2250) ioctl$EVIOCGKEY(r3, 0x80404518, &(0x7f0000000140)=""/183) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9, 0x13, r1, 0x0) ioctl$TUNSETOFFLOAD(r0, 0x40047440, 0x2000000a) 1.21739239s ago: executing program 1 (id=1768): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8000000000000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1e, 0x0, 0x0, 0x8000, 0x410, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000", @ANYRES32=r1, @ANYRES32], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup.net/syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_devices(r3, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48) socket(0xa, 0x3, 0x3a) socket$kcm(0x2, 0xa, 0x2) socket$inet6(0x10, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r8, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000006c0)=0x39) sendmsg$BATADV_CMD_SET_HARDIF(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010200000000000000001000000008000300", @ANYRES32=r7, @ANYBLOB="08000600", @ANYRES32=r9], 0x24}}, 0x0) write$cgroup_devices(r4, &(0x7f00000002c0)=ANY=[@ANYBLOB='b 75:*\trm', @ANYRES8=0x0, @ANYRES32], 0xa) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e27, 0x3, @rand_addr=' \x01\x00', 0x7}, 0x1c) r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r10, 0x40045402, &(0x7f0000000040)=0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(r10, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r10, 0x40505412, &(0x7f00000000c0)={0x0, 0x7, 0x0, 0x0, 0xf}) read(r10, &(0x7f00000015c0)=""/186, 0xba) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r10, 0x54a2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'dummy0\x00'}) socket$netlink(0x10, 0x3, 0x0) socket$kcm(0xa, 0x2, 0x11) 1.2169627s ago: executing program 0 (id=1769): mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200010, &(0x7f0000000300)={[{@user_xattr}, {@nombcache}, {@dioread_lock}, {@norecovery}, {@barrier_val={'barrier', 0x3d, 0x4c}}, {@lazytime}, {@init_itable_val={'init_itable', 0x3d, 0x5}}, {@usrquota}, {@errors_continue}]}, 0xfd, 0x55d, &(0x7f0000000980)="$eJzs3d9rW1UcAPDvTX/sp66DMdQHKezByVy6tv6Y4MN8FB0O9H2G9q6Mpsto0rHWgduDe9mLDEHEgfgH+O7j8B/wrxjoYMgo+uBL5aY3XbYmbZZlSzSfD9ztnPuj55yce07OyUm4AQytyeyfQsSrEfFNEnGo6dho5AcnN89bf3htLtuS2Nj47M8kknxf4/wk//9AHnklIn79OuJEYXu61dW1xVK5nC7n8ana0uWp6urayYtLpYV0Ib00Mzt7+p3Zmfffe7dnZX3z3N/ff3r3o9O3jq1/9/P9w7eTOBMH82PN5XgG15sjkzGZvyZjceaJE6d7kNggSfqdAboykrfzscj6gEMxkrd64P/vq4jYAIZUov3DkGqMAxpz+x7Ng/8zHny4OQHaXv7Rzc9GYm99brR/PXlsZpTNdyd6kH6Wxi9/3LmdbdG7zyEAdnX9RkScGh3d3v8lef/XvVMdnPNkGvo/eHHuZuOft1qNfwpb459oMf450KLtdmP39l+43+KypFefUmfjvw9ajn+3Fq0mRvLYS/Ux31hy4WI5zfq2lyPieIztyeI7reecXr+30e5Y8/gv27L0G2PBPB/3R/c8fs18qVZ6ljI3e3Aj4rWW499kq/6TFvWfvR7nOkzjaHrn9XbHdi//87XxU8QbLev/0YpWsvP65FT9fphq3BXb/XXz6G/t0u93+bP6379z+SeS5vXa6tOn8ePef9J2x7q9/8eTz+vh8Xzf1VKttjwdMZ58sn3/zKNrG/HG+Vn5jx/buf9rdf/vi4gvOiz/zSM32546CPU//1T1//SBex9/+UO79Dur/7froeP5nk76v04z+CyvHQAAAAAAAAyaQkQcjKRQ3AoXCsXi5vc7jsT+QrlSrZ24UFm5NB/138pOxFihsdJ9qOn7ENP592Eb8Zkn4rMRcTgivh3ZV48X5yrl+X4XHgAAAAAAAAAAAAAAAAAAAAbEgTa//8/8PtLykvEXm0PgufLIbxheu7b/XjzpCRhI3v9heHXV/vf1Ph/Ai+f9H4bUWL8zAPST938YXto/DC/tH4aX9g8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9de7s2WzbWH94bS6Lz19ZXVmsXDk5n1YXi0src8W5yvLl4kKlslBOi3OVpd3+XrlSuTw9EytXp2pptTZVXV07v1RZuVQ7f3GptJCeTz1tCAAAAAAAAAAAAAAAAAAAALarrq4tlsrldFlAoKvA6GBkQ6ApcKsHrbvPHRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANPk3AAD//0unNek=") perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x4e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x300000000000000) 1.123995848s ago: executing program 1 (id=1771): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000700)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f00000000c0)=""/47, 0x2f) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x4008031, 0xffffffffffffffff, 0x0) getdents64(r1, &(0x7f0000000040)=""/56, 0x38) r2 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r2, &(0x7f0000000600)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000180)="080027226da0d6c1", 0x8}], 0x1, &(0x7f0000000200)=[@ip_tos_u8={{0x11}}], 0x18}, 0x31c467c443849f7c) perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="00000000000001000000000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000036e9ade682ac00000000be54810f4f9382be7521092d845b3fa43d8c97dcebeef87057daae564a8d773245a8b1a30ed528369cf237f8520547954030870a7f033a794bba4affce6287d53a1a865995fe284e01f70de4d23b2609777d4720f9da23941300626721c760df5a7f465e6cb335211990b7867c8f29dcccae192e97787608ae6752b100794922c3a2b75c837f112e9b6eb978283415d8bb00bc8da9130bfe59e8ab5ff7ad39de201d3da6857b8f90a3d752d32f9e9b894c3a3fd537440ba3e7abb9aebe207fb85b63604b4603c6a296f739a9c1416ae40df67b0ec94cca84761038c62cd2ff2bfbf2b8ab4b5b7eed28f16f27622cbfc9924a5b02fca5740178b6a53094da557a2792bf76fbc35f3de0a6eb735ab8da30b4324ea2958d79300da7b64f6df4d2bfb377629570d183716f8521c86efad9a1bcaf1641fdb2520d5300000000000051b88bd1a6d13e0be259a2475c889499dfdaedcdb3dab70017606450f367863f5a62430e642150cf65bc18c1eb374c6561c7b010136384719141421c43813beb2f5f0d2f88e7f49907a72b34a11f375c727b544516ef16aa87687fcc5c646e248c706d46eda6cfe0c538040e9f8a57d00e843e3949ca4c9031bcb4760b2e56fefc2c1d9b73ed05b6e255ea6172344566b669d98892dcc078b90bd1266aa69b58ae0b1ad945b7edf60ecca6f5867e5425d232c5b2cde029b9d6b3fb622b91f96e1c515537beeee19485bcad0d"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_SREG={0x8}, @NFTA_PAYLOAD_BASE={0x8}, @NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_CSUM_FLAGS={0x8}, @NFTA_PAYLOAD_CSUM_OFFSET={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x9c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='fib6_table_lookup\x00', r4}, 0x10) getsockopt$EBT_SO_GET_INIT_ENTRIES(r2, 0x0, 0x83, &(0x7f0000000500)={'filter\x00', 0x0, 0x3, 0xe0, [0x8000000000000001, 0xc, 0x1, 0xcea, 0x9, 0xf], 0x3, &(0x7f0000000100)=[{}, {}, {}], &(0x7f00000003c0)=""/224}, &(0x7f00000001c0)=0x78) 1.069049032s ago: executing program 0 (id=1772): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000080)=[{0x20, 0x0, 0x0, 0xfffff014}, {0x6}]}, 0x10) (fail_nth: 13) 1.068659432s ago: executing program 2 (id=1773): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000700)=@mangle={'mangle\x00', 0x64, 0x6, 0x750, 0xd0, 0x300, 0xd0, 0x1b8, 0xd0, 0x680, 0x680, 0x680, 0x680, 0x680, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x3, {0x600, 0xfffe, 0x703}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00'}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@uncond, 0x0, 0x100, 0x148, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@socket1={{0x28}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4=@private}}}, {{@uncond, 0x0, 0x108, 0x130, 0x0, {}, [@common=@frag={{0x30}}, @common=@frag={{0x30}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x228, 0x250, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@remote, @ipv4={'\x00', '\xff\xff', @empty}, @remote, @ipv4={'\x00', '\xff\xff', @private}, @dev, @private0, @loopback, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @loopback, @private1, @remote, @private1, @mcast2, @private0, @private2]}}, @common=@dst={{0x48}}]}, @common=@inet=@TCPMSS={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x7b0) 1.068456232s ago: executing program 0 (id=1774): r0 = perf_event_open(&(0x7f0000000240)={0x4, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x340, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) pipe(0x0) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file0\x00', 0x120c480, &(0x7f0000000080)={[{@jqfmt_vfsv0}, {@dioread_lock}, {@nodelalloc}, {@noload}, {@nodiscard}, {@discard}, {@init_itable_val={'init_itable', 0x3d, 0x1}}, {@max_batch_time={'max_batch_time', 0x3d, 0x20}}, {@resgid}]}, 0x3, 0x4d6, &(0x7f0000000680)="$eJzs3d9LXNkdAPDvHTUxiamm7UMaaBLaFBPazGhsEulDYqG0T4Gm6bu1Ooo4OuKMiUoohv4BhdJftE996kuhf0Ch5E8opYH2fVmWXcJukn3Yh92dZa5X45oZfxAdE+fzgeM95/6Y7zkzzpk59x7mBtC2LkbESER0RMSViOjN1ueyFKtrqb7f82cPx+spiVrt3odJJNm69cdKsuWp7LDuiPjZTyJ+mbwat7K8MjNWKhUXsnKhOjtfqCyvXJ2eHZsqThXnRoYGbwzfHL4+PLBvbb31o/f+8Ju//fjWv7734J3RDy7/ql6tnmzb5nbsxuou91trelf6XKSO7yXKm6/+f9OZthAAgLdB/Tv+VyPiWxHx4s+HXRsAAADgINRu98SnSUQNAAAAOLJy6RzYJJfP5gL0RC6Xz6/N4f16nMyVypXqdyfLi3MTa3Nl+6IrNzldKg5kc4X7oiuplwfT/MvytS3loYg4ExG/6z2RlvPj5dLEYZ/8AAAAgDZxasv4/+PetfE/AAAAcMT0HXYFAAAAgANn/A8AAABHX9Pxf9LZ2ooAAAAAB+Gnd+7UU239/tcT95cXZ8r3r04UKzP52cXx/Hh5YT4/VS5Ppb/ZN7vT45XK5fnvx9ziUqFarFQLleWV0dny4lx1NL2v92jRfaIBAACg9c5cePz/JCJWf3AiTXXHsm07j9U7Drh2wEHK7W335KDqAbSeT3BoX5sn+F5outexltQFaC3X44EdBva/T//e3ijv8bQBAADwJuj/xutc/3c9EN5mBvLQvlz/h/blB76gfbn+D23u+M67dDfb8O99rgsAAHBgetKU5PLZtcCeyOXy+YjT6W0BupLJ6VJxICK+EhH/6+06Xi8PHnalAQAAAAAAAAAAAAAAAAAAAAAAAOAtU6slMVIDAAAAjrKI3PtJdiP//t5LPVvPDxxLPulNlxHx4C/3/rg0Vq0uDNbXf7SxvvqnbP21jcOSiNXWnsgAAAAANiyNRTY0XxvHAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB+ev7s4fh6amXcpz+MiL5G8TujO112R1dEnHyRROem45KI6NiH+KuPIuJso/hJvVrRl9Via/xcRJw45Pin9iE+tLPH9f5npNH7LxcX02Xj919nll7X04vN+r/cRv/XEf995bh6/3d6lzHOPflHoWn8RxHnOhv3P+vxk9fsf3/x85WVZttqf43ob/j5k3wpVqE6O1+oLK9cnZ4dmypOFeeGhgZvDN8cvj48UJicLhWzvw1j/Pab//x8u/afbBK/b4f2X9pl+z97svTsa9vEv/ztxq//2TRQ4/j15/472edAfXv/en51Lb/Z+b//5/x27Z9o0v6dXv/Lu2z/lbu/fneXuwIALVBZXpkZK5WKCzIyMkcvczd7o+/58EPumAAAgH338kt/w81J0vIaAQAAAAAAAAAAAAAAAAAAQPtpxY+QbY7XfXhNBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY1hcBAAD//6830AU=") r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="1e03cff7ffff"], 0xffdd) r2 = open(&(0x7f0000000180)='./file0\x00', 0x200040, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x1, 0x40, 0x40, 0x41}, 0x48) sched_setscheduler(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x2}, 0x8}, 0x90) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r3, 0x8953, &(0x7f0000000280)) shmget$private(0x0, 0x4000, 0x0, &(0x7f0000000000/0x4000)=nil) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000200)={0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0xe) shutdown(r4, 0x0) ioctl$TIOCCONS(r2, 0x541d) socket$inet(0x2, 0x5, 0x0) r5 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e20, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$RTC_AIE_OFF(r5, 0x7002) 1.061117123s ago: executing program 1 (id=1775): r0 = shmget$private(0x0, 0x4000, 0x54001800, &(0x7f0000000000/0x4000)=nil) shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) r1 = shmat(r0, &(0x7f0000ffc000/0x3000)=nil, 0x0) (async) shmat(r0, &(0x7f0000000000/0x1000)=nil, 0x17b23106b1d79382) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$kcm(0x2, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, 0x0, 0x0, 0x1, 0x1000, &(0x7f0000001040)=""/4096}, 0x90) (async) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x178, 0x1403, 0x4, 0x70bd29, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ipvlan0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'sit0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_batadv\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wg0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'vlan1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'caif0\x00'}}, {{0xffffffffffffffe6, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'nicvf0\x00'}}, {{0x5, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wg0\x00'}}]}, 0x178}, 0x1, 0x0, 0x0, 0x8000}, 0x4000080) openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x0, 0x0) (async) syz_io_uring_setup(0x6908, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1868, 0x0, &(0x7f00000005c0)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(0xffffffffffffffff, 0x184c, 0x0, 0x0, 0x0, 0x0) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000180)={'syztnl1\x00', &(0x7f0000000100)={'ip6gre0\x00', 0x0, 0x4, 0x9, 0x5, 0x9, 0x6c, @mcast2, @ipv4={'\x00', '\xff\xff', @empty}, 0x80, 0x1, 0x0, 0x5}}) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x6, 0x2c, &(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000b70a1800faffffffb7080000000000007b8af8ff00000000b7080000050000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000820000008520000000000000b7080000000000007b8af8ff00000000b7080000010400007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000008500000054000000"], &(0x7f0000000240)='syzkaller\x00', 0xffff8000, 0x91, &(0x7f0000000580)=""/145, 0x40f00, 0x12, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x2, 0x0, 0x1, 0x6}, 0x10, 0x0, 0x0, 0x5, 0x0, &(0x7f00000006c0)=[{0x3, 0x2, 0xb, 0xb}, {0x1, 0x4, 0xd, 0xa}, {0x0, 0x2, 0xf}, {0x1, 0x4, 0x6, 0xc}, {0x2, 0x5, 0x0, 0x1}]}, 0x90) (async, rerun: 32) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@map=0x1, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) (rerun: 32) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000003c0)={@map, 0xffffffffffffffff, 0x26, 0x0, 0x0, @link_id, r9}, 0x20) (async) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000800)={@ifindex=r7, 0xffffffffffffffff, 0x1d, 0x14, r8, @link_fd, r9}, 0x20) (async) sendmsg$inet(r3, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x488d4) (async) setsockopt$sock_attach_bpf(r3, 0x1, 0x31, &(0x7f0000000640), 0x4) (async) syz_mount_image$ext4(&(0x7f0000000580)='ext2\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f00000000c0), 0x1, 0x5d8, &(0x7f0000000600)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") (async) r10 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0) open_by_handle_at(r10, &(0x7f0000000200)=ANY=[@ANYBLOB="080000005500000000000000000000643cb1249a285f71f439e4168fcfd1fe0a1c2559e9a9f66faeb748b5f9a2ee0af5d79d1ead9e3460"], 0x101) setsockopt$sock_attach_bpf(r3, 0x1, 0x31, &(0x7f0000000000), 0x4) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r2) (async) shmat(r0, &(0x7f0000000000/0x3000)=nil, 0x5000) shmdt(r1) (async) socket$inet6(0xa, 0x2, 0x0) 1.055293403s ago: executing program 3 (id=1776): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x14, 0x0, 0x2, 0x401}, 0x14}, 0x1, 0x0, 0x14000000}, 0x0) 992.556709ms ago: executing program 2 (id=1777): r0 = syz_open_dev$vcsn(&(0x7f00000036c0), 0x4, 0x200) sendmsg$nl_route(r0, &(0x7f00000035c0)={&(0x7f0000003700)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000037c0)={&(0x7f0000003600)=@bridge_newvlan={0x54, 0x70, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0xa}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_STATE={0x5, 0x3, 0x1}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x3}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_STATE={0x5, 0x3, 0x3}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x52, 0x3}}}]}, 0x54}}, 0xe010) statx(r0, &(0x7f0000000000)='./bus\x00', 0x100, 0x8, &(0x7f00000003c0)) open(&(0x7f0000000340)='./bus\x00', 0x143142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000040)='./file2\x00', 0x10502, &(0x7f0000001b80)=ANY=[], 0x1, 0x11f3, &(0x7f0000002580)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=") r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) lseek(r1, 0x100000007ffffb, 0x0) r2 = open(&(0x7f0000000080)='./file2\x00', 0x220080, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$LOOP_SET_STATUS64(r2, 0x301, 0x0) 992.342248ms ago: executing program 3 (id=1778): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0x9, 0x3, 0x270, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1f0, 0xffffffff, 0xffffffff, 0x1f0, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x4}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2d0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000011c0)={0xa, 0x4e22, 0x0, @remote, 0x400000}, 0x1c) listen(r0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000001280)=ANY=[@ANYBLOB="f9562511edde5ba92e483dcd5ddbb66f9184e312373280a6a0370122663a8a2b14bb187042ed493d6f7ab0d24d5a6efbba652495c7a3cda5bf51703d52a566ec20ea2edc7236486e4e249785b483172069ced398fdaf62e953e7ce7fa898ca511e046b43f6e764a71b434681be5e21663611d5fc99ae2d66daa1e249c18ac5cfdb4ca3a20d74132e5d8fb083159c25d07974fe4f52cf609188f73918fb5ee7b5dc7a2a38c1722ab757031ab5195746b808455c48116737ede7c8d63028d20af5c8f2f2bc9725a8492a"], 0xfffffdef}}, 0x0) shutdown(r1, 0x0) read$char_usb(0xffffffffffffffff, &(0x7f0000000040)=""/4122, 0x101a) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001080)=ANY=[@ANYBLOB="640000001900010000000000000000001d0109004d000f8025b57efaa2000574b8d6e1db9b2bb2e5c90fafb663cdebaede447dc8f6f61c6615fc0640adda4853b2d23a9b33000000a333de62f671055d9895f3f6f78da8ee1d14fe3e0870394fdaec29aef92e4227fc3d98522ac96315e359a58b9902274300317c0dbb48f279c5070d0e0ff9e575f80ff9928a85d12cbe578eceb3b9121ceb4e961805977fbcfd6b26088d179b7c9bdcf09e0adfa186caaa8887416e1b5638f1"], 0x64}}, 0x0) 955.965971ms ago: executing program 1 (id=1780): syz_read_part_table(0x5fd, &(0x7f0000000d00)="$eJzs2z9olGccB/DvxVzOP9B0cHKpcegkFMXRDFWSU7EQTqUQHLS1iJgpQuCkhwc6tBkUM0jHLlK4ReNkzOBQFIXORRxahAwuBV2kdshbrvc2rfaPR8kNxc9n+T338rvn+/zgWZ/wvzaUarkqar+VDz751/5i9I91O8c6E5MHi6IojiaVHE81Y9++s5hkOK/umh1JRv60z/WvNy9/+fxAtfP4yIv3T9ybH1rbs5Z3k2wZeePRa/1PyaDcGL8/evHSbP1y90e9tbL6cXLz2URj6fD8wuKh6v5T3e8Xkgdlf+9ibMq5NHM+Z3Ny+L+kVl7Jb3fzm+NnHtVbK191nuxa3Vbv3D699+X25St3dydz3Yip1/6XN9+vvqzNX+bPjV2dXmjt23lr67U9zTsPG083/Fz0lJHV9ckFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAwbozfH714abZ+uTl+5lG9tfLF9999dPPZRGPp8PzC4qGR/afKvgdlHS7ruTRzPmdzMjOZyWeZ7T9yuvKP+b9sTp7sWt1W79w+vffl5PKVu7vLvqn1GPZvvD7/3NjV6YXWvp23tl7b07zzsPF0Q69vppZPU+2tawM6CwAAAAAAAAAAAAAAAAAAAG+vicmD26c+bBxNKjm+MclPnw91vxflI/ff3+rvKOsPtWRTkusbk/bzA9XO4yMvRk7cm/+x7G+nlnaSLd8sHUveW8u58JfkyqBHow+/BgAA//8hVpWc") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000ffffffff000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r2 = open(&(0x7f00000005c0)='./bus\x00', 0x147842, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x3c, r4, 0x1, 0x0, 0x0, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3c}]}, 0x3c}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$pppoe(0x18, 0x1, 0x0) syz_io_uring_setup(0x1485, &(0x7f0000000340), 0x0, 0x0) syz_io_uring_setup(0x1106, &(0x7f0000000740), 0x0, 0x0) syz_io_uring_setup(0x7d09, &(0x7f0000000480), 0x0, 0x0) socket$pppoe(0x18, 0x1, 0x0) preadv2(r2, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x0) 812.350303ms ago: executing program 0 (id=1782): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0x9}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r4, &(0x7f0000000380)={0xa, 0x4e20, 0x7fff, @mcast1, 0x5}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 768.680257ms ago: executing program 2 (id=1783): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001df0070f000200000000000007000000", @ANYRES32, @ANYBLOB='\x00\x00g\x00\b\x00\b'], 