last executing test programs: 3.162330821s ago: executing program 4 (id=3290): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="180100001c00100000000000120000d1850000000500000095", @ANYRES32=0x0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) unshare(0x68040200) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f00000000c0)={0x9}, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000c40)=ANY=[@ANYBLOB="f4000000", @ANYRES16=r3, @ANYBLOB="010000000000000000001a0000005c000180380004001400010002000000ac1414aa0000000000000000200002000a00009829e9c922c7749a0000000001000000000000000100000000080003000000000008000300ffff00000f"], 0xf4}}, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000300)={0x34, 0x0, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x34}}, 0x0) 2.947995558s ago: executing program 4 (id=3296): r0 = gettid() process_vm_writev(r0, &(0x7f0000000380)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f00000003c0)=""/231, 0xe7}], 0x1, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r1, 0x5435, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x5, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000ffefffff0024863aab38f0524107001dcfd1fe000007000000006816e779f7c865"], &(0x7f00000007c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x90) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000700)=0x1) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000080603000000004000000003000000000500010006000000"], 0x1c}}, 0x0) 2.940704609s ago: executing program 4 (id=3297): r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000080), 0x1, 0x53c, &(0x7f00000025c0)="$eJzs3c9vI1cdAPDvTH52mzZb6AEqYBcoLGi19sbbrqpe2r2AUFUJUXFAHLYh8UZh7XWIndKESKR/A0ggcYI/gQMSB6SeOHDjyA0hlQPSAhFog0SF0YwnqZvYjWkcm8afjzQ7P178vu/FO/Oe38TzAphYVyNiLyJmI+L1iFgsjifFEi93luznHu3vrhzs767Ef9rt1/6W5OnZseh6TebxIs/5iPjGVyO+k5yM29zeub9cq1U3i/1yq75Rbm7v3FivL69V16oPKpXbS7dvvnDr+crQ6nql/suHX1l/5Zu/+fWn3/n93pd/kBVroUjrrscwdao+cxQnMx0Rr5xHsDGYKtazYy4HH04aER+LiM/l5/9iTOX/OwGAi6zdXoz2Yvc+AHDRpfkYWJKWirGAhUjTUqkzhvd0XEprjWbr+r3G1oPVzljZ5ZhJ54q+wvfyf2eSe+u16lKelqfn+5Vj+7ci4qmI+PHcY/l+aaVRWx1PlwcAJt7jx9r/f8512v8B9LirBwB8ZMyPuwAAwMhp/wFg8mj/AWDyDND+Fzf79869LADAaPj8DwCTR/sPAJNH+w8AE+Xrr76aLe2D4vnXq29sb91vvHFjtdq8X6pvrZRWGpsbpbVGYy1/Zk/9tPxqjcbG0nOx9Wa5VW22ys3tnbv1xtaD1t38ud53qzMjqRUA8EGeuvL2H5KI2HvxsXwJcznAxEjHXQBgbKbGXQBgbMz2BZNr8PH4351rOYDx6fkw7/mem+/30/8hiL8zgv8r1z7Zf/z/eN/AfQG4WIz/w+T6cOP/Lw29HMDo9Rr/18+HydBuJ8fn/J89SgIALqQzfB+v/cNhdUKAsTptMu+h3P8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAC2YhIr4bSVoq5gJfiDQtlSKeiIjLMZPcW69Vb0bEk3ElImbmsv2lcRcaADij9C9JMf/XtcVnF46nzib/motiTvDv/+y1n7y53GptLmXH/350fO5w+rDKe687w7yCAMCQ5e13pVh3fZB/tL+7criMsjwP78S7xVTEKwf7u/nSSZmO6Xw9n/clLv0jKfY7c5E+ExFTQ4i/91ZEfOKo/sm77XYRP8nHRi4XM592x48i9hPDj9/1+z8eP31f/DRP66yzztfHj+WbDqFscNG9fSciXu51/qVxNV/3Pv/n8yvU2T2808ns8Np30BX/8Po31SN+ds5fHTTGc7/92omD7cVO2lsRz0z3ip8cxU/6xH92wPh//NRnfvRSn7T2zyOuRe/43bHKrfpGubm9c2O9vrxWXas+qFRuL92++cKt5yvlfIy6fDhSfdJfX7z+ZL+yZfW/1Cf+fM/6zx699gsD1v8X/37925/9gPhf+nzv9//pnvE7sjbxiwPGX770q77Td2fxV/vU/7T3//qA8d/5887qgD8KAIxAc3vn/nKtVt0800b2aXMY+ZzYyIo41AxP2fhTjC7WqRsz5/VbPfeN6aO+4nBz/laW44irkw69FmfaeDSqWOO9LgHn772TftwlAQAAAAAAAAAAAAAA+hnFV5fGXUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAurv8GAAD//5S5ywU=") getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0xc) quotactl$Q_QUOTAOFF(0xffffffff80000700, &(0x7f0000000180)=@sr0, r1, 0x8cffffff00000000) openat(0xffffffffffffff9c, 0x0, 0x20042, 0x0) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) r2 = socket$inet(0x2, 0x80003, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000140)=@broute={'broute\x00', 0x20, 0x2, 0x330, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000580], 