0x24}}, 0x0) 745.093619ms ago: executing program 2 (id=1784): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000240)={'#! ', './file1', [], 0xa, "b26c45b0ba9f93e1b884d7ee0fa7c5c76f1c3fb93b37678feb7121427c1f78066c84fa85fce5d562792cbf969492b749b81ec1da8d58"}, 0x41) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r2 = socket(0xa, 0x6, 0x0) getsockopt$inet6_mreq(r2, 0x10d, 0xa1, 0x0, &(0x7f0000000040)) 727.23321ms ago: executing program 2 (id=1785): inotify_init1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() ioprio_set$pid(0x1, 0x0, 0x0) ioprio_get$pid(0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) memfd_create(0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) write$cgroup_int(r2, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000480)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xa) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000023c0)={&(0x7f0000000980)='sys_exit\x00'}, 0x10) syz_clone(0x22023500, 0x0, 0x20010, 0x0, 0x0, 0x0) 540.566626ms ago: executing program 1 (id=1786): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) listen(r0, 0x400000001ffffffd) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_SET_PMKSA(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={0x0}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r2, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16], 0x28}}, 0x0) sendmsg$NL80211_CMD_START_NAN(r2, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0xb000000}, 0xc, &(0x7f0000000680)={&(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYRESDEC], 0x54}, 0x1, 0x0, 0x0, 0x4044}, 0x0) 309.774714ms ago: executing program 4 (id=1788): syz_emit_ethernet(0x6a, &(0x7f0000000140)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @rand_addr, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x3}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@rand_addr, 0x4000000}, {@private}, {@local}, {@remote}]}]}}}}}}}, 0x0) 283.900777ms ago: executing program 4 (id=1789): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) (async, rerun: 64) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3) (async) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, &(0x7f0000000100)='4', 0x1}) (async) io_uring_enter(r1, 0x7f5f, 0x0, 0x0, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r6) (async) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000040)=0x2, 0x4) (async) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r8 = socket$inet6_mptcp(0xa, 0x1, 0x106) r9 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r9, 0x402, 0x8000003d) (async) r10 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='memory.swap.events\x00', 0x0, 0x0) sendto$llc(r10, &(0x7f00000005c0)="b8c97f5fcb1f", 0x6, 0x1, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r10, 0x8983, &(0x7f0000000640)={0x1, 'vlan0\x00', {}, 0x8000}) (async) ioctl$KDFONTOP_GET(r10, 0x4b72, 0x0) ioctl$sock_FIOGETOWN(r10, 0x8903, &(0x7f0000000b40)=0x0) (async) r12 = perf_event_open(&(0x7f0000000b80)={0x3, 0x80, 0x80, 0x7, 0x0, 0xf4, 0x0, 0x0, 0x200, 0x6, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffff9, 0x401}, 0x200, 0x0, 0x2, 0x7, 0x7fffffffffffffff, 0x8, 0x1, 0x0, 0xff, 0x0, 0xc}, 0xffffffffffffffff, 0x2, r10, 0x1) perf_event_open(&(0x7f0000000ac0)={0x3, 0x80, 0x5, 0x8, 0x3, 0x6, 0x0, 0x4, 0x100a0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xffffff7f, 0x0, @perf_config_ext={0x8}, 0x10000, 0x0, 0x7fffffff, 0x7, 0x7, 0x3, 0x4, 0x0, 0x0, 0x0, 0xdb69}, r11, 0x7, r12, 0x1b) (async) syz_open_procfs(r11, &(0x7f0000000d40)='net/arp\x00') (async, rerun: 64) write$cgroup_pid(r9, &(0x7f0000000200)=r11, 0x12) (async, rerun: 64) setsockopt$sock_int(r8, 0x1, 0xf, &(0x7f0000000040)=0x2, 0x4) bind$inet6(r8, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) shutdown(r4, 0x1) (async) r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="a7065948fca88dcf19f6f55908d1501073692f18eed4455601ab7e052726cb146895d24e5cd1349ae7e77d3bdfe46aec13cd171714ff5ae239efbde2c0ef8a552880b1e66577ce67c688fa0bc21c4a5bc53e0ace1e433ca544b2213c050a27d8c151c0a7bed5e6bbcb77faa7d1752b6c16821ea3905faed42d89ac3cea9379dc084ca364c7a0f8e258a63ea153ecfee78302ddf700876cbaa078626bbc351b3d940d3b6584507b1b153ec3d0765a978aca95970b18c194ef229c97bef57bd50b4b07eae19435a2e6abe44e621a5cf21537240616308ddd5403fb5f3a0cccac94e4829b711941352c37a7aa9fc520f3f975cbbe", @ANYRESOCT=r1], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r13, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x50) (async, rerun: 64) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)='%ps \x00'}, 0x20) (rerun: 64) 188.626604ms ago: executing program 4 (id=1790): perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x4, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="9110b4000c00000095"], &(0x7f0000000280)='GPL\x00'}, 0x90) 188.428744ms ago: executing program 4 (id=1791): r0 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000a6800010000000000000000000a000000000000000c0008800800030000000000060007000200000008000500", @ANYRES32=r2, @ANYBLOB="140006"], 0x48}}, 0x0) 169.687396ms ago: executing program 3 (id=1792): perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000180), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4094) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) unshare(0x20020680) r1 = syz_io_uring_setup(0x73d, &(0x7f00000003c0), &(0x7f0000000080)=0x0, &(0x7f0000000540)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x6, 0x0, 0x0, 0x0, 0x0}) r4 = eventfd(0xfffffffd) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x7, &(0x7f0000000000)=r4, 0x1) io_uring_enter(r1, 0x4ac6, 0x0, 0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000003100)=@gcm_128={{0x303}, "0400", "0d07080d004f1a8600", "cf0d00", "8657e2b7e43934e4"}, 0x28) sendmsg$inet6(r0, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[], 0x30}, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f0000000140)={0x28, 0x0, 0x2711, @local}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r6 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r6, 0x84, 0x21, &(0x7f0000000280)=0x3, 0x4) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x2010400, &(0x7f0000000400), 0x1, 0x4b9, &(0x7f0000000480)="$eJzs3M9rHFUcAPDvTH606Q8Ta/3RWnW1ikExaVN/9ODBioIXQdBDBS8xSUvttpUmgi0Bo0h7lII3D+JNwb/Ak15EvSgoeNG7FER6sXpa2Z2ZZHe7u83vrdnPB3b3vZ238953Zt5k5r3NBtCzStWnJGJXRPwWEcNZtrFAKXu5fm1+6p9r81NJVCqv/pXUyv19bX6qKFp8bmeeGU0j0g+TYkF//WpnL1w8PVkuz5zP8+NzZ94en71w8YlTZyZPzpycOTtx9OiTRw4/8/TEU2uM8Nfa83CeO7DvpdevvDx1/Mqb3395eXcWdzTFsXppQ64UpcZtWeeRtVd2S9ldl076u9gQVqQv75gDtf4/HH113XQ4Xvyg44e3b0IDgQ1TqVQq29ovXqhkYnsF2HqSyF/7I7rdFmAzFX/oq/e/xWOTLj1uCX8ey26AqnFfzx/Zkv7Fu/mBpvvb9VSKiOML/35afUTzOMTgBlUKAPS0r49FLOTpxuu/NO6qK3dbPocyEhG3R8SeiLgjIvZGxJ1DUSt7d0Tcs8L6S035vphvGlVOr644qBWoXv89m89tNV7/5Vd/gzHSl+d2Z0PlyYlT5ZlD+TYZjYFSNX84K9003VObCYtvXvj5o3b111//VR/V+mvXgkNFifRqf9MA3fTk3OS6xf9+xP7+VvEnizMB1aD2RcT+Vit47uZ1nHrsiwPtlrWNfznWYZ6p8lnEo9n+X4g8/uyye2lXJp3nJ8e3R3nm0HhxVNzoh58uvdKu/jXFvw6q+39Hy+O/iH+kllqcr53N3h1aQR2Xfr88VVvfwo3Lbh5/6+N/MHmtlh6se642tmhX8c67k3Nz5yeWPlvka6+Hs/hHD7bu/3tiaUvcGxHVg/i+iLg/Ih7I2/5gRDwUEQc7xP/d8w+/VZe9YXr9eBJd3f/T2f7f1nr/x0jj/l95ou/0t1+1qz+bIe+4/395I0+N5q/LOP+VyjPni7NDxwaucrMBAADA/0oaEbsiSccW02k6NpaNXO6NHWn53Ozc4yfOvXN2Ovuu/EgMpMVIVzYePJAU458jdfmJpvyRfNz4476hWn5s6lx5utvBQ4/b2ab/V/3R1+3WARvO/2tB79L/oXfp/9C7+uOTTt9fArao925eZGAz2gF0RdrqzWWcF4AtwP0/9C79H3qX/g+9q3P/9y1A2KJmK6v/v/5yMXDYZlHjO8lSmeJHGlZVaWMibb2oOGetYc2rTnye/1bgpla6jERlfVcYadtFQ81bPul27EuJyvILp+tziK53oji2O5T5cQ1VVPLEZp+JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANsZ/AQAA///EtcDm") accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000040), &(0x7f00000000c0)=0x60) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0xe404, &(0x7f0000000240), 0x25, 0x4b6, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvvW1pKYUWJfFHVBBRNISZdoCGsMKNxhASI3HlAmo7NE1nOk1nirSyKP+DiSSu9E9wYeLChJV7d7pzgwsTVOILfclbzMudmZZSOm3fo8x96Xw+ycm9555hvt/D9J4zPW3nBNC3LkTERkSciIgHETHeuZ50Stxul+xxr189md189WQ2iWbz3n+TVnt2LXb8m8ypznOORMTPfhzxy+TduPW19cWZSqW80qkXG9XlYn1t/epCdWa+PF9eKpWmp6Ynb167UTqyvp6v/vHljxbu/Pwvf/7mi79t/ODXWVpjnbad/ThK7a4PbcfJDEbEnQ8RLAcDnf6cyDsRPpc0Ir4UERez+7+ZdzYAQC80m+PRHN9ZBwCOu7S1Bpakhc5awFikaaHQXsM7F6NppVZvXHlYW12aa6+VTcRQ+nChUp7srBVOxFCS1ada52/qpV31axFxNiJ+M3yyVS/M1ipzeb7xAYA+dmrX/P/RcHv+BwCOuZG8EwAAes78DwD9x/wPAP3H/A8A/cf8DwD9x/wPAP3H/A8AfeWnd+9mpbnZ+fzruUdrq4u1R1fnyvXFQnV1tjBbW1kuzNdq863P7Kke9HyVWm156nqsPi42yvVGsb62fr9aW11q3G99rvf98lBPegUA7Ofs+ef/SCJi49bJVokdezmYq+F4S/NOAMjNQN4JALkZzDsBIDe+xwf22KL3LV1/RejZ0ecC9Mblr1n/h35l/R/6l/V/6F/W/6F/NZuJPf8BoM9Y4wf8/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+u7FWSdJCZy/wsUjTQiHidERMxFDycKFSnoyIMxHx9+Gh4aw+lXfSAMB7Sv+ddPb/ujx+aWx364nk4+HWMSJ+9bt7v30802isTGXX/7d9vfGsc72UR/4AwEG25umteXzL61dPZrdKL/N5+cP25qJZ3M1OabcMxmDrOBJDETH6/6RTb8verwwcQfyNpxHx1b36n7TWRiY6O5/ujp/FPt3T+Olb8dNWW/uY/V98+QhygX7zPBt/bu91/6VxoXXc+/4faY1Q729r/Nt8Z/xLt8e/gS7j34XDxrj+1590bXsa8fXBveIn2/GTLvEvHTL+P7/xrYvd2pq/j7gce8ffGavYqC4X62vrVxeqM/Pl+fJSqTQ9NT1589qNUrG1Rl3cWql+139uXTmzX/9Hu8QfOaD/3z1k///wyYNffHuf+N//zt6v/7l94mdz4vcOGX9m9E9dt+/O4s916f9Br/+VQ8Z/8a/1uUM+FADogfra+uJMpVJecdKzk+y92xcgDSe5nWRfAUfxPF/5gKnmPTIBH9qbmz7vTAAAAAAAAAAAAAAAgG568QdPefcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA4+vTAAAA//+0tdao") socket$inet_udp(0x2, 0x2, 0x0) r7 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r7, 0x29, 0x2a, &(0x7f00000002c0)={0xd, {{0xa, 0x0, 0x3, @ipv4={'\x00', '\xff\xff', @rand_addr=0x8}, 0x6}}}, 0x88) 159.867107ms ago: executing program 4 (id=1793): r0 = perf_event_open(&(0x7f0000000240)={0x4, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x340, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) pipe(0x0) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file0\x00', 0x120c480, &(0x7f0000000080)={[{@jqfmt_vfsv0}, {@dioread_lock}, {@nodelalloc}, {@noload}, {@nodiscard}, {@discard}, {@init_itable_val={'init_itable', 0x3d, 0x1}}, {@max_batch_time={'max_batch_time', 0x3d, 0x20}}, {@resgid}]}, 0x3, 0x4d6, &(0x7f0000000680)="$eJzs3d9LXNkdAPDvHTUxiamm7UMaaBLaFBPazGhsEulDYqG0T4Gm6bu1Ooo4OuKMiUoohv4BhdJftE996kuhf0Ch5E8opYH2fVmWXcJukn3Yh92dZa5X45oZfxAdE+fzgeM95/6Y7zkzzpk59x7mBtC2LkbESER0RMSViOjN1ueyFKtrqb7f82cPx+spiVrt3odJJNm69cdKsuWp7LDuiPjZTyJ+mbwat7K8MjNWKhUXsnKhOjtfqCyvXJ2eHZsqThXnRoYGbwzfHL4+PLBvbb31o/f+8Ju//fjWv7734J3RDy7/ql6tnmzb5nbsxuou91trelf6XKSO7yXKm6/+f9OZthAAgLdB/Tv+VyPiWxHx4s+HXRsAAADgINRu98SnSUQNAAAAOLJy6RzYJJfP5gL0RC6Xz6/N4f16nMyVypXqdyfLi3MTa3Nl+6IrNzldKg5kc4X7oiuplwfT/MvytS3loYg4ExG/6z2RlvPj5dLEYZ/8AAAAgDZxasv4/+PetfE/AAAAcMT0HXYFAAAAgANn/A8AAABHX9Pxf9LZ2ooAAAAAB+Gnd+7UU239/tcT95cXZ8r3r04UKzP52cXx/Hh5YT4/VS5Ppb/ZN7vT45XK5fnvx9ziUqFarFQLleWV0dny4lx1NL2v92jRfaIBAACg9c5cePz/JCJWf3AiTXXHsm07j9U7Drh2wEHK7W335KDqAbSeT3BoX5sn+F5outexltQFaC3X44EdBva/T//e3ijv8bQBAADwJuj/xutc/3c9EN5mBvLQvlz/h/blB76gfbn+D23u+M67dDfb8O99rgsAAHBgetKU5PLZtcCeyOXy+YjT6W0BupLJ6VJxICK+EhH/6+06Xi8PHnalAQAAAAAAAAAAAAAAAAAAAAAAAOAtU6slMVIDAAAAjrKI3PtJdiP//t5LPVvPDxxLPulNlxHx4C/3/rg0Vq0uDNbXf7SxvvqnbP21jcOSiNXWnsgAAAAANiyNRTY0XxvHAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB+ev7s4fh6amXcpz+MiL5G8TujO112R1dEnHyRROem45KI6NiH+KuPIuJso/hJvVrRl9Via/xcRJw45Pin9iE+tLPH9f5npNH7LxcX02Xj919nll7X04vN+r/cRv/XEf995bh6/3d6lzHOPflHoWn8RxHnOhv3P+vxk9fsf3/x85WVZttqf43ob/j5k3wpVqE6O1+oLK9cnZ4dmypOFeeGhgZvDN8cvj48UJicLhWzvw1j/Pab//x8u/afbBK/b4f2X9pl+z97svTsa9vEv/ztxq//2TRQ4/j15/472edAfXv/en51Lb/Z+b//5/x27Z9o0v6dXv/Lu2z/lbu/fneXuwIALVBZXpkZK5WKCzIyMkcvczd7o+/58EPumAAAgH338kt/w81J0vIaAQAAAAAAAAAAAAAAAAAAQPtpxY+QbY7XfXhNBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY1hcBAAD//6830AU=") r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="1e03cff7ffff"], 0xffdd) r2 = open(&(0x7f0000000180)='./file0\x00', 0x200040, 0x0) sched_setscheduler(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x2}, 0x8}, 0x90) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r3, 0x8953, &(0x7f0000000280)) shmget$private(0x0, 0x4000, 0x0, &(0x7f0000000000/0x4000)=nil) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000200)={0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0xe) shutdown(r4, 0x0) ioctl$TIOCCONS(r2, 0x541d) socket$inet(0x2, 0x5, 0x0) r5 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e20, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$RTC_AIE_OFF(r5, 0x7002) 94.236542ms ago: executing program 3 (id=1794): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000200)='debugfs\x00', 0x880008, 0x0) r1 = syz_io_uring_setup(0x7279, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)=ANY=[@ANYBLOB="5c00000010000100"/20, @ANYRES32=r7, @ANYBLOB="000000000000000008000d000000000034001680300001802c000c"], 0x5c}}, 0x0) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000001600)=[{0x0}], 0x1}, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r8 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r8, &(0x7f0000001fc0)=""/184, 0xb8) 41.591916ms ago: executing program 3 (id=1795): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x2000410, &(0x7f0000000000)={[{@stripe={'stripe', 0x3d, 0x1}}]}, 0x1, 0x79f, &(0x7f00000012c0)="$eJzs3ctrXFUYAPDvTl5NGk0EQesqIGigdGJrbBUUKi5EsFDQtW1IpqFmkimZSWlCwRYR3AgqLgTddO2j7sSdj63+Fy6kpWpbrLqQkTuPdtLMTDOkM1PI7wc3c869d+ac7577OJNzuRPArjWV/slE7IuID5OIidr8JCKGKqnBiKPV9W5dPz+fTkmUy2/8kVTWuXn9/Hw0vCe1t5Z5PCJ+fC9if2ZrucX1jaW5fD63WsvPlJbPzBTXNw6cXp5bzC3mVg4fnJ09dOS5I4fvX6x//bIxfvWjV5/++ui/7z52+YOfkjga47VljXHcL1MxVdsmQ+km3OSV+11YnyVtlr3Uw3rQmfTQHKge5bEvJmKgkmphtJc1AwC65Z2IKAMAu0zi+g8Au0xETEZt/Ks+9ft/Er107eWI2FONvz6+WV0yWBuz21MZBx27mWwaGUnqG26HpiLi82/f+jKdokvjkADNXLgYEScnp7ae/5Mt9yx06pl2C8sjlZepu2Y7/0HvfJ/2f55v1v/L3O7/RJP+T3r0TpXb3fWzPfc+/jNXdlxIG2n/78WGe9tuNcRfMzlQyz1U6fMNJadO53Ppue3hiJiOoZE0f7CyavPtMX3jvxutym/s//358dtfpOVvvgMnc2VwZPN7FuZKczsKusG1ixFPDDaLP7nd/kmL/u/xbZbx2gvvf9ZqWRp/Gnd9SstPX3cUVAfKlyKeatr+d9oyaXt/4kxld5ip7xRNfPPrp2Otym9s/3RKy69/F+iFtP3H2sc/mTTer1nsvIyfL0380GrZveNvvv8PJ29W0sO1eefmSqXVgxHDyetb5x+68956vr5+Gv/0k82P/3b7f/qd8OQ24x+8+vtXtY9qGn/Fhf61/0JH7d8mUb8e3LXo8q2lgVblb6/9Zyup6dqc7Zz/7lHTHezNAAAAAAAAAAAAAAAAAAAAAAAAANC5TESMR5LJ3k5nMtls9Te8H42xTL5QLO0/VVhbWYjx76rPP83UH3U50fA81PJA9Xn49fyh2Jx/NiIeiYhPRkYr+ex8Ib/Q7+ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGZvi9//T/020u/aAQBds6ffFQAAes71HwB2n86u/6NdqwcA0Dsdf/8vJ92pCADQM9u+/p/sbj0AgN4x/g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECXHT92LJ3Kf18/P5/mF86ury0Vzh5YyBWXsstr89n5wuqZ7GKhsJjPZecLyy0/6EL1JV8onJmNlbVzM6VcsTRTXN84sVxYWymdOL08t5g7kRvqWWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsH3F9Y2luXw+tyrRNjH6YFSjh4nkn3brDEb/a7gbEsN9K73xLDHavxMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPu/wAAAP//wJMmNg==") r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]}) socket$nl_netfilter(0x10, 0x3, 0xc) close_range(r0, 0xffffffffffffffff, 0x0) socket(0x11, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_io_uring_setup(0x7279, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000006119a0000000000095"], &(0x7f0000000080)='syzkaller\x00'}, 0x90) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa66a6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvmsg(r5, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1, 0x0, 0x0, 0x9000000}, 0x1f00) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000380)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x24, 0x4, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @rand_addr, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast2}, {@empty}, {@broadcast}, {@empty}, {@multicast1}, {@private}]}, @rr={0x7, 0x23, 0x0, [@remote, @empty, @empty, @multicast1, @remote, @dev, @loopback, @rand_addr]}, @noop, @lsrr={0x83, 0x3}, @generic={0x0, 0x2}]}}}}}) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) r8 = syz_clone(0x8000000, 0x0, 0xfffffdf6, 0x0, 0x0, 0x0) ptrace(0x10, r8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r7, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000ac0)=ANY=[@ANYRESDEC=r6, @ANYRESDEC=r4, @ANYBLOB="200100000000000000000000000000020000000032000000fe80000000000000000000f1ff0000bb0000000000000000f695be9452b2d2f3ebdab21f00000000000000000000000000000000000000000000000000000000000019002000000000000000000000000000000000020000000000000000003e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000009788e0dbc0de27733a2ab98a4bc714b1a9b24d35af6b2a375e038f1df79c036f9403a4693d464356158255bc9be59649903e5cf0e16ab2eb0356daf674049eafef97939e2c11ab9e36f1e9059cedb26b04a799046bcd8838f2a4cc48a2e165e518163bfe6dfa18ca4759d0b0bdf85c689706cd1989cddfc293beebfd51e5406d44"], 0x1dc}, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000240), &(0x7f0000000140)) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r9, &(0x7f0000000340)=ANY=[@ANYRES32=0x0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r9, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r10 = getpid() sched_setscheduler(r10, 0x0, &(0x7f0000000100)) 0s ago: executing program 4 (id=1796): syz_read_part_table(0x5fd, &(0x7f0000000d00)="$eJzs2z9olGccB/DvxVzOP9B0cHKpcegkFMXRDFWSU7EQTqUQHLS1iJgpQuCkhwc6tBkUM0jHLlK4ReNkzOBQFIXORRxahAwuBV2kdshbrvc2rfaPR8kNxc9n+T338rvn+/zgWZ/wvzaUarkqar+VDz751/5i9I91O8c6E5MHi6IojiaVHE81Y9++s5hkOK/umh1JRv60z/WvNy9/+fxAtfP4yIv3T9ybH1rbs5Z3k2wZeePRa/1PyaDcGL8/evHSbP1y90e9tbL6cXLz2URj6fD8wuKh6v5T3e8Xkgdlf+9ibMq5NHM+Z3Ny+L+kVl7Jb3fzm+NnHtVbK191nuxa3Vbv3D699+X25St3dydz3Yip1/6XN9+vvqzNX+bPjV2dXmjt23lr67U9zTsPG083/Fz0lJHV9ckFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAwbozfH714abZ+uTl+5lG9tfLF9999dPPZRGPp8PzC4qGR/afKvgdlHS7ruTRzPmdzMjOZyWeZ7T9yuvKP+b9sTp7sWt1W79w+vffl5PKVu7vLvqn1GPZvvD7/3NjV6YXWvp23tl7b07zzsPF0Q69vppZPU+2tawM6CwAAAAAAAAAAAAAAAAAAAG+vicmD26c+bBxNKjm+MclPnw91vxflI/ff3+rvKOsPtWRTkusbk/bzA9XO4yMvRk7cm/+x7G+nlnaSLd8sHUveW8u58JfkyqBHow+/BgAA//8hVpWc") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000ffffffff000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r2 = open(&(0x7f00000005c0)='./bus\x00', 0x147842, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x3c, r4, 0x1, 0x0, 0x0, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3c}]}, 0x3c}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$pppoe(0x18, 0x1, 0x0) syz_io_uring_setup(0x1485, &(0x7f0000000340), 0x0, 0x0) syz_io_uring_setup(0x1106, &(0x7f0000000740), 0x0, 0x0) syz_io_uring_setup(0x7d09, &(0x7f0000000480), 0x0, 0x0) socket$pppoe(0x18, 0x1, 0x0) preadv2(r2, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): C0] eth0: bad gso: type: 1, size: 1408 [ 87.287638][ T8148] loop3: p4 size 8388608 extends beyond EOD, truncated [ 87.341920][ T8148] team0: Device ipvlan2 failed to register rx_handler [ 87.428981][ T2786] loop3: p1 < > p4 [ 87.438365][ T2786] loop3: p4 size 8388608 extends beyond EOD, truncated [ 87.488762][ T8182] __nla_validate_parse: 4 callbacks suppressed [ 87.488776][ T8182] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1194'. [ 87.495033][ T3073] udevd[3073]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 87.517754][ T8186] netlink: 324 bytes leftover after parsing attributes in process `syz.3.1193'. [ 87.533590][ T3161] udevd[3161]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 87.565715][ T8186] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1193'. [ 87.579642][ T8196] veth1_virt_wifi: entered promiscuous mode [ 87.586810][ T8195] netlink: 'syz.0.1197': attribute type 21 has an invalid length. [ 87.594685][ T8195] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1197'. [ 87.614208][ T8195] netlink: 'syz.0.1197': attribute type 5 has an invalid length. [ 87.621991][ T8195] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1197'. [ 87.635780][ T8200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1198'. [ 87.684798][ T8181] veth1_virt_wifi: left promiscuous mode [ 87.706688][ T8209] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 87.736832][ T8213] loop2: detected capacity change from 0 to 2048 [ 87.758950][ T8221] loop4: detected capacity change from 0 to 512 [ 87.775028][ T8213] loop2: p1 < > p4 [ 87.781274][ T8209] loop0: detected capacity change from 0 to 128 [ 87.789098][ T8213] loop2: p4 size 8388608 extends beyond EOD, truncated [ 87.803967][ T8209] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1200'. [ 87.832136][ T8221] ext4 filesystem being mounted at /93/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 87.978994][ T8213] team0: Device ipvlan2 failed to register rx_handler [ 88.149351][ T2786] loop2: p1 < > p4 [ 88.166177][ T2786] loop2: p4 size 8388608 extends beyond EOD, truncated [ 88.220591][ T3161] udevd[3161]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 88.222560][ T3073] udevd[3073]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 88.257136][ T8246] loop0: detected capacity change from 0 to 1024 [ 88.293081][ T8250] loop2: detected capacity change from 0 to 1024 [ 88.300887][ T8250] EXT4-fs: Invalid want_extra_isize 133 [ 88.349912][ T8246] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1208'. [ 88.360648][ T8246] netlink: 'syz.0.1208': attribute type 2 has an invalid length. [ 88.640867][ T8164] syz.1.1190 (8164) used greatest stack depth: 6416 bytes left [ 88.774436][ T8284] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1218'. [ 88.783619][ T8284] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1218'. [ 89.775615][ T8316] sit0: entered allmulticast mode [ 89.805025][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 89.805042][ T29] audit: type=1400 audit(1721635814.051:1087): avc: denied { getopt } for pid=8315 comm="syz.0.1233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 89.858914][ T8323] netlink: 'syz.0.1236': attribute type 11 has an invalid length. [ 89.917386][ T8331] loop3: detected capacity change from 0 to 1024 [ 89.947582][ T8335] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 89.962644][ T8335] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 90.115122][ T8348] loop1: detected capacity change from 0 to 1024 [ 90.129959][ T8348] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 90.143419][ T8348] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 90.166537][ T29] audit: type=1400 audit(1721635814.411:1088): avc: denied { setopt } for pid=8352 comm="syz.2.1247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 90.169291][ T8353] loop2: detected capacity change from 0 to 512 [ 90.195313][ T8348] EXT4-fs (loop1): invalid journal inode [ 90.212941][ T8353] ext4 filesystem being mounted at /269/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 90.236684][ T8358] FAULT_INJECTION: forcing a failure. [ 90.236684][ T8358] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 90.249860][ T8358] CPU: 0 PID: 8358 Comm: syz.3.1248 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 90.259715][ T8358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 90.269774][ T8358] Call Trace: [ 90.273062][ T8358] [ 90.275997][ T8358] dump_stack_lvl+0xf2/0x150 [ 90.280655][ T8358] dump_stack+0x15/0x20 [ 90.284821][ T8358] should_fail_ex+0x229/0x230 [ 90.289643][ T8358] should_fail+0xb/0x10 [ 90.293809][ T8358] should_fail_usercopy+0x1a/0x20 [ 90.298863][ T8358] _copy_to_user+0x1e/0xa0 [ 90.303297][ T8358] simple_read_from_buffer+0xa0/0x110 [ 90.308817][ T8358] proc_fail_nth_read+0xfc/0x140 [ 90.313779][ T8358] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 90.319385][ T8358] vfs_read+0x1a2/0x6e0 [ 90.323645][ T8358] ? __rcu_read_unlock+0x4e/0x70 [ 90.328583][ T8358] ? __fget_files+0x1da/0x210 [ 90.333260][ T8358] ksys_read+0xeb/0x1b0 [ 90.337527][ T8358] __x64_sys_read+0x42/0x50 [ 90.342028][ T8358] x64_sys_call+0x2a36/0x2e00 [ 90.346733][ T8358] do_syscall_64+0xc9/0x1c0 [ 90.351302][ T8358] ? clear_bhb_loop+0x55/0xb0 [ 90.356022][ T8358] ? clear_bhb_loop+0x55/0xb0 [ 90.360716][ T8358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.366653][ T8358] RIP: 0033:0x7fdc1ac9463c [ 90.371050][ T8358] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 90.390879][ T8358] RSP: 002b:00007fdc19f17040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 90.399304][ T8358] RAX: ffffffffffffffda RBX: 00007fdc1ae25f60 RCX: 00007fdc1ac9463c [ 90.407293][ T8358] RDX: 000000000000000f RSI: 00007fdc19f170b0 RDI: 0000000000000005 [ 90.415250][ T8358] RBP: 00007fdc19f170a0 R08: 0000000000000000 R09: 0000000000000000 [ 90.423208][ T8358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 90.431164][ T8358] R13: 000000000000000b R14: 00007fdc1ae25f60 R15: 00007ffc1fd15788 [ 90.439126][ T8358] [ 90.466752][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 90.553247][ T8376] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=123 sclass=netlink_route_socket pid=8376 comm=syz.0.1253 [ 90.590403][ T8378] loop4: detected capacity change from 0 to 512 [ 90.616209][ T8378] EXT4-fs: Ignoring removed mblk_io_submit option [ 90.624236][ T8378] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 90.648764][ T8378] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002] [ 90.648800][ T8378] System zones: 1-12 [ 90.661477][ T8378] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.1252: corrupted in-inode xattr: e_value size too large [ 90.678020][ T8378] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1252: couldn't read orphan inode 15 (err -117) [ 90.726951][ T29] audit: type=1326 audit(1721635814.971:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8384 comm="syz.0.1256" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f767f775b59 code=0xffff0000 [ 90.793764][ T8321] syz.1.1235 (8321) used greatest stack depth: 6280 bytes left [ 90.833581][ T29] audit: type=1400 audit(1721635815.071:1090): avc: denied { getopt } for pid=8388 comm="syz.1.1257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 90.859471][ T8389] loop1: detected capacity change from 0 to 1024 [ 90.859579][ T8391] netlink: 'syz.3.1259': attribute type 1 has an invalid length. [ 90.866676][ T8389] EXT4-fs: Ignoring removed oldalloc option [ 90.879616][ T29] audit: type=1326 audit(1721635815.101:1091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8370 comm="syz.2.1251" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9edc285b59 code=0x0 [ 90.916250][ T8391] 8021q: adding VLAN 0 to HW filter on device bond1 [ 90.935117][ T8391] 8021q: adding VLAN 0 to HW filter on device bond2 [ 90.943181][ T8391] bond1: (slave bond2): Enslaving as a backup interface with a down link [ 91.064863][ T8405] netlink: 'syz.3.1262': attribute type 10 has an invalid length. [ 91.073086][ T8405] vlan1: entered promiscuous mode [ 91.085987][ T8405] bond0: (slave vlan1): Enslaving as an active interface with an up link [ 91.127992][ T8405] syzkaller0: entered promiscuous mode [ 91.133632][ T8405] syzkaller0: entered allmulticast mode [ 91.285791][ T29] audit: type=1400 audit(1721635815.531:1092): avc: denied { setopt } for pid=8406 comm="syz.0.1263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 91.305662][ T29] audit: type=1400 audit(1721635815.531:1093): avc: denied { connect } for pid=8406 comm="syz.0.1263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 91.350442][ T8411] loop0: detected capacity change from 0 to 256 [ 91.360518][ T8411] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 91.379975][ T8411] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 91.450288][ C0] eth0: bad gso: type: 1, size: 1408 [ 91.462452][ T8417] FAULT_INJECTION: forcing a failure. [ 91.462452][ T8417] name failslab, interval 1, probability 0, space 0, times 0 [ 91.475219][ T8417] CPU: 0 PID: 8417 Comm: syz.2.1267 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 91.484934][ T8417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 91.495004][ T8417] Call Trace: [ 91.498262][ T8417] [ 91.501172][ T8417] dump_stack_lvl+0xf2/0x150 [ 91.505770][ T8417] dump_stack+0x15/0x20 [ 91.510003][ T8417] should_fail_ex+0x229/0x230 [ 91.514676][ T8417] ? qdisc_alloc+0x5f/0x440 [ 91.519265][ T8417] __should_failslab+0x92/0xa0 [ 91.524014][ T8417] should_failslab+0x9/0x20 [ 91.528543][ T8417] __kmalloc_node_noprof+0xa8/0x380 [ 91.533773][ T8417] qdisc_alloc+0x5f/0x440 [ 91.538097][ T8417] qdisc_create+0xe5/0xae0 [ 91.542499][ T8417] ? __nla_parse+0x40/0x60 [ 91.546898][ T8417] tc_modify_qdisc+0x65f/0x1050 [ 91.551740][ T8417] ? ns_capable+0x7d/0xb0 [ 91.556121][ T8417] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 91.561393][ T8417] rtnetlink_rcv_msg+0x6aa/0x710 [ 91.566380][ T8417] ? ref_tracker_free+0x3a5/0x410 [ 91.571477][ T8417] ? __dev_queue_xmit+0x161/0x1fe0 [ 91.576641][ T8417] netlink_rcv_skb+0x12c/0x230 [ 91.581391][ T8417] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 91.586857][ T8417] rtnetlink_rcv+0x1c/0x30 [ 91.591253][ T8417] netlink_unicast+0x593/0x670 [ 91.596000][ T8417] netlink_sendmsg+0x5cc/0x6e0 [ 91.600777][ T8417] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.606080][ T8417] __sock_sendmsg+0x140/0x180 [ 91.610852][ T8417] ____sys_sendmsg+0x312/0x410 [ 91.615594][ T8417] __sys_sendmsg+0x1e9/0x280 [ 91.620184][ T8417] __x64_sys_sendmsg+0x46/0x50 [ 91.624933][ T8417] x64_sys_call+0x26f8/0x2e00 [ 91.629687][ T8417] do_syscall_64+0xc9/0x1c0 [ 91.634177][ T8417] ? clear_bhb_loop+0x55/0xb0 [ 91.638850][ T8417] ? clear_bhb_loop+0x55/0xb0 [ 91.643558][ T8417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.649486][ T8417] RIP: 0033:0x7f9edc285b59 [ 91.653899][ T8417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.673652][ T8417] RSP: 002b:00007f9edb507048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.682061][ T8417] RAX: ffffffffffffffda RBX: 00007f9edc415f60 RCX: 00007f9edc285b59 [ 91.690029][ T8417] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 91.697989][ T8417] RBP: 00007f9edb5070a0 R08: 0000000000000000 R09: 0000000000000000 [ 91.706016][ T8417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.713973][ T8417] R13: 000000000000000b R14: 00007f9edc415f60 R15: 00007ffd024268c8 [ 91.721949][ T8417] [ 91.756229][ T8423] loop4: detected capacity change from 0 to 512 [ 91.784052][ T8429] loop0: detected capacity change from 0 to 2048 [ 91.793406][ T8423] ext4 filesystem being mounted at /104/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.827472][ T8429] loop0: p1 < > p4 [ 91.833943][ T8429] loop0: p4 size 8388608 extends beyond EOD, truncated [ 91.892563][ T8440] loop4: detected capacity change from 0 to 128 [ 91.962946][ T8454] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 64993 [ 91.962980][ T8452] syzkaller1: entered promiscuous mode [ 91.977218][ T8452] syzkaller1: entered allmulticast mode [ 92.005073][ T2786] loop0: p1 < > p4 [ 92.019918][ T2786] loop0: p4 size 8388608 extends beyond EOD, truncated [ 92.072339][ T3073] udevd[3073]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 92.074688][ T3161] udevd[3161]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 92.105324][ T29] audit: type=1400 audit(1721635816.351:1094): avc: denied { getopt } for pid=8467 comm="syz.1.1285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 92.204121][ T8499] loop1: detected capacity change from 0 to 2048 [ 92.209273][ T8475] FAULT_INJECTION: forcing a failure. [ 92.209273][ T8475] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 92.223580][ T8475] CPU: 0 PID: 8475 Comm: syz.0.1287 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 92.233310][ T8475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 92.243442][ T8475] Call Trace: [ 92.246716][ T8475] [ 92.249704][ T8475] dump_stack_lvl+0xf2/0x150 [ 92.253449][ T8502] loop3: detected capacity change from 0 to 512 [ 92.254285][ T8475] dump_stack+0x15/0x20 [ 92.254310][ T8475] should_fail_ex+0x229/0x230 [ 92.269355][ T8475] should_fail+0xb/0x10 [ 92.273517][ T8475] should_fail_usercopy+0x1a/0x20 [ 92.278651][ T8475] fpu__restore_sig+0x11a/0xaf0 [ 92.283493][ T8475] ? copy_fpstate_to_sigframe+0x61d/0x720 [ 92.289251][ T8475] restore_sigcontext+0x1b5/0x220 [ 92.294274][ T8475] __do_sys_rt_sigreturn+0xc5/0x150 [ 92.299476][ T8475] x64_sys_call+0x2b44/0x2e00 [ 92.304155][ T8475] do_syscall_64+0xc9/0x1c0 [ 92.308650][ T8475] ? clear_bhb_loop+0x55/0xb0 [ 92.313395][ T8475] ? clear_bhb_loop+0x55/0xb0 [ 92.318079][ T8475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.323965][ T8475] RIP: 0033:0x7f767f775b57 [ 92.328366][ T8475] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 92.348017][ T8475] RSP: 002b:00007f767e9f7048 EFLAGS: 00000246 [ 92.354069][ T8475] RAX: 0000000000000000 RBX: 00007f767f905f60 RCX: 00007f767f775b59 [ 92.362034][ T8475] RDX: 0000000000002600 RSI: 0000000000000000 RDI: 0000000000000000 [ 92.369996][ T8475] RBP: 00007f767e9f70a0 R08: 0000000000000000 R09: 0000000000000000 [ 92.377957][ T8475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 92.386002][ T8475] R13: 000000000000000b R14: 00007f767f905f60 R15: 00007ffd8fb91dd8 [ 92.393964][ T8475] [ 92.399543][ T8502] EXT4-fs: test_dummy_encryption option not supported [ 92.402903][ T8506] loop4: detected capacity change from 0 to 128 [ 92.413253][ T8499] loop1: p1 < > p4 [ 92.419455][ T8499] loop1: p4 size 8388608 extends beyond EOD, truncated [ 92.425443][ T8506] vfat: Unknown parameter 'vcan0' [ 92.459520][ T8502] loop3: detected capacity change from 0 to 2048 [ 92.499748][ T29] audit: type=1400 audit(1721635816.741:1095): avc: denied { rename } for pid=8501 comm="syz.3.1296" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 92.499760][ T8502] EXT4-fs error (device loop3): __ext4_new_inode:1070: comm syz.3.1296: reserved inode found cleared - inode=1 [ 92.558335][ T2786] loop1: p1 < > p4 [ 92.566778][ T2786] loop1: p4 size 8388608 extends beyond EOD, truncated [ 92.587941][ T8521] __nla_validate_parse: 2 callbacks suppressed [ 92.587956][ T8521] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1302'. [ 92.613410][ T8521] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1302'. [ 92.627151][ T3166] kernel write not supported for file /ppp (pid: 3166 comm: kworker/1:6) [ 92.642080][ T8527] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1304'. [ 92.642953][ T3073] udevd[3073]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 92.653313][ T8527] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1304'. [ 92.678428][ T3161] udevd[3161]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 92.755117][ T8552] loop1: detected capacity change from 0 to 2048 [ 92.784455][ T8552] loop1: p1 < > p4 [ 92.791484][ T8556] loop4: detected capacity change from 0 to 512 [ 92.791850][ T8558] lo speed is unknown, defaulting to 1000 [ 92.803939][ T8552] loop1: p4 size 8388608 extends beyond EOD, truncated [ 92.804470][ T8558] lo speed is unknown, defaulting to 1000 [ 92.816876][ T8558] lo speed is unknown, defaulting to 1000 [ 92.831786][ T8556] ext4 filesystem being mounted at /119/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 92.865884][ T8558] infiniband syz1: set active [ 92.870661][ T8558] infiniband syz1: added lo [ 92.875222][ T3166] lo speed is unknown, defaulting to 1000 [ 92.893818][ T8567] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1319'. [ 92.919039][ T8558] RDS/IB: syz1: added [ 92.925787][ T8558] smc: adding ib device syz1 with port count 1 [ 92.932004][ T8558] smc: ib device syz1 port 1 has pnetid [ 92.932249][ T8571] lo speed is unknown, defaulting to 1000 [ 92.943778][ T3169] lo speed is unknown, defaulting to 1000 [ 92.954568][ T2786] loop1: p1 < > p4 [ 92.960911][ T2786] loop1: p4 size 8388608 extends beyond EOD, truncated [ 92.979328][ T8558] lo speed is unknown, defaulting to 1000 [ 93.014112][ T3161] udevd[3161]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 93.014235][ T8575] loop1: detected capacity change from 0 to 1024 [ 93.033580][ T3073] udevd[3073]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 93.063398][ T8575] EXT4-fs: Ignoring removed oldalloc option [ 93.072849][ T8575] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 93.110175][ T8558] lo speed is unknown, defaulting to 1000 [ 93.129461][ T29] audit: type=1400 audit(1721635817.375:1096): avc: denied { accept } for pid=8578 comm="syz.3.1324" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 93.205231][ T8575] loop1: detected capacity change from 1024 to 64 [ 93.227173][ T8575] syz.1.1322: attempt to access beyond end of device [ 93.227173][ T8575] loop1: rw=2049, sector=224, nr_sectors = 2 limit=64 [ 93.240576][ T8575] EXT4-fs warning (device loop1): ext4_end_bio:346: I/O error 10 writing to inode 15 starting block 112) [ 93.281444][ T8558] lo speed is unknown, defaulting to 1000 [ 93.293474][ T8593] loop4: detected capacity change from 0 to 512 [ 93.310296][ T8593] EXT4-fs: Ignoring removed i_version option [ 93.316424][ T8593] EXT4-fs: Ignoring removed nobh option [ 93.333859][ T8575] syz.1.1322: attempt to access beyond end of device [ 93.333859][ T8575] loop1: rw=2049, sector=230, nr_sectors = 2 limit=64 [ 93.347320][ T8575] EXT4-fs warning (device loop1): ext4_end_bio:346: I/O error 10 writing to inode 15 starting block 115) [ 93.359003][ T8593] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 93.383664][ T8558] lo speed is unknown, defaulting to 1000 [ 93.389504][ T8575] Buffer I/O error on device loop1, logical block 115 [ 93.396399][ T8575] Buffer I/O error on device loop1, logical block 112 [ 93.417888][ T8575] syz.1.1322: attempt to access beyond end of device [ 93.417888][ T8575] loop1: rw=2049, sector=232, nr_sectors = 48 limit=64 [ 93.431449][ T8575] EXT4-fs warning (device loop1): ext4_end_bio:346: I/O error 10 writing to inode 15 starting block 116) [ 93.452748][ T8593] EXT4-fs (loop4): 1 truncate cleaned up [ 93.472873][ T8575] Buffer I/O error on device loop1, logical block 116 [ 93.479714][ T8575] Buffer I/O error on device loop1, logical block 117 [ 93.486535][ T8575] Buffer I/O error on device loop1, logical block 118 [ 93.493284][ T8575] Buffer I/O error on device loop1, logical block 119 [ 93.500104][ T8575] Buffer I/O error on device loop1, logical block 120 [ 93.506891][ T8575] Buffer I/O error on device loop1, logical block 121 [ 93.513694][ T8575] Buffer I/O error on device loop1, logical block 122 [ 93.520450][ T8575] Buffer I/O error on device loop1, logical block 123 [ 93.531578][ T8558] lo speed is unknown, defaulting to 1000 [ 93.563915][ T7817] EXT4-fs warning (device loop1): ext4_empty_dir:3088: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 93.578407][ T8602] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 93.596647][ T8606] syzkaller1: entered promiscuous mode [ 93.602183][ T8606] syzkaller1: entered allmulticast mode [ 93.614602][ T8608] loop2: detected capacity change from 0 to 512 [ 93.623978][ T7817] EXT4-fs warning (device loop1): ext4_empty_dir:3088: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 93.639729][ T7817] EXT4-fs warning (device loop1): ext4_empty_dir:3088: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 93.655461][ T7817] EXT4-fs warning (device loop1): ext4_empty_dir:3088: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 93.676137][ T8608] ext4 filesystem being mounted at /283/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 93.684299][ T7817] EXT4-fs warning (device loop1): ext4_empty_dir:3088: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 93.700762][ T7817] EXT4-fs warning (device loop1): ext4_empty_dir:3088: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 93.715595][ T7817] EXT4-fs warning (device loop1): ext4_empty_dir:3088: inode #11: lblock 0: comm syz-executor: error -12 reading directory block [ 93.741576][ T8626] loop2: detected capacity change from 0 to 128 [ 93.743821][ T8623] loop0: detected capacity change from 0 to 512 [ 93.773148][ T8623] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.808827][ T8631] loop2: detected capacity change from 0 to 2048 [ 93.835858][ T8623] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1338: bg 0: block 344: padding at end of block bitmap is not set [ 93.851763][ T8623] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.1338: Failed to acquire dquot type 1 [ 93.868130][ T8631] loop7: detected capacity change from 0 to 16384 [ 93.891120][ T8638] Illegal XDP return value 4294967274 on prog (id 313) dev N/A, expect packet loss! [ 93.928810][ T8583] kmmpd-loop1: attempt to access beyond end of device [ 93.928810][ T8583] loop1: rw=14337, sector=128, nr_sectors = 2 limit=64 [ 93.942352][ T8583] Buffer I/O error on dev loop1, logical block 64, lost sync page write [ 93.954977][ T7343] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.026711][ T7343] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.040982][ T8631] I/O error, dev loop7, sector 14080 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 0 [ 94.051906][ T8631] I/O error, dev loop7, sector 14336 op 0x0:(READ) flags 0x80700 phys_seg 3 prio class 0 [ 94.062056][ T8631] I/O error, dev loop7, sector 14080 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.071653][ T8631] Buffer I/O error on dev loop7, logical block 1760, async page read [ 94.090348][ T7343] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.104514][ T8631] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 94.131719][ T8630] I/O error, dev loop7, sector 9728 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 94.141693][ T8630] Buffer I/O error on dev loop7, logical block 1216, lost async page write [ 94.141831][ T8630] Buffer I/O error on dev loop7, logical block 1217, lost async page write [ 94.141845][ T8630] Buffer I/O error on dev loop7, logical block 1218, lost async page write [ 94.141860][ T8630] Buffer I/O error on dev loop7, logical block 1219, lost async page write [ 94.141873][ T8630] Buffer I/O error on dev loop7, logical block 1220, lost async page write [ 94.141886][ T8630] Buffer I/O error on dev loop7, logical block 1221, lost async page write [ 94.141903][ T8630] Buffer I/O error on dev loop7, logical block 1222, lost async page write [ 94.141920][ T8630] Buffer I/O error on dev loop7, logical block 1223, lost async page write [ 94.163161][ T8630] I/O error, dev loop7, sector 10752 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 94.166201][ T8630] I/O error, dev loop7, sector 11776 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 94.169213][ T8630] I/O error, dev loop7, sector 12800 op 0x1:(WRITE) flags 0x4800 phys_seg 128 prio class 0 [ 94.170501][ T8630] I/O error, dev loop7, sector 13824 op 0x1:(WRITE) flags 0x800 phys_seg 32 prio class 0 [ 94.180363][ T7343] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.276451][ T8644] lo speed is unknown, defaulting to 1000 [ 94.351745][ T8667] loop0: detected capacity change from 0 to 2048 [ 94.385816][ T7343] bridge_slave_1: left allmulticast mode [ 94.391546][ T7343] bridge_slave_1: left promiscuous mode [ 94.397310][ T7343] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.412345][ T7343] bridge_slave_0: left allmulticast mode [ 94.418102][ T7343] bridge_slave_0: left promiscuous mode [ 94.423914][ T7343] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.428487][ T4061] loop0: p1 < > p4 [ 94.438291][ T4061] loop0: p4 size 8388608 extends beyond EOD, truncated [ 94.443825][ T8677] loop2: detected capacity change from 0 to 128 [ 94.461026][ T8667] loop0: p1 < > p4 [ 94.465523][ T8667] loop0: p4 size 8388608 extends beyond EOD, truncated [ 94.475658][ T8678] netlink: 'syz.4.1351': attribute type 1 has an invalid length. [ 94.486091][ T2786] loop0: p1 < > p4 [ 94.490332][ T2786] loop0: p4 size 8388608 extends beyond EOD, truncated [ 94.497576][ T8677] loop2: detected capacity change from 128 to 64 [ 94.553122][ T8682] FAULT_INJECTION: forcing a failure. [ 94.553122][ T8682] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 94.566265][ T8682] CPU: 0 PID: 8682 Comm: syz.2.1354 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 94.575992][ T8682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 94.586134][ T8682] Call Trace: [ 94.589396][ T8682] [ 94.592308][ T8682] dump_stack_lvl+0xf2/0x150 [ 94.596884][ T8682] dump_stack+0x15/0x20 [ 94.601022][ T8682] should_fail_ex+0x229/0x230 [ 94.605775][ T8682] should_fail+0xb/0x10 [ 94.609990][ T8682] should_fail_usercopy+0x1a/0x20 [ 94.614995][ T8682] _copy_from_user+0x1e/0xd0 [ 94.619659][ T8682] ucma_write+0xda/0x240 [ 94.623892][ T8682] ? __pfx_ucma_write+0x10/0x10 [ 94.628809][ T8682] vfs_write+0x28b/0x900 [ 94.633034][ T8682] ? __fget_files+0x1da/0x210 [ 94.637727][ T8682] ksys_write+0xeb/0x1b0 [ 94.641956][ T8682] __x64_sys_write+0x42/0x50 [ 94.646529][ T8682] x64_sys_call+0x2a40/0x2e00 [ 94.651187][ T8682] do_syscall_64+0xc9/0x1c0 [ 94.655723][ T8682] ? clear_bhb_loop+0x55/0xb0 [ 94.660423][ T8682] ? clear_bhb_loop+0x55/0xb0 [ 94.665081][ T8682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.670982][ T8682] RIP: 0033:0x7f9edc285b59 [ 94.675379][ T8682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.695044][ T8682] RSP: 002b:00007f9edb507048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 94.703460][ T8682] RAX: ffffffffffffffda RBX: 00007f9edc415f60 RCX: 00007f9edc285b59 [ 94.711409][ T8682] RDX: 0000000000000010 RSI: 0000000020000880 RDI: 0000000000000003 [ 94.719364][ T8682] RBP: 00007f9edb5070a0 R08: 0000000000000000 R09: 0000000000000000 [ 94.727359][ T8682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.735308][ T8682] R13: 000000000000000b R14: 00007f9edc415f60 R15: 00007ffd024268c8 [ 94.743313][ T8682] [ 94.751057][ T7343] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 94.762045][ T7343] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 94.772494][ T7343] bond0 (unregistering): Released all slaves [ 94.821380][ T2786] loop0: p1 < > p4 [ 94.835508][ T2786] loop0: p4 size 8388608 extends beyond EOD, truncated [ 94.860896][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 94.860911][ T29] audit: type=1400 audit(1721635819.105:1098): avc: denied { create } for pid=8695 comm="syz.4.1359" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=socket permissive=1 [ 94.889932][ T8644] chnl_net:caif_netlink_parms(): no params data found [ 94.903446][ T3073] udevd[3073]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 94.918236][ T4059] udevd[4059]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 94.929044][ T8706] loop2: detected capacity change from 0 to 512 [ 94.982701][ T8717] Cannot find map_set index 0 as target [ 95.039935][ T8644] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.047279][ T8644] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.054804][ T8644] bridge_slave_0: entered allmulticast mode [ 95.061320][ T8644] bridge_slave_0: entered promiscuous mode [ 95.073256][ T7343] hsr_slave_0: left promiscuous mode [ 95.085146][ T7343] hsr_slave_1: left promiscuous mode [ 95.088505][ T8733] loop0: detected capacity change from 0 to 512 [ 95.101030][ T7343] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 95.108732][ T8733] EXT4-fs: quotafile must be on filesystem root [ 95.108853][ T7343] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 95.129916][ T7343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 95.137406][ T7343] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 95.166236][ T7343] veth1_macvtap: left promiscuous mode [ 95.171813][ T7343] veth0_macvtap: left promiscuous mode [ 95.177484][ T7343] veth1_vlan: left promiscuous mode [ 95.182798][ T7343] veth0_vlan: left promiscuous mode [ 95.263833][ T7343] team0 (unregistering): Port device team_slave_1 removed [ 95.274955][ T7343] team0 (unregistering): Port device team_slave_0 removed [ 95.307949][ T8644] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.315151][ T8644] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.322447][ T8644] bridge_slave_1: entered allmulticast mode [ 95.328927][ T8644] bridge_slave_1: entered promiscuous mode [ 95.352586][ T8644] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.363131][ T8644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.386561][ T8644] team0: Port device team_slave_0 added [ 95.388920][ T8750] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1365'. [ 95.394769][ T8644] team0: Port device team_slave_1 added [ 95.427581][ T8644] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.434781][ T8644] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.460728][ T8644] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.475418][ T8644] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.482378][ T8644] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.508367][ T8644] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.523583][ C0] eth0: bad gso: type: 1, size: 1408 [ 95.550632][ T8644] hsr_slave_0: entered promiscuous mode [ 95.558213][ T8644] hsr_slave_1: entered promiscuous mode [ 95.565908][ T8644] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 95.576969][ T8644] Cannot create hsr debugfs directory [ 95.667929][ C0] eth0: bad gso: type: 1, size: 1408 [ 95.689973][ T29] audit: type=1326 audit(1721635819.935:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.3.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc1ac95b59 code=0x7ffc0000 [ 95.714237][ T29] audit: type=1326 audit(1721635819.955:1100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.3.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc1ac95b59 code=0x7ffc0000 [ 95.737697][ T29] audit: type=1326 audit(1721635819.955:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.3.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fdc1ac95b59 code=0x7ffc0000 [ 95.761236][ T29] audit: type=1326 audit(1721635819.955:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.3.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc1ac95b59 code=0x7ffc0000 [ 95.784689][ T29] audit: type=1326 audit(1721635819.955:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.3.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc1ac95b59 code=0x7ffc0000 [ 95.808324][ T29] audit: type=1326 audit(1721635819.955:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.3.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdc1ac95b59 code=0x7ffc0000 [ 95.831715][ T29] audit: type=1326 audit(1721635819.955:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.3.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc1ac95b59 code=0x7ffc0000 [ 95.855092][ T29] audit: type=1326 audit(1721635819.955:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.3.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fdc1ac95b59 code=0x7ffc0000 [ 95.889567][ T8792] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1376'. [ 95.898671][ T8792] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1376'. [ 95.904040][ T8800] loop4: detected capacity change from 0 to 512 [ 95.914604][ T8792] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 95.935329][ T8792] bond3: entered allmulticast mode [ 95.935494][ T8792] 8021q: adding VLAN 0 to HW filter on device bond3 [ 95.937007][ T29] audit: type=1326 audit(1721635820.185:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8790 comm="syz.3.1376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc1ac95b59 code=0x7ffc0000 [ 95.947541][ T8796] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1376'. [ 95.979770][ T8800] EXT4-fs mount: 44 callbacks suppressed [ 95.979861][ T8800] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.979973][ T8800] ext4 filesystem being mounted at /131/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.983608][ T8800] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.1379: corrupted inode contents [ 96.022444][ T8800] EXT4-fs error (device loop4): ext4_dirty_inode:6014: inode #2: comm syz.4.1379: mark_inode_dirty error [ 96.022601][ T8800] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.1379: corrupted inode contents [ 96.025712][ T8800] EXT4-fs error (device loop4): ext4_add_entry:2435: inode #2: comm syz.4.1379: Directory hole found for htree leaf block 0 [ 96.098936][ T6496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.123219][ T8816] loop2: detected capacity change from 0 to 2048 [ 96.140088][ T8816] EXT4-fs: Ignoring removed mblk_io_submit option [ 96.175864][ T8816] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.244646][ T8644] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.259932][ T8845] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=13 sclass=netlink_route_socket pid=8845 comm=syz.4.1391 [ 96.260687][ T3087] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.288585][ T8837] loop0: detected capacity change from 0 to 2048 [ 96.297297][ T8644] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.306203][ T8644] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.327681][ T8644] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.341613][ T8837] loop0: p1 < > p4 [ 96.350539][ T8837] loop0: p4 size 8388608 extends beyond EOD, truncated [ 96.361259][ T8856] xt_CONNSECMARK: invalid mode: 0 [ 96.452171][ T8865] loop2: detected capacity change from 0 to 512 [ 96.474429][ T2786] loop0: p1 < > p4 [ 96.479272][ T8865] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 96.488085][ T2786] loop0: p4 size 8388608 extends beyond EOD, truncated [ 96.489309][ T8644] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.507877][ T8870] loop4: detected capacity change from 0 to 512 [ 96.514473][ T8870] journal_path: Lookup failure for './file0' [ 96.520481][ T8870] EXT4-fs: error: could not find journal device path [ 96.530853][ T8870] loop4: detected capacity change from 0 to 512 [ 96.563219][ T3073] udevd[3073]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 96.576124][ T4059] udevd[4059]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 96.586550][ T8865] EXT4-fs (loop2): 1 truncate cleaned up [ 96.601352][ T8865] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.601614][ T8870] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.1400: casefold flag without casefold feature [ 96.638497][ T8644] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.653654][ T8870] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1400: couldn't read orphan inode 15 (err -117) [ 96.670281][ T911] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.677420][ T911] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.698085][ T8865] EXT4-fs error (device loop2): ext4_add_entry:2435: inode #2: comm syz.2.1398: Directory hole found for htree leaf block 0 [ 96.699064][ T8870] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.715073][ T3160] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.730055][ T3160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.797507][ T3087] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.817846][ T8644] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 96.828254][ T8644] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 96.839771][ T6496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.874373][ T8902] loop2: detected capacity change from 0 to 512 [ 96.926070][ T8902] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.960830][ T8902] ext4 filesystem being mounted at /296/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.982155][ T8917] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1407'. [ 96.982767][ T8924] 9pnet_fd: Insufficient options for proto=fd [ 97.020475][ T8644] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.097981][ T8644] veth0_vlan: entered promiscuous mode [ 97.098394][ T8929] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=8929 comm=syz.0.1409 [ 97.119037][ T8644] veth1_vlan: entered promiscuous mode [ 97.138694][ T8644] veth0_macvtap: entered promiscuous mode [ 97.151901][ T8644] veth1_macvtap: entered promiscuous mode [ 97.171923][ T8644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.182420][ T8644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.192262][ T8644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.202750][ T8644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.211809][ T8953] loop0: detected capacity change from 0 to 2048 [ 97.212567][ T8644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.229369][ T8644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.239309][ T8644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.249922][ T8644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.261202][ T8644] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.272559][ T8644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.283260][ T8644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.293089][ T8644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.303554][ T8644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.313441][ T8644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.323916][ T8644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.333805][ T8644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.344231][ T8644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.355162][ T8644] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.367771][ T8644] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.376986][ T8644] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.385687][ T8644] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.394422][ T8644] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.395376][ T2786] loop0: p1 < > p4 [ 97.412519][ T2786] loop0: p4 size 8388608 extends beyond EOD, truncated [ 97.427411][ T8953] loop0: p1 < > p4 [ 97.434478][ T8953] loop0: p4 size 8388608 extends beyond EOD, truncated [ 97.529534][ T3161] udevd[3161]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 97.532512][ T4059] udevd[4059]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 97.586191][ T8977] loop1: detected capacity change from 0 to 512 [ 97.599968][ T8977] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5121 sclass=netlink_route_socket pid=8977 comm=syz.1.1417 [ 97.617691][ T8977] veth0_vlan: entered allmulticast mode [ 97.683012][ T8981] __nla_validate_parse: 1 callbacks suppressed [ 97.683028][ T8981] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1419'. [ 97.698331][ T8981] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1419'. [ 97.707394][ T8981] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1419'. [ 97.716385][ T8981] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1419'. [ 97.725304][ T8981] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1419'. [ 97.734292][ T8981] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1419'. [ 97.750621][ T3087] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.751632][ T8981] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 97.788075][ T8985] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1421'. [ 97.804565][ T8989] netlink: 'syz.4.1421': attribute type 8 has an invalid length. [ 97.828014][ T8986] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1421'. [ 97.892455][ T9000] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1425'. [ 97.953145][ T9013] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 97.961228][ T9025] bridge0: entered allmulticast mode [ 97.976781][ T9025] pim6reg: entered allmulticast mode [ 97.981410][ T9013] vhci_hcd: invalid port number 23 [ 97.999073][ T9021] loop4: detected capacity change from 0 to 512 [ 98.006708][ T9021] ext4: Unknown parameter 'dont_measure' [ 98.042316][ T9013] loop2: detected capacity change from 0 to 2048 [ 98.048360][ T9036] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:0 [ 98.086287][ T9013] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.104671][ T9043] loop4: detected capacity change from 0 to 2048 [ 98.114472][ T9011] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 98.156152][ T9011] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 98.168535][ T9011] EXT4-fs (loop2): This should not happen!! Data will be lost [ 98.168535][ T9011] [ 98.178238][ T9011] EXT4-fs (loop2): Total free blocks count 0 [ 98.184348][ T9011] EXT4-fs (loop2): Free/Dirty block details [ 98.190395][ T9050] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1444'. [ 98.190396][ T9011] EXT4-fs (loop2): free_blocks=2415919104 [ 98.205689][ T9011] EXT4-fs (loop2): dirty_blocks=16 [ 98.210603][ T9052] loop1: detected capacity change from 0 to 512 [ 98.211102][ T9011] EXT4-fs (loop2): Block reservation details [ 98.217670][ T9052] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 98.223108][ T9011] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 98.235186][ T9043] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.238972][ T9052] EXT4-fs (loop1): bad geometry: first data block is 0 with a 1k block and cluster size [ 98.253072][ T9013] netlink: 'syz.2.1427': attribute type 1 has an invalid length. [ 98.303772][ T9056] loop1: detected capacity change from 0 to 512 [ 98.320172][ T9056] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 98.406951][ T9056] EXT4-fs (loop1): 1 orphan inode deleted [ 98.412720][ T9056] EXT4-fs (loop1): 1 truncate cleaned up [ 98.467609][ T9056] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.554263][ T8644] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.695288][ T7343] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 98.725599][ T9066] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.799169][ T9077] program syz.3.1451 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 98.880373][ T3166] IPVS: starting estimator thread 0... [ 98.973594][ T9093] IPVS: using max 2880 ests per chain, 144000 per kthread [ 99.032716][ T9103] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 99.040597][ T9103] vhci_hcd: invalid port number 23 [ 99.058714][ T9103] loop0: detected capacity change from 0 to 2048 [ 99.075796][ T9103] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.093731][ T9102] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 99.109731][ T9102] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 99.121973][ T9102] EXT4-fs (loop0): This should not happen!! Data will be lost [ 99.121973][ T9102] [ 99.131641][ T9102] EXT4-fs (loop0): Total free blocks count 0 [ 99.137630][ T9102] EXT4-fs (loop0): Free/Dirty block details [ 99.143680][ T9102] EXT4-fs (loop0): free_blocks=2415919104 [ 99.149414][ T9102] EXT4-fs (loop0): dirty_blocks=16 [ 99.154582][ T9102] EXT4-fs (loop0): Block reservation details [ 99.160631][ T9102] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 99.169351][ T9103] netlink: 'syz.0.1459': attribute type 1 has an invalid length. [ 99.200286][ T4153] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 99.298087][ T9128] loop0: detected capacity change from 0 to 256 [ 99.306756][ T9128] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 99.319465][ T9128] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 99.320250][ T6496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.350524][ T9130] loop4: detected capacity change from 0 to 128 [ 99.382387][ T9132] loop4: detected capacity change from 0 to 512 [ 99.390400][ T9132] EXT4-fs (loop4): orphan cleanup on readonly fs [ 99.400839][ T9132] EXT4-fs warning (device loop4): ext4_enable_quotas:7066: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 99.415586][ T9132] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 99.427880][ T9132] EXT4-fs (loop4): 1 truncate cleaned up [ 99.428153][ T9135] FAULT_INJECTION: forcing a failure. [ 99.428153][ T9135] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.434070][ T9132] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 99.446751][ T9135] CPU: 1 PID: 9135 Comm: syz.3.1470 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 99.468847][ T9135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 99.478907][ T9135] Call Trace: [ 99.482180][ T9135] [ 99.485109][ T9135] dump_stack_lvl+0xf2/0x150 [ 99.489789][ T9135] dump_stack+0x15/0x20 [ 99.493939][ T9135] should_fail_ex+0x229/0x230 [ 99.498636][ T9135] should_fail+0xb/0x10 [ 99.502820][ T9135] should_fail_usercopy+0x1a/0x20 [ 99.507835][ T9135] _copy_to_user+0x1e/0xa0 [ 99.512310][ T9135] simple_read_from_buffer+0xa0/0x110 [ 99.517725][ T9135] proc_fail_nth_read+0xfc/0x140 [ 99.522743][ T9135] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 99.528413][ T9135] vfs_read+0x1a2/0x6e0 [ 99.532612][ T9135] ? __rcu_read_unlock+0x4e/0x70 [ 99.537536][ T9135] ? __fget_files+0x1da/0x210 [ 99.542231][ T9135] ksys_read+0xeb/0x1b0 [ 99.546443][ T9135] __x64_sys_read+0x42/0x50 [ 99.550931][ T9135] x64_sys_call+0x2a36/0x2e00 [ 99.555621][ T9135] do_syscall_64+0xc9/0x1c0 [ 99.560160][ T9135] ? clear_bhb_loop+0x55/0xb0 [ 99.564825][ T9135] ? clear_bhb_loop+0x55/0xb0 [ 99.569517][ T9135] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.575455][ T9135] RIP: 0033:0x7fdc1ac9463c [ 99.579959][ T9135] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 99.599623][ T9135] RSP: 002b:00007fdc19f17040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 99.608021][ T9135] RAX: ffffffffffffffda RBX: 00007fdc1ae25f60 RCX: 00007fdc1ac9463c [ 99.615976][ T9135] RDX: 000000000000000f RSI: 00007fdc19f170b0 RDI: 0000000000000003 [ 99.624017][ T9135] RBP: 00007fdc19f170a0 R08: 0000000000000000 R09: 0000000000000000 [ 99.632002][ T9135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.639981][ T9135] R13: 000000000000000b R14: 00007fdc1ae25f60 R15: 00007ffc1fd15788 [ 99.648115][ T9135] [ 99.720124][ T6496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.749017][ T9151] FAULT_INJECTION: forcing a failure. [ 99.749017][ T9151] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.762217][ T9151] CPU: 0 PID: 9151 Comm: syz.4.1475 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 99.771976][ T9151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 99.782035][ T9151] Call Trace: [ 99.785308][ T9151] [ 99.788232][ T9151] dump_stack_lvl+0xf2/0x150 [ 99.792836][ T9151] dump_stack+0x15/0x20 [ 99.797044][ T9151] should_fail_ex+0x229/0x230 [ 99.801766][ T9151] should_fail+0xb/0x10 [ 99.805933][ T9151] should_fail_usercopy+0x1a/0x20 [ 99.810959][ T9151] copy_page_from_iter_atomic+0x22a/0xda0 [ 99.816726][ T9151] ? shmem_write_begin+0xa0/0x1c0 [ 99.821759][ T9151] ? shmem_write_begin+0x10c/0x1c0 [ 99.826878][ T9151] generic_perform_write+0x323/0x580 [ 99.832164][ T9151] shmem_file_write_iter+0xc8/0xf0 [ 99.837334][ T9151] vfs_write+0x78f/0x900 [ 99.841626][ T9151] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 99.847475][ T9151] ksys_write+0xeb/0x1b0 [ 99.851780][ T9151] __x64_sys_write+0x42/0x50 [ 99.856380][ T9151] x64_sys_call+0x2a40/0x2e00 [ 99.861071][ T9151] do_syscall_64+0xc9/0x1c0 [ 99.865691][ T9151] ? clear_bhb_loop+0x55/0xb0 [ 99.870422][ T9151] ? clear_bhb_loop+0x55/0xb0 [ 99.875127][ T9151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.881095][ T9151] RIP: 0033:0x7f3597d846df [ 99.885512][ T9151] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 99.905119][ T9151] RSP: 002b:00007f3597006e00 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 99.913510][ T9151] RAX: ffffffffffffffda RBX: 0000000000010000 RCX: 00007f3597d846df [ 99.921471][ T9151] RDX: 0000000000010000 RSI: 00007f358ebe7000 RDI: 0000000000000004 [ 99.929456][ T9151] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000237 [ 99.937445][ T9151] R10: 0000000020000bc2 R11: 0000000000000293 R12: 0000000000000004 [ 99.945397][ T9151] R13: 00007f3597006f00 R14: 00007f3597006ec0 R15: 00007f358ebe7000 [ 99.953470][ T9151] [ 99.957496][ T9151] loop4: detected capacity change from 0 to 128 [ 99.967196][ T9151] vfat: Unexpected value for 'dos1xfloppy' [ 99.977470][ T9173] 9pnet_fd: Insufficient options for proto=fd [ 99.977599][ T9174] 9pnet_fd: Insufficient options for proto=fd [ 99.991760][ T29] kauditd_printk_skb: 262 callbacks suppressed [ 99.997983][ T29] audit: type=1400 audit(1721635824.235:1369): avc: denied { setattr } for pid=9172 comm="syz.0.1484" name="timer" dev="devtmpfs" ino=229 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 100.024098][ T29] audit: type=1400 audit(1721635824.265:1370): avc: denied { ioctl } for pid=9172 comm="syz.0.1484" path="/dev/nvram" dev="devtmpfs" ino=98 ioctlcmd=0x9439 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 100.071038][ T9187] loop4: detected capacity change from 0 to 512 [ 100.133004][ T9195] loop0: detected capacity change from 0 to 256 [ 100.149817][ T9195] FAT-fs (loop0): Directory bread(block 64) failed [ 100.156485][ T9195] FAT-fs (loop0): Directory bread(block 65) failed [ 100.163127][ T9195] FAT-fs (loop0): Directory bread(block 66) failed [ 100.170346][ T9195] FAT-fs (loop0): Directory bread(block 67) failed [ 100.177019][ T9195] FAT-fs (loop0): Directory bread(block 68) failed [ 100.183568][ T9195] FAT-fs (loop0): Directory bread(block 69) failed [ 100.190254][ T9195] FAT-fs (loop0): Directory bread(block 70) failed [ 100.196810][ T9195] FAT-fs (loop0): Directory bread(block 71) failed [ 100.203333][ T9195] FAT-fs (loop0): Directory bread(block 72) failed [ 100.210159][ T9195] FAT-fs (loop0): Directory bread(block 73) failed [ 100.222116][ T9195] syz.0.1492: attempt to access beyond end of device [ 100.222116][ T9195] loop0: rw=0, sector=1768, nr_sectors = 4 limit=256 [ 100.344775][ T9200] FAULT_INJECTION: forcing a failure. [ 100.344775][ T9200] name failslab, interval 1, probability 0, space 0, times 0 [ 100.357502][ T9200] CPU: 1 PID: 9200 Comm: syz.0.1494 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 100.367199][ T9200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 100.377247][ T9200] Call Trace: [ 100.380504][ T9200] [ 100.383456][ T9200] dump_stack_lvl+0xf2/0x150 [ 100.388115][ T9200] dump_stack+0x15/0x20 [ 100.392248][ T9200] should_fail_ex+0x229/0x230 [ 100.396933][ T9200] ? __alloc_skb+0x10b/0x310 [ 100.401508][ T9200] __should_failslab+0x92/0xa0 [ 100.406323][ T9200] should_failslab+0x9/0x20 [ 100.410803][ T9200] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 100.416671][ T9200] __alloc_skb+0x10b/0x310 [ 100.421136][ T9200] netlink_alloc_large_skb+0xad/0xe0 [ 100.426463][ T9200] netlink_sendmsg+0x3b4/0x6e0 [ 100.431257][ T9200] ? __pfx_netlink_sendmsg+0x10/0x10 [ 100.436615][ T9200] __sock_sendmsg+0x140/0x180 [ 100.441304][ T9200] ____sys_sendmsg+0x312/0x410 [ 100.446106][ T9200] __sys_sendmsg+0x1e9/0x280 [ 100.450709][ T9200] __x64_sys_sendmsg+0x46/0x50 [ 100.455493][ T9200] x64_sys_call+0x26f8/0x2e00 [ 100.460159][ T9200] do_syscall_64+0xc9/0x1c0 [ 100.464704][ T9200] ? clear_bhb_loop+0x55/0xb0 [ 100.469371][ T9200] ? clear_bhb_loop+0x55/0xb0 [ 100.474104][ T9200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.480063][ T9200] RIP: 0033:0x7f767f775b59 [ 100.484461][ T9200] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.504166][ T9200] RSP: 002b:00007f767e9f7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 100.512563][ T9200] RAX: ffffffffffffffda RBX: 00007f767f905f60 RCX: 00007f767f775b59 [ 100.520595][ T9200] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 100.528552][ T9200] RBP: 00007f767e9f70a0 R08: 0000000000000000 R09: 0000000000000000 [ 100.536507][ T9200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.544460][ T9200] R13: 000000000000000b R14: 00007f767f905f60 R15: 00007ffd8fb91dd8 [ 100.552424][ T9200] [ 100.621368][ C0] eth0: bad gso: type: 1, size: 1408 [ 100.756066][ T9242] loop2: detected capacity change from 0 to 1024 [ 100.766135][ T9244] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=59920 sclass=netlink_xfrm_socket pid=9244 comm=syz.0.1510 [ 100.769467][ T9242] EXT4-fs: Ignoring removed oldalloc option [ 100.785929][ T9242] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 100.797802][ T9246] loop0: detected capacity change from 0 to 512 [ 100.805794][ T9242] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.821029][ T29] audit: type=1400 audit(1721635825.065:1371): avc: denied { ioctl } for pid=9239 comm="syz.2.1508" path="/308/file1/file1" dev="loop2" ino=15 ioctlcmd=0x9361 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 100.854928][ T9246] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.867477][ T9246] ext4 filesystem being mounted at /107/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.880530][ T3087] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.071357][ T9262] netlink: 'syz.2.1513': attribute type 10 has an invalid length. [ 101.093993][ T9262] FAULT_INJECTION: forcing a failure. [ 101.093993][ T9262] name failslab, interval 1, probability 0, space 0, times 0 [ 101.106698][ T9262] CPU: 1 PID: 9262 Comm: syz.2.1513 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 101.116501][ T9262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 101.126589][ T9262] Call Trace: [ 101.129946][ T9262] [ 101.132875][ T9262] dump_stack_lvl+0xf2/0x150 [ 101.137664][ T9262] dump_stack+0x15/0x20 [ 101.141907][ T9262] should_fail_ex+0x229/0x230 [ 101.146664][ T9262] ? __alloc_skb+0x10b/0x310 [ 101.151283][ T9262] __should_failslab+0x92/0xa0 [ 101.156057][ T9262] should_failslab+0x9/0x20 [ 101.160559][ T9262] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 101.166449][ T9262] __alloc_skb+0x10b/0x310 [ 101.170907][ T9262] rtmsg_ifinfo_build_skb+0x63/0x1b0 [ 101.176241][ T9262] rtmsg_ifinfo+0x6b/0x100 [ 101.180728][ T9262] __dev_notify_flags+0x75/0x1a0 [ 101.185752][ T9262] dev_change_flags+0xab/0xd0 [ 101.190447][ T9262] do_setlink+0x841/0x2490 [ 101.194866][ T9262] ? __nla_validate_parse+0x365/0x1e30 [ 101.200517][ T9262] ? __nla_validate_parse+0x1796/0x1e30 [ 101.206078][ T9262] ? should_fail_ex+0xd7/0x230 [ 101.210914][ T9262] ? __nla_parse+0x40/0x60 [ 101.215349][ T9262] ? validate_linkmsg+0x526/0x5a0 [ 101.220385][ T9262] rtnl_newlink+0x11a3/0x1690 [ 101.225110][ T9262] ? rtnl_newlink+0x301/0x1690 [ 101.229976][ T9262] ? security_capable+0x64/0x80 [ 101.234885][ T9262] ? ns_capable+0x7d/0xb0 [ 101.239267][ T9262] ? __pfx_rtnl_newlink+0x10/0x10 [ 101.244308][ T9262] rtnetlink_rcv_msg+0x6aa/0x710 [ 101.249292][ T9262] ? ref_tracker_free+0x3a5/0x410 [ 101.254325][ T9262] ? __dev_queue_xmit+0x161/0x1fe0 [ 101.259547][ T9262] netlink_rcv_skb+0x12c/0x230 [ 101.264376][ T9262] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 101.269868][ T9262] rtnetlink_rcv+0x1c/0x30 [ 101.274279][ T9262] netlink_unicast+0x593/0x670 [ 101.279059][ T9262] netlink_sendmsg+0x5cc/0x6e0 [ 101.283837][ T9262] ? __pfx_netlink_sendmsg+0x10/0x10 [ 101.289199][ T9262] __sock_sendmsg+0x140/0x180 [ 101.293945][ T9262] ____sys_sendmsg+0x312/0x410 [ 101.298712][ T9262] __sys_sendmsg+0x1e9/0x280 [ 101.303470][ T9262] __x64_sys_sendmsg+0x46/0x50 [ 101.308379][ T9262] x64_sys_call+0x26f8/0x2e00 [ 101.313068][ T9262] do_syscall_64+0xc9/0x1c0 [ 101.317604][ T9262] ? clear_bhb_loop+0x55/0xb0 [ 101.322430][ T9262] ? clear_bhb_loop+0x55/0xb0 [ 101.327113][ T9262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.333051][ T9262] RIP: 0033:0x7f9edc285b59 [ 101.337482][ T9262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.357091][ T9262] RSP: 002b:00007f9edb507048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 101.365518][ T9262] RAX: ffffffffffffffda RBX: 00007f9edc415f60 RCX: 00007f9edc285b59 [ 101.373500][ T9262] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000007 [ 101.375679][ T29] audit: type=1400 audit(1721635825.615:1372): avc: denied { setattr } for pid=9245 comm="syz.0.1511" path="pipe:[19089]" dev="pipefs" ino=19089 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 101.381456][ T9262] RBP: 00007f9edb5070a0 R08: 0000000000000000 R09: 0000000000000000 [ 101.412505][ T9262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 101.420471][ T9262] R13: 000000000000000b R14: 00007f9edc415f60 R15: 00007ffd024268c8 [ 101.428526][ T9262] [ 101.441044][ T7497] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.452774][ T9262] team0: Device batadv0 is already an upper device of the team interface [ 101.481460][ T9274] loop4: detected capacity change from 0 to 256 [ 101.489235][ T9274] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 101.515647][ T9276] loop2: detected capacity change from 0 to 2048 [ 101.523476][ T9276] EXT4-fs: Ignoring removed orlov option [ 101.555671][ T9276] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.587162][ T9286] loop4: detected capacity change from 0 to 512 [ 101.607416][ T9290] loop0: detected capacity change from 0 to 128 [ 101.614167][ T4153] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 101.622601][ T9290] vfat: Unknown parameter '+ni_xlate' [ 101.634637][ T4153] EXT4-fs (loop2): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 1 with error 28 [ 101.646914][ T4153] EXT4-fs (loop2): This should not happen!! Data will be lost [ 101.646914][ T4153] [ 101.656660][ T4153] EXT4-fs (loop2): Total free blocks count 0 [ 101.662635][ T4153] EXT4-fs (loop2): Free/Dirty block details [ 101.668645][ T4153] EXT4-fs (loop2): free_blocks=2415919104 [ 101.674475][ T4153] EXT4-fs (loop2): dirty_blocks=16 [ 101.677518][ T9296] loop0: detected capacity change from 0 to 1764 [ 101.679571][ T4153] EXT4-fs (loop2): Block reservation details [ 101.691888][ T4153] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 101.697844][ T9296] ISOFS: Logical zone size(0) < hardware blocksize(1024) [ 101.707475][ T9286] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.726763][ T3087] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.731191][ T9286] ext4 filesystem being mounted at /164/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 101.758172][ T9296] openvswitch: netlink: VXLAN extension 0 has unexpected len 5 expected 0 [ 101.767838][ T6496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.781228][ T9301] netlink: 'syz.2.1528': attribute type 1 has an invalid length. [ 101.801791][ T9301] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 101.820685][ T9301] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 101.836895][ T4153] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 101.850335][ T9301] 8021q: adding VLAN 0 to HW filter on device bond1 [ 101.875254][ C0] eth0: bad gso: type: 1, size: 1408 [ 101.876861][ T9301] 8021q: adding VLAN 0 to HW filter on device bond2 [ 101.881039][ C0] eth0: bad gso: type: 1, size: 1408 [ 101.897153][ T9301] bond1: (slave bond2): Enslaving as a backup interface with a down link [ 101.905682][ T9314] loop4: detected capacity change from 0 to 2048 [ 101.912673][ T9314] ext4: Unknown parameter 'permit_directio' [ 101.953684][ T11] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 101.977096][ T29] audit: type=1400 audit(1721635826.225:1373): avc: denied { ioctl } for pid=9312 comm="syz.4.1532" path="socket:[26140]" dev="sockfs" ino=26140 ioctlcmd=0x9436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 101.982734][ T9315] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 53675 - 0 [ 102.010727][ T9315] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 53675 - 0 [ 102.019466][ T9315] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 53675 - 0 [ 102.027836][ T9315] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 53675 - 0 [ 102.036866][ T9315] netdevsim netdevsim4 eth0: set [1, 2] type 2 family 0 port 35854 - 0 [ 102.045382][ T9315] netdevsim netdevsim4 eth1: set [1, 2] type 2 family 0 port 35854 - 0 [ 102.053904][ T9315] netdevsim netdevsim4 eth2: set [1, 2] type 2 family 0 port 35854 - 0 [ 102.062210][ T9315] netdevsim netdevsim4 eth3: set [1, 2] type 2 family 0 port 35854 - 0 [ 102.070557][ T9315] geneve2: entered promiscuous mode [ 102.075895][ T9315] geneve2: entered allmulticast mode [ 102.096857][ T9319] netlink: 'syz.3.1534': attribute type 30 has an invalid length. [ 102.390440][ T9342] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 102.578675][ T9350] loop0: detected capacity change from 0 to 2048 [ 102.633916][ T9350] loop0: p1 < > p4 [ 102.638834][ T9350] loop0: p4 size 8388608 extends beyond EOD, truncated [ 102.676216][ T2786] loop0: p1 < > p4 [ 102.680673][ T2786] loop0: p4 size 8388608 extends beyond EOD, truncated [ 102.700314][ T3073] udevd[3073]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 102.701921][ T3161] udevd[3161]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 102.717688][ T9352] loop0: detected capacity change from 0 to 2048 [ 102.727137][ T9352] EXT4-fs: Ignoring removed orlov option [ 102.741342][ T9066] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.757194][ T9352] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.777950][ T9356] loop4: detected capacity change from 0 to 512 [ 102.784941][ T9356] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 102.798474][ T7343] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 102.805548][ T9356] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.813898][ T7343] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 1 with error 28 [ 102.825811][ T9356] ext4 filesystem being mounted at /169/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.838006][ T7343] EXT4-fs (loop0): This should not happen!! Data will be lost [ 102.838006][ T7343] [ 102.838020][ T7343] EXT4-fs (loop0): Total free blocks count 0 [ 102.838030][ T7343] EXT4-fs (loop0): Free/Dirty block details [ 102.838040][ T7343] EXT4-fs (loop0): free_blocks=2415919104 [ 102.838051][ T7343] EXT4-fs (loop0): dirty_blocks=16 [ 102.838062][ T7343] EXT4-fs (loop0): Block reservation details [ 102.838071][ T7343] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 102.840839][ T7497] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.977513][ T9377] lo speed is unknown, defaulting to 1000 [ 103.017278][ C0] eth0: bad gso: type: 1, size: 1408 [ 103.028213][ T9382] loop2: detected capacity change from 0 to 1024 [ 103.035965][ C0] eth0: bad gso: type: 1, size: 1408 [ 103.036520][ T9384] loop0: detected capacity change from 0 to 512 [ 103.049046][ T9384] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 103.067994][ T9384] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.080604][ T9384] ext4 filesystem being mounted at /120/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.101729][ T9388] SELinux: Context system_u:object_r is not valid (left unmapped). [ 103.138035][ T9392] netlink: 'syz.3.1558': attribute type 6 has an invalid length. [ 103.208050][ T7497] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.242280][ T9397] TCP: TCP_TX_DELAY enabled [ 103.326320][ T9412] xt_connbytes: Forcing CT accounting to be enabled [ 103.343281][ T9412] Cannot find add_set index 0 as target [ 103.386253][ T9425] __nla_validate_parse: 7 callbacks suppressed [ 103.386269][ T9425] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1567'. [ 103.468012][ T9443] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1571'. [ 103.538095][ T9456] loop0: detected capacity change from 0 to 2048 [ 103.551953][ T9456] EXT4-fs: Ignoring removed bh option [ 103.557506][ T9456] EXT4-fs: Ignoring removed nomblk_io_submit option [ 103.571363][ T9456] EXT4-fs: Ignoring removed nobh option [ 103.585311][ T9456] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.599051][ T9456] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 103.611231][ T9456] EXT4-fs error (device loop0): __ext4_remount:6491: comm syz.0.1573: Abort forced by user [ 103.621498][ T9456] EXT4-fs (loop0): Remounting filesystem read-only [ 103.628494][ T9456] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=16 [ 103.637575][ T9456] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=16 [ 103.647455][ T6496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.647860][ T9456] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1573'. [ 103.674287][ T9463] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1574'. [ 103.676967][ T9456] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1573'. [ 103.701458][ T7497] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.727426][ T9467] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26649 sclass=netlink_route_socket pid=9467 comm=syz.4.1576 [ 103.796188][ T9483] loop0: detected capacity change from 0 to 256 [ 103.927045][ T9066] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.025809][ T9495] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9495 comm=syz.2.1585 [ 104.073314][ T9066] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.142946][ T29] audit: type=1400 audit(1721635828.375:1374): avc: denied { ioctl } for pid=9498 comm="syz.3.1586" path="/dev/virtual_nci" dev="devtmpfs" ino=108 ioctlcmd=0x0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 104.194306][ T9066] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.263205][ T29] audit: type=1400 audit(1721635828.495:1375): avc: denied { setopt } for pid=9509 comm="syz.2.1587" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 104.270757][ T9066] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.295607][ T9512] netlink: 'syz.3.1586': attribute type 4 has an invalid length. [ 104.301288][ T9519] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:0 [ 104.314843][ T9066] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.332472][ T9066] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.360361][ T9526] loop2: detected capacity change from 0 to 256 [ 104.376016][ T9526] msdos: Bad value for 'gid' [ 104.380731][ T9526] msdos: Bad value for 'gid' [ 104.446083][ T9546] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=8 sclass=netlink_xfrm_socket pid=9546 comm=syz.2.1590 [ 104.460530][ T9545] FAULT_INJECTION: forcing a failure. [ 104.460530][ T9545] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 104.473819][ T9545] CPU: 1 PID: 9545 Comm: syz.3.1597 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 104.483613][ T9545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 104.493816][ T9545] Call Trace: [ 104.497090][ T9545] [ 104.500014][ T9545] dump_stack_lvl+0xf2/0x150 [ 104.504612][ T9545] dump_stack+0x15/0x20 [ 104.508776][ T9545] should_fail_ex+0x229/0x230 [ 104.513494][ T9545] should_fail+0xb/0x10 [ 104.517718][ T9545] should_fail_usercopy+0x1a/0x20 [ 104.522757][ T9545] _copy_to_user+0x1e/0xa0 [ 104.527183][ T9545] put_timespec64+0x64/0xb0 [ 104.531719][ T9545] do_nanosleep+0x239/0x300 [ 104.536227][ T9545] hrtimer_nanosleep+0xe8/0x1e0 [ 104.541103][ T9545] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 104.546394][ T9545] common_nsleep+0x68/0x90 [ 104.550822][ T9545] __se_sys_clock_nanosleep+0x20a/0x240 [ 104.556455][ T9545] __x64_sys_clock_nanosleep+0x55/0x70 [ 104.561907][ T9545] x64_sys_call+0x1b2b/0x2e00 [ 104.566630][ T9545] do_syscall_64+0xc9/0x1c0 [ 104.571122][ T9545] ? clear_bhb_loop+0x55/0xb0 [ 104.575835][ T9545] ? clear_bhb_loop+0x55/0xb0 [ 104.580564][ T9545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.586455][ T9545] RIP: 0033:0x7fdc1ac95b59 [ 104.590929][ T9545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.610621][ T9545] RSP: 002b:00007fdc19f17048 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6 [ 104.619057][ T9545] RAX: ffffffffffffffda RBX: 00007fdc1ae25f60 RCX: 00007fdc1ac95b59 [ 104.627012][ T9545] RDX: 00000000200000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 104.635096][ T9545] RBP: 00007fdc19f170a0 R08: 0000000000000000 R09: 0000000000000000 [ 104.643151][ T9545] R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000000001 [ 104.651122][ T9545] R13: 000000000000000b R14: 00007fdc1ae25f60 R15: 00007ffc1fd15788 [ 104.659087][ T9545] [ 104.772427][ T9582] FAULT_INJECTION: forcing a failure. [ 104.772427][ T9582] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 104.785592][ T9582] CPU: 0 PID: 9582 Comm: syz.1.1602 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 104.795311][ T9582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 104.805375][ T9582] Call Trace: [ 104.808649][ T9582] [ 104.811584][ T9582] dump_stack_lvl+0xf2/0x150 [ 104.816176][ T9582] dump_stack+0x15/0x20 [ 104.820334][ T9582] should_fail_ex+0x229/0x230 [ 104.825034][ T9582] should_fail+0xb/0x10 [ 104.829275][ T9582] should_fail_usercopy+0x1a/0x20 [ 104.834368][ T9582] strncpy_from_user+0x25/0x270 [ 104.839262][ T9582] ? should_failslab+0x9/0x20 [ 104.843965][ T9582] ? kmem_cache_alloc_noprof+0x10c/0x290 [ 104.849617][ T9582] getname_flags+0xb0/0x3b0 [ 104.854112][ T9582] user_path_at+0x26/0x110 [ 104.858521][ T9582] do_sys_truncate+0x5b/0x130 [ 104.863187][ T9582] __x64_sys_truncate+0x31/0x40 [ 104.868044][ T9582] x64_sys_call+0x2694/0x2e00 [ 104.872791][ T9582] do_syscall_64+0xc9/0x1c0 [ 104.877322][ T9582] ? clear_bhb_loop+0x55/0xb0 [ 104.882013][ T9582] ? clear_bhb_loop+0x55/0xb0 [ 104.886678][ T9582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.892559][ T9582] RIP: 0033:0x7f60716b5b59 [ 104.897000][ T9582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.916677][ T9582] RSP: 002b:00007f6070937048 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 104.925076][ T9582] RAX: ffffffffffffffda RBX: 00007f6071845f60 RCX: 00007f60716b5b59 [ 104.933029][ T9582] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 104.940996][ T9582] RBP: 00007f60709370a0 R08: 0000000000000000 R09: 0000000000000000 [ 104.948951][ T9582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.956906][ T9582] R13: 000000000000000b R14: 00007f6071845f60 R15: 00007ffcd6fd8ad8 [ 104.964867][ T9582] [ 105.002836][ T29] audit: type=1400 audit(1721635829.245:1376): avc: denied { watch } for pid=9592 comm="syz.1.1605" path="/proc/46/map_files" dev="proc" ino=27209 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 105.015038][ T9600] netlink: 'syz.0.1606': attribute type 1 has an invalid length. [ 105.057628][ T9603] loop4: detected capacity change from 0 to 512 [ 105.068397][ T9600] 8021q: adding VLAN 0 to HW filter on device bond1 [ 105.083855][ T9600] 8021q: adding VLAN 0 to HW filter on device bond2 [ 105.092194][ T9600] bond1: (slave bond2): Enslaving as a backup interface with a down link [ 105.093025][ T9603] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.113455][ T9603] ext4 filesystem being mounted at /177/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.153658][ T6496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.182535][ T9617] program syz.0.1613 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 105.200836][ T9622] tipc: Started in network mode [ 105.205783][ T9622] tipc: Node identity 1, cluster identity 4711 [ 105.212001][ T9622] tipc: Node number set to 1 [ 105.218196][ T9622] tipc: Cannot configure node identity twice [ 105.246787][ T9617] loop0: detected capacity change from 0 to 256 [ 105.308071][ T9617] loop0: detected capacity change from 0 to 512 [ 105.338217][ T9617] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 105.346225][ T9617] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002] [ 105.375090][ T9617] EXT4-fs (loop0): orphan cleanup on readonly fs [ 105.386625][ T9642] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 105.417207][ T9617] EXT4-fs warning (device loop0): ext4_block_to_path:107: block 3279949761 > max in inode 13 [ 105.430083][ T35] IPVS: starting estimator thread 0... [ 105.443057][ T9643] loop4: detected capacity change from 0 to 2048 [ 105.449220][ T9617] EXT4-fs warning (device loop0): ext4_block_to_path:107: block 3279949762 > max in inode 13 [ 105.468495][ T9617] EXT4-fs (loop0): 1 truncate cleaned up [ 105.478867][ T9617] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 105.493311][ T9617] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.505981][ T9643] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.523704][ T9646] IPVS: using max 2784 ests per chain, 139200 per kthread [ 105.563022][ T6496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.594315][ T9667] loop4: detected capacity change from 0 to 256 [ 105.619125][ T9667] FAT-fs (loop4): Directory bread(block 64) failed [ 105.626763][ T9667] FAT-fs (loop4): Directory bread(block 65) failed [ 105.631830][ T9669] loop0: detected capacity change from 0 to 4096 [ 105.633371][ T9667] FAT-fs (loop4): Directory bread(block 66) failed [ 105.648203][ T9667] FAT-fs (loop4): Directory bread(block 67) failed [ 105.655478][ T9667] FAT-fs (loop4): Directory bread(block 68) failed [ 105.662452][ T9667] FAT-fs (loop4): Directory bread(block 69) failed [ 105.669426][ T9667] FAT-fs (loop4): Directory bread(block 70) failed [ 105.677606][ T9669] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.690198][ T9667] FAT-fs (loop4): Directory bread(block 71) failed [ 105.706598][ T9667] FAT-fs (loop4): Directory bread(block 72) failed [ 105.732118][ T7497] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.741678][ T9667] FAT-fs (loop4): Directory bread(block 73) failed [ 105.781691][ T9667] syz.4.1630: attempt to access beyond end of device [ 105.781691][ T9667] loop4: rw=0, sector=1768, nr_sectors = 4 limit=256 [ 105.855677][ T9677] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(16) [ 105.862298][ T9677] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 105.869771][ T9677] vhci_hcd vhci_hcd.0: Device attached [ 105.906185][ T9677] loop0: detected capacity change from 0 to 512 [ 105.922961][ T9683] loop1: detected capacity change from 0 to 2048 [ 105.926832][ T9677] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 105.943081][ T9667] team0 (unregistering): Port device team_slave_0 removed [ 105.958360][ T9678] vhci_hcd: connection closed [ 105.959639][ T7343] vhci_hcd: stop threads [ 105.968615][ T7343] vhci_hcd: release socket [ 105.973012][ T7343] vhci_hcd: disconnect device [ 105.975364][ T9685] 9pnet: p9_errstr2errno: server reported unknown error œæçæŒÎs [ 105.986550][ T9683] EXT4-fs: Ignoring removed nomblk_io_submit option [ 105.989260][ T9667] team0 (unregistering): Port device team_slave_1 removed [ 106.006673][ T9683] EXT4-fs (loop1): stripe (1025) is not aligned with cluster size (16), stripe is disabled [ 106.036924][ T9683] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.051952][ T9683] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.115615][ T9689] loop4: detected capacity change from 0 to 512 [ 106.138027][ T9689] EXT4-fs (loop4): VFS: Can't find ext4 filesystem [ 106.208030][ T29] audit: type=1326 audit(1721635830.455:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9694 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3597d85b59 code=0x7ffc0000 [ 106.232587][ T29] audit: type=1326 audit(1721635830.465:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9694 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3597d85b59 code=0x7ffc0000 [ 106.256089][ T29] audit: type=1326 audit(1721635830.465:1379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9694 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7f3597d85b59 code=0x7ffc0000 [ 106.269874][ T9696] loop1: detected capacity change from 0 to 1024 [ 106.279800][ T29] audit: type=1326 audit(1721635830.465:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9694 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3597d85b59 code=0x7ffc0000 [ 106.291247][ T9696] EXT4-fs (loop1): blocks per group (134217728) and clusters per group (8192) inconsistent [ 106.309287][ T29] audit: type=1326 audit(1721635830.465:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9694 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3597d85b59 code=0x7ffc0000 [ 106.309315][ T29] audit: type=1326 audit(1721635830.465:1382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9694 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f3597d85b59 code=0x7ffc0000 [ 106.366040][ T29] audit: type=1326 audit(1721635830.465:1383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9694 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3597d85b59 code=0x7ffc0000 [ 106.389399][ T29] audit: type=1326 audit(1721635830.465:1384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9694 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f3597d85b59 code=0x7ffc0000 [ 106.412675][ T29] audit: type=1326 audit(1721635830.465:1385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9694 comm="syz.4.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3597d85b59 code=0x7ffc0000 [ 106.494156][ T9704] loop2: detected capacity change from 0 to 4096 [ 106.501265][ T9706] loop0: detected capacity change from 0 to 512 [ 106.517962][ T9708] loop4: detected capacity change from 0 to 1024 [ 106.531805][ T9708] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 106.548687][ T9704] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.549025][ T9708] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.581996][ T9704] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1643'. [ 106.614197][ T3087] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.683965][ T9730] loop2: detected capacity change from 0 to 512 [ 106.699588][ T9732] loop0: detected capacity change from 0 to 512 [ 106.706514][ T9732] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349) [ 106.716650][ T9732] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e01c, mo2=0002] [ 106.718454][ T9730] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 106.737280][ T9730] ext4 filesystem being mounted at /336/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.738472][ T9732] System zones: 1-12 [ 106.751908][ T9732] EXT4-fs (loop0): orphan cleanup on readonly fs [ 106.759621][ T9732] EXT4-fs error (device loop0): ext4_read_inode_bitmap:168: comm syz.0.1653: Inode bitmap for bg 0 marked uninitialized [ 106.774002][ T3087] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 106.785818][ T9732] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 106.827782][ T9732] EXT4-fs error (device loop0): ext4_map_blocks:609: inode #2: block 5: comm syz.0.1653: lblock 0 mapped to illegal pblock 5 (length 1) [ 106.844033][ T9732] EXT4-fs warning (device loop0): dx_probe:823: inode #2: lblock 0: comm syz.0.1653: error -117 reading directory block [ 106.858718][ T9732] EXT4-fs error (device loop0): __ext4_remount:6491: comm syz.0.1653: Abort forced by user [ 106.865908][ T9745] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1658'. [ 106.880425][ T9732] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: none. [ 106.902390][ T9732] EXT4-fs warning (device loop0): dx_probe:893: inode #2: comm syz.0.1653: dx entry: limit 0 != root limit 125 [ 106.914268][ T9732] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.1653: Corrupt directory, running e2fsck is recommended [ 106.928621][ T9732] netlink: 'syz.0.1653': attribute type 4 has an invalid length. [ 106.941086][ T9732] infiniband syz1: set down [ 106.945950][ T3169] lo speed is unknown, defaulting to 1000 [ 106.951682][ T3169] lo speed is unknown, defaulting to 1000 [ 106.966343][ T9752] loop2: detected capacity change from 0 to 2048 [ 106.972928][ T9752] ext4: Unknown parameter 'fsmagic' [ 106.986369][ T7497] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.027851][ T9759] loop0: detected capacity change from 0 to 512 [ 107.036011][ T9759] EXT4-fs: Ignoring removed nomblk_io_submit option [ 107.049789][ T9759] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 107.057981][ T9759] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 107.066452][ T9759] EXT4-fs (loop0): 1 truncate cleaned up [ 107.077560][ T9759] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.097155][ T7497] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.350313][ T6496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.369210][ T3160] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 107.378976][ T3160] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 107.389257][ T9776] FAULT_INJECTION: forcing a failure. [ 107.389257][ T9776] name failslab, interval 1, probability 0, space 0, times 0 [ 107.401978][ T9776] CPU: 0 PID: 9776 Comm: syz.4.1668 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 107.412292][ T9776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 107.422341][ T9776] Call Trace: [ 107.425626][ T9776] [ 107.428553][ T9776] dump_stack_lvl+0xf2/0x150 [ 107.433167][ T9776] dump_stack+0x15/0x20 [ 107.437318][ T9776] should_fail_ex+0x229/0x230 [ 107.442031][ T9776] ? kobject_uevent_env+0x1a4/0x550 [ 107.447227][ T9776] __should_failslab+0x92/0xa0 [ 107.452030][ T9776] should_failslab+0x9/0x20 [ 107.456591][ T9776] __kmalloc_cache_noprof+0x4b/0x2a0 [ 107.461874][ T9776] ? __pfx_dev_uevent_name+0x10/0x10 [ 107.467230][ T9776] kobject_uevent_env+0x1a4/0x550 [ 107.472349][ T9776] ? kobject_put+0x107/0x180 [ 107.477025][ T9776] kobject_uevent+0x1c/0x30 [ 107.481548][ T9776] device_release_driver_internal+0x478/0x4f0 [ 107.487616][ T9776] device_release_driver+0x19/0x20 [ 107.492774][ T9776] bus_remove_device+0x26f/0x290 [ 107.497719][ T9776] device_del+0x370/0x780 [ 107.502101][ T9776] ? enable_work+0x116/0x1b0 [ 107.506670][ T9776] hid_destroy_device+0x52/0xc0 [ 107.511501][ T9776] uhid_dev_destroy+0x6a/0xb0 [ 107.516211][ T9776] uhid_char_write+0x518/0x5c0 [ 107.520956][ T9776] vfs_writev+0x402/0x880 [ 107.525404][ T9776] ? __pfx_uhid_char_write+0x10/0x10 [ 107.530684][ T9776] do_writev+0xf8/0x220 [ 107.534857][ T9776] __x64_sys_writev+0x45/0x50 [ 107.539552][ T9776] x64_sys_call+0x1d63/0x2e00 [ 107.544209][ T9776] do_syscall_64+0xc9/0x1c0 [ 107.548816][ T9776] ? clear_bhb_loop+0x55/0xb0 [ 107.553473][ T9776] ? clear_bhb_loop+0x55/0xb0 [ 107.558134][ T9776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.564063][ T9776] RIP: 0033:0x7f3597d85b59 [ 107.568532][ T9776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.588228][ T9776] RSP: 002b:00007f3597007048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 107.596683][ T9776] RAX: ffffffffffffffda RBX: 00007f3597f15f60 RCX: 00007f3597d85b59 [ 107.604631][ T9776] RDX: 0000000000000002 RSI: 00000000200002c0 RDI: 0000000000000003 [ 107.612632][ T9776] RBP: 00007f35970070a0 R08: 0000000000000000 R09: 0000000000000000 [ 107.620583][ T9776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.628595][ T9776] R13: 000000000000004d R14: 00007f3597f15f60 R15: 00007fff72a6d408 [ 107.636547][ T9776] [ 107.658163][ T3169] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 107.666035][ T3169] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz0 [ 107.682280][ T9782] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1671'. [ 107.691245][ T9782] netlink: 'syz.4.1671': attribute type 5 has an invalid length. [ 107.719736][ C0] net_ratelimit: 2 callbacks suppressed [ 107.719755][ C0] eth0: bad gso: type: 1, size: 1408 [ 107.728889][ C1] vcan0: j1939_tp_rxtimer: 0xffff88811f79ae00: rx timeout, send abort [ 107.741114][ T9791] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1672'. [ 107.878147][ T9820] loop4: detected capacity change from 0 to 512 [ 107.889431][ T9820] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 107.904677][ T9820] EXT4-fs (loop4): 1 truncate cleaned up [ 107.910642][ T9820] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.932313][ T9807] lo speed is unknown, defaulting to 1000 [ 107.948310][ T9830] netlink: 'syz.1.1684': attribute type 13 has an invalid length. [ 107.959367][ T9830] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 108.038944][ T6496] EXT4-fs error (device loop4): ext4_lookup:1811: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256) [ 108.052123][ T6496] EXT4-fs error (device loop4): ext4_lookup:1811: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256) [ 108.068727][ T7343] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.079883][ T9838] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1686'. [ 108.093792][ T9807] chnl_net:caif_netlink_parms(): no params data found [ 108.137219][ T7343] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.238984][ C1] vcan0: j1939_tp_rxtimer: 0xffff88811f79ae00: abort rx timeout. Force session deactivation [ 108.292490][ T7343] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.308956][ C0] eth0: bad gso: type: 1, size: 1408 [ 108.328580][ T9807] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.331525][ T9856] loop1: detected capacity change from 0 to 512 [ 108.335755][ T9807] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.349902][ T9807] bridge_slave_0: entered allmulticast mode [ 108.356549][ T9807] bridge_slave_0: entered promiscuous mode [ 108.362499][ T9856] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 108.377818][ T7343] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.379336][ T6496] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.394920][ T9856] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.409874][ T9807] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.410944][ T9856] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.416987][ T9807] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.435079][ T9807] bridge_slave_1: entered allmulticast mode [ 108.441891][ T9807] bridge_slave_1: entered promiscuous mode [ 108.461395][ T9807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.490226][ T9807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.520690][ T7343] bridge_slave_1: left allmulticast mode [ 108.526459][ T7343] bridge_slave_1: left promiscuous mode [ 108.532114][ T7343] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.539998][ T7343] bridge_slave_0: left allmulticast mode [ 108.545682][ T7343] bridge_slave_0: left promiscuous mode [ 108.551353][ T7343] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.569914][ T8644] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.630585][ T9867] loop1: detected capacity change from 0 to 8192 [ 108.646099][ T7343] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 108.656623][ T7343] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 108.670248][ T7343] bond0 (unregistering): Released all slaves [ 108.688730][ T7343] bond1 (unregistering): (slave bond2): Releasing backup interface [ 108.700065][ T7343] bond1 (unregistering): Released all slaves [ 108.704737][ T9867] loop1: detected capacity change from 0 to 2048 [ 108.710547][ T7343] bond2 (unregistering): Released all slaves [ 108.725175][ T9807] team0: Port device team_slave_0 added [ 108.731965][ T9807] team0: Port device team_slave_1 added [ 108.743992][ T9867] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.761164][ T9868] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 108.780444][ T9868] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 28 [ 108.792819][ T9868] EXT4-fs (loop1): This should not happen!! Data will be lost [ 108.792819][ T9868] [ 108.802518][ T9868] EXT4-fs (loop1): Total free blocks count 0 [ 108.808550][ T9868] EXT4-fs (loop1): Free/Dirty block details [ 108.814473][ T9868] EXT4-fs (loop1): free_blocks=2415919104 [ 108.820186][ T9868] EXT4-fs (loop1): dirty_blocks=32 [ 108.825317][ T9868] EXT4-fs (loop1): Block reservation details [ 108.831409][ T9868] EXT4-fs (loop1): i_reserved_data_blocks=2 [ 108.848446][ T9880] Direct I/O collision with buffered writes! File: /bus Comm: syz.1.1693 [ 108.858846][ T9807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.865916][ T9807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.891892][ T9807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.910484][ T9807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.917528][ T9807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.930533][ T8644] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.943425][ T9807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.977810][ T9892] loop1: detected capacity change from 0 to 128 [ 109.009385][ T7343] hsr_slave_0: left promiscuous mode [ 109.020387][ T7343] hsr_slave_1: left promiscuous mode [ 109.033155][ T7343] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 109.040680][ T7343] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 109.050796][ T7343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 109.058297][ T7343] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 109.068398][ T7343] veth1_macvtap: left promiscuous mode [ 109.074208][ T7343] veth0_macvtap: left promiscuous mode [ 109.079773][ T7343] veth1_vlan: left promiscuous mode [ 109.085080][ T7343] veth0_vlan: left promiscuous mode [ 109.095992][ T9900] loop1: detected capacity change from 0 to 512 [ 109.103154][ T9900] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 109.140517][ T9900] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.157548][ T9900] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 109.201151][ T7343] team0 (unregistering): Port device team_slave_1 removed [ 109.211204][ T7343] team0 (unregistering): Port device team_slave_0 removed [ 109.247704][ T11] smc: removing ib device syz1 [ 109.284265][ T9807] hsr_slave_0: entered promiscuous mode [ 109.290355][ T9807] hsr_slave_1: entered promiscuous mode [ 109.296954][ T9807] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.304641][ T9807] Cannot create hsr debugfs directory [ 109.364017][ T8644] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.454445][ T9860] chnl_net:caif_netlink_parms(): no params data found [ 109.495860][ T9860] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.502963][ T9860] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.510312][ T9860] bridge_slave_0: entered allmulticast mode [ 109.516801][ T9860] bridge_slave_0: entered promiscuous mode [ 109.525447][ T9860] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.532506][ T9860] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.539750][ T9860] bridge_slave_1: entered allmulticast mode [ 109.546140][ T9860] bridge_slave_1: entered promiscuous mode [ 109.590580][ T9860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.601728][ T9860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.622348][ T9860] team0: Port device team_slave_0 added [ 109.632343][ T9860] team0: Port device team_slave_1 added [ 109.652345][ T9860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.659368][ T9860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.685328][ T9860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.697989][ T9942] sctp: [Deprecated]: syz.2.1704 (pid 9942) Use of int in max_burst socket option deprecated. [ 109.697989][ T9942] Use struct sctp_assoc_value instead [ 109.719437][ T9860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.726443][ T9860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.752422][ T9860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.780835][ T9860] hsr_slave_0: entered promiscuous mode [ 109.788241][ T9860] hsr_slave_1: entered promiscuous mode [ 109.794335][ T9860] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 109.801907][ T9860] Cannot create hsr debugfs directory [ 109.853169][ T9807] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 109.867919][ T9807] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 109.876724][ T9807] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 109.892975][ T9807] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 109.933699][ T9860] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.943501][ T9860] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 53675 - 0 [ 109.953490][ T9860] netdevsim netdevsim4 eth3 (unregistering): unset [1, 2] type 2 family 0 port 35854 - 0 [ 109.983891][ T9807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.996334][ T9860] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.006139][ T9860] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 53675 - 0 [ 110.016032][ T9860] netdevsim netdevsim4 eth2 (unregistering): unset [1, 2] type 2 family 0 port 35854 - 0 [ 110.031146][ T9807] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.043294][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.050472][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.070566][ T9860] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.080416][ T9860] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 53675 - 0 [ 110.090284][ T9860] netdevsim netdevsim4 eth1 (unregistering): unset [1, 2] type 2 family 0 port 35854 - 0 [ 110.116986][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.124078][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.144071][ T9807] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 110.158463][ T9860] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.168313][ T9860] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 53675 - 0 [ 110.178351][ T9860] netdevsim netdevsim4 eth0 (unregistering): unset [1, 2] type 2 family 0 port 35854 - 0 [ 110.243059][T10000] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1716'. [ 110.252071][T10000] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1716'. [ 110.255739][ T9807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.271645][ T9860] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 110.281409][ T9860] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 110.305970][T10000] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 110.327321][ T9860] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 110.329981][T10000] loop1: detected capacity change from 0 to 512 [ 110.347509][ T9860] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 110.355822][T10000] EXT4-fs (loop1): external journal device major/minor numbers have changed [ 110.399516][T10000] EXT4-fs (loop1): failed to open journal device unknown-block(0,3) -6 [ 110.413235][ T9860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.427655][ T9860] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.445035][ T3160] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.452199][ T3160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.461833][T10015] loop2: detected capacity change from 0 to 256 [ 110.497828][ T3160] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.504937][ T3160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.517304][T10022] loop1: detected capacity change from 0 to 2048 [ 110.528915][ T9807] veth0_vlan: entered promiscuous mode [ 110.537143][ T9860] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 110.547611][ T9860] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 110.548872][T10015] FAT-fs (loop2): Directory bread(block 64) failed [ 110.564118][ T9807] veth1_vlan: entered promiscuous mode [ 110.574126][T10022] loop1: p1 < > p4 [ 110.579109][T10022] loop1: p4 size 8388608 extends beyond EOD, truncated [ 110.585324][T10015] FAT-fs (loop2): Directory bread(block 65) failed [ 110.592660][T10015] FAT-fs (loop2): Directory bread(block 66) failed [ 110.600456][T10015] FAT-fs (loop2): Directory bread(block 67) failed [ 110.601534][ T2786] loop1: p1 < > p4 [ 110.608874][T10015] FAT-fs (loop2): Directory bread(block 68) failed [ 110.613187][ T9807] veth0_macvtap: entered promiscuous mode [ 110.624207][ T2786] loop1: p4 size 8388608 extends beyond EOD, truncated [ 110.634490][T10015] FAT-fs (loop2): Directory bread(block 69) failed [ 110.639396][ T9807] veth1_macvtap: entered promiscuous mode [ 110.657611][T10015] FAT-fs (loop2): Directory bread(block 70) failed [ 110.673848][T10015] FAT-fs (loop2): Directory bread(block 71) failed [ 110.680874][T10015] FAT-fs (loop2): Directory bread(block 72) failed [ 110.692977][ T9807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 110.703610][ T9807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.713411][ T9807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 110.723896][ T9807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.733723][ T9807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 110.744159][ T9807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.754027][ T9807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 110.764503][ T9807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.774446][T10015] FAT-fs (loop2): Directory bread(block 73) failed [ 110.776064][ T9807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.797884][ T9807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 110.808396][ T9807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.818304][ T9807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 110.828859][ T9807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.838831][ T9807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 110.849237][ T9807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.859305][ T9807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 110.869712][ T9807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.880613][ T1460] kworker/u8:5: attempt to access beyond end of device [ 110.880613][ T1460] loop2: rw=1, sector=1800, nr_sectors = 4 limit=256 [ 110.880967][ T9807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.902827][ T2786] loop1: p1 < > p4 [ 110.903472][ T9807] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.915407][ T9807] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.924149][ T9807] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.932975][ T9807] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.942177][ T2786] loop1: p4 size 8388608 extends beyond EOD, truncated [ 110.961783][ T9860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.971189][T10031] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1725'. [ 110.982354][ T3161] udevd[3161]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 110.982931][ T4059] udevd[4059]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 111.019062][T10031] macsec1: entered promiscuous mode [ 111.024357][T10031] macvlan0: entered promiscuous mode [ 111.177207][T10072] loop0: detected capacity change from 0 to 512 [ 111.204221][T10076] loop1: detected capacity change from 0 to 2048 [ 111.206642][ T9860] veth0_vlan: entered promiscuous mode [ 111.221319][T10072] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 111.224352][ T9860] veth1_vlan: entered promiscuous mode [ 111.246654][T10080] loop2: detected capacity change from 0 to 1024 [ 111.253494][T10080] EXT4-fs: Ignoring removed oldalloc option [ 111.253948][T10076] loop1: p1 < > p4 [ 111.261294][ T9860] veth0_macvtap: entered promiscuous mode [ 111.269683][T10076] loop1: p4 size 8388608 extends beyond EOD, truncated [ 111.273861][ T9860] veth1_macvtap: entered promiscuous mode [ 111.277671][T10072] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 111.287346][ T9860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.302969][ T9860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.312874][ T9860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.323482][ T9860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.333332][ T9860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.343757][ T9860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.353575][ T9860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.364027][ T9860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.373841][ T9860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.384347][ T9860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.397538][ T9860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.405041][ T2786] loop1: p1 < > p4 [ 111.421681][ T2786] loop1: p4 size 8388608 extends beyond EOD, truncated [ 111.431963][T10080] EXT4-fs (loop2): can't mount with journal_checksum, fs mounted w/o journal [ 111.445961][ T9860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.447331][T10088] ebt_among: dst integrity fail: 1ad [ 111.456539][ T9860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.471850][ T9860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.482357][ T9860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.492240][ T9860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.502704][ T9860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.512566][ T9860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.523070][ T9860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.532926][ T9860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.543439][ T9860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.556773][ T9860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.568417][ T9860] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.577300][ T9860] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.586066][ T9860] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.594854][ T9860] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.595330][ T29] kauditd_printk_skb: 131 callbacks suppressed [ 111.595341][ T29] audit: type=1400 audit(1721635835.845:1517): avc: denied { getopt } for pid=10079 comm="syz.2.1735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 111.631607][ T2786] loop1: p1 < > p4 [ 111.637491][ T2786] loop1: p4 size 8388608 extends beyond EOD, truncated [ 111.667537][ T29] audit: type=1400 audit(1721635835.855:1518): avc: denied { setopt } for pid=10079 comm="syz.2.1735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 111.711346][ T3161] udevd[3161]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 111.712499][ T3073] udevd[3073]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 111.758254][T10111] 9pnet_fd: Insufficient options for proto=fd [ 111.759769][T10109] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1741'. [ 111.778427][T10114] loop2: detected capacity change from 0 to 512 [ 111.786801][T10114] ext4: Unknown parameter 'measure' [ 111.811060][ T29] audit: type=1400 audit(1721635836.055:1519): avc: denied { create } for pid=10116 comm="syz.4.1747" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 111.818248][T10114] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1746'. [ 111.974634][T10131] loop2: detected capacity change from 0 to 512 [ 111.981912][T10131] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 112.007154][T10131] ext4 filesystem being mounted at /355/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.063293][T10139] loop4: detected capacity change from 0 to 2048 [ 112.093997][T10139] loop4: p1 < > p4 [ 112.098560][T10139] loop4: p4 size 8388608 extends beyond EOD, truncated [ 112.191796][ T2786] loop4: p1 < > p4 [ 112.206666][ T2786] loop4: p4 size 8388608 extends beyond EOD, truncated [ 112.237334][ T4059] udevd[4059]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 112.239618][ T3073] udevd[3073]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 112.261738][T10147] loop4: detected capacity change from 0 to 128 [ 112.282996][T10147] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 112.290626][T10147] FAT-fs (loop4): Filesystem has been set read-only [ 112.308477][T10147] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 112.349498][T10157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1757'. [ 112.385618][ C0] eth0: bad gso: type: 1, size: 1408 [ 112.391175][ C0] eth0: bad gso: type: 1, size: 1408 [ 112.409129][ C0] eth0: bad gso: type: 1, size: 1408 [ 112.420762][ T29] audit: type=1400 audit(1721635836.665:1520): avc: denied { read } for pid=10167 comm="syz.4.1760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 112.451624][T10172] loop2: detected capacity change from 0 to 512 [ 112.458721][T10172] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 112.476993][T10172] ext4 filesystem being mounted at /362/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.489226][T10177] loop4: detected capacity change from 0 to 256 [ 112.497924][T10177] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 112.528642][T10179] loop4: detected capacity change from 0 to 2048 [ 112.549779][T10181] loop2: detected capacity change from 0 to 512 [ 112.585234][T10179] loop4: p1 < > p4 [ 112.596070][T10179] loop4: p4 size 8388608 extends beyond EOD, truncated [ 112.668165][T10197] syzkaller1: entered promiscuous mode [ 112.668909][T10196] loop0: detected capacity change from 0 to 1024 [ 112.673712][T10197] syzkaller1: entered allmulticast mode [ 112.702934][ T2786] loop4: p1 < > p4 [ 112.707545][ T2786] loop4: p4 size 8388608 extends beyond EOD, truncated [ 112.738112][ T3161] udevd[3161]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 112.738171][ T3073] udevd[3073]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 112.783613][T10202] loop4: detected capacity change from 0 to 8192 [ 112.812949][T10206] xt_NFQUEUE: number of queues (65534) out of range (got 67069) [ 112.822433][T10210] loop0: detected capacity change from 0 to 512 [ 112.846618][T10210] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 112.885933][T10210] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.935221][T10218] loop2: detected capacity change from 0 to 8192 [ 112.947088][ T29] audit: type=1326 audit(1721635837.195:1521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10227 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef42715b59 code=0x7ffc0000 [ 112.970908][ T29] audit: type=1326 audit(1721635837.195:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10227 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef42715b59 code=0x7ffc0000 [ 112.971545][T10230] loop1: detected capacity change from 0 to 2048 [ 112.994481][ T29] audit: type=1326 audit(1721635837.195:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10227 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fef42715b59 code=0x7ffc0000 [ 112.994505][ T29] audit: type=1326 audit(1721635837.195:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10227 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef42715b59 code=0x7ffc0000 [ 113.003952][T10218] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 113.024374][ T29] audit: type=1326 audit(1721635837.195:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10227 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fef42715b59 code=0x7ffc0000 [ 113.081816][ T29] audit: type=1326 audit(1721635837.195:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10227 comm="syz.4.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef42715b59 code=0x7ffc0000 [ 113.124705][T10230] loop1: p1 < > p4 [ 113.130160][T10236] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=61469 sclass=netlink_route_socket pid=10236 comm=syz.2.1783 [ 113.145166][T10230] loop1: p4 size 8388608 extends beyond EOD, truncated [ 113.159361][T10237] pim6reg1: entered promiscuous mode [ 113.164745][T10237] pim6reg1: entered allmulticast mode [ 113.178457][ T2786] loop1: p1 < > p4 [ 113.264696][ T2786] loop1: p4 size 8388608 extends beyond EOD, truncated [ 113.332620][ T3161] udevd[3161]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 113.342820][ T3073] udevd[3073]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 113.360682][T10248] loop4: detected capacity change from 0 to 256 [ 113.383413][T10248] FAT-fs (loop4): Directory bread(block 64) failed [ 113.391298][T10248] FAT-fs (loop4): Directory bread(block 65) failed [ 113.398404][T10248] FAT-fs (loop4): Directory bread(block 66) failed [ 113.406370][T10248] FAT-fs (loop4): Directory bread(block 67) failed [ 113.412896][T10248] FAT-fs (loop4): Directory bread(block 68) failed [ 113.419564][T10248] FAT-fs (loop4): Directory bread(block 69) failed [ 113.427755][T10248] FAT-fs (loop4): Directory bread(block 70) failed [ 113.434455][T10248] FAT-fs (loop4): Directory bread(block 71) failed [ 113.441061][T10248] FAT-fs (loop4): Directory bread(block 72) failed [ 113.449052][T10248] FAT-fs (loop4): Directory bread(block 73) failed [ 113.464938][T10248] syz.4.1787: attempt to access beyond end of device [ 113.464938][T10248] loop4: rw=0, sector=1768, nr_sectors = 4 limit=256 [ 113.491577][T10248] syz.4.1787: attempt to access beyond end of device [ 113.491577][T10248] loop4: rw=0, sector=1768, nr_sectors = 4 limit=256 [ 113.709553][ C0] eth0: bad gso: type: 1, size: 1408 [ 113.728711][ C0] eth0: bad gso: type: 1, size: 1408 [ 113.773492][T10322] loop4: detected capacity change from 0 to 512 [ 113.793559][T10322] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 113.817459][T10324] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 113.839676][T10322] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 113.910740][T10330] loop4: detected capacity change from 0 to 2048 [ 113.954429][T10330] loop4: p1 < > p4 [ 113.959139][T10330] loop4: p4 size 8388608 extends beyond EOD, truncated [ 113.967528][ T2786] ================================================================== [ 113.975794][ T2786] BUG: KCSAN: data-race in __fsnotify_parent / fsnotify_put_mark [ 113.983514][ T2786] [ 113.985826][ T2786] write to 0xffff8881001ca2c0 of 4 bytes by task 3073 on cpu 1: [ 113.993459][ T2786] fsnotify_put_mark+0x2d8/0x5d0 [ 113.998421][ T2786] __se_sys_inotify_rm_watch+0x105/0x180 [ 114.004056][ T2786] __x64_sys_inotify_rm_watch+0x31/0x40 [ 114.009597][ T2786] x64_sys_call+0x1d25/0x2e00 [ 114.014265][ T2786] do_syscall_64+0xc9/0x1c0 [ 114.018758][ T2786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.024641][ T2786] [ 114.026950][ T2786] read to 0xffff8881001ca2c0 of 4 bytes by task 2786 on cpu 0: [ 114.034490][ T2786] __fsnotify_parent+0xd4/0x380 [ 114.039332][ T2786] __fput+0x5ca/0x6f0 [ 114.043306][ T2786] __fput_sync+0x44/0x60 [ 114.047547][ T2786] __se_sys_close+0x101/0x1b0 [ 114.052219][ T2786] __x64_sys_close+0x1f/0x30 [ 114.056801][ T2786] x64_sys_call+0x2630/0x2e00 [ 114.061470][ T2786] do_syscall_64+0xc9/0x1c0 [ 114.065969][ T2786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.071850][ T2786] [ 114.074159][ T2786] value changed: 0x00002008 -> 0x00000000 [ 114.079856][ T2786] [ 114.082164][ T2786] Reported by Kernel Concurrency Sanitizer on: [ 114.088298][ T2786] CPU: 0 PID: 2786 Comm: udevd Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 114.097568][ T2786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 114.107607][ T2786] ================================================================== [ 114.186124][ T2786] loop4: p1 < > p4 [ 114.190571][ T2786] loop4: p4 size 8388608 extends beyond EOD, truncated