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000002000000000000feffffff0100000019000000000000000000726f7365300000000000000000000000726f736530000000cc000000000000007465616d5f736c6176655f310000000064756d6d7930000000000000000000000180c2000000000000000000ffffffffffff0000000000000000d00000000801000038010000706b74747970650000000000000000000000000000000000000000000000000008000000000000000000000000000000706b747479706500000000000000000000000000000000000000000000000000080000000000000000000000000000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000ddffffff00000000726564697265637400000000396c27db39b2eedb0000000000000000000000000800000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff01000000030000000000000080357665746831000000000000000000000074756e6c30000000000000000000000074756e6c300000000005000000000000006c616e300000000000000000000000aaaaaaaaaabb000000000000aaaaaaaaaa0000000000000000000001000000010000380100006367726f757000000000000000000000000000000000000000000000000000000800000000000000000000000000000061727000000000000000000000000000000000000000000000000000000000003800000000000000000000000000000000000000000000007f0000010000000072ce35f34121000000000000000000000000000000000000eaffffff00000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000fdffffff00000000"]}, 0x3a8) r3 = socket$inet(0x2, 0x200000002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000900], 0x2, 0x0, &(0x7f0000000900)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x108) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) syz_io_uring_setup(0x8, &(0x7f0000000080), &(0x7f0000000000), 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2, 0x47}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$nfc_llcp(r4, 0x6, 0x1c, 0x0, 0x2000e881) r5 = socket$inet_sctp(0x2, 0x1, 0x84) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r6, 0x84, 0x1b, &(0x7f0000000100), &(0x7f0000000140)=0x8) setsockopt$inet_int(r0, 0x0, 0x2, &(0x7f0000000040)=0x4, 0x4) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a'], 0x28, 0xffff0000}}], 0x1, 0x0) dup(r5) 2.850586176s ago: executing program 4 (id=3303): r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt(0xffffffffffffffff, 0x0, 0x2712, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f00000000c0), 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, r2) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000240)={'wg0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000180083ad0400000000000000020000000000fe020c00000008000400", @ANYRES32=r3], 0x24}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000180083ad0400000000000000020000000000fe020c000c"], 0x24}}, 0x0) 2.676581141s ago: executing program 4 (id=3309): rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000702000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000009000000b7030000010000006a0a00fe000000008500000032000000b700000001000000950000000000000098ae8e5e7b0c65752a3ad50000007ddd0000cb4500639100f51f00000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000009021f1ca9d6999f926250b180000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16d875fe369258673b5df11cc2afb53611cc320000bc0b80e80eae8f5e64be2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4ff9ded1cad1831909b7ce6d2c8212237458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151f07bd4e97d62ecc645e143a60f1c6edc76609077909826151e2b42bf0edc399f78f42d979b694dc1e5cf8c6e09e0c7e8b0db51662de6d87c493db845b10e9468bda6f82881eb8c9cfa72bba6708eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ecaa85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f505724d6e417b1c2cbfdcada0a16e31790e26cf101000080496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b4207e6078625cb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6d2676bef8310f7032775cfd75652f87b039d543000000000000000008ce31344b554aca78a00000000000000e63a0dba7f6b25e8d5e40a3a571a5dfde3b4dca2d38a9c0ea7b5bcd49f977c609915c7601080d10b96af1eb55922b2ad13a0eeefae505f4535cd9dc69fbab92150c7e74e5c5b051ddf6399b0d00eee5c3afee38cdc55b8d3fbbe210bdec686a23503f4a547327caf381171cc9002be6d89f5734a9e204dbc327ec8f9851d273fa07369c419942509198605ff2781f4d2d4685d762d4764f7ff762e09116946137b7ab812a2d408b57206093eea233054c6aa08bffc8a076d476bc28fc21d521b778de9e583b596d7102d0a7bea32f51aba25da0f72b895ec90882f56730236b30e656a1ab2fcb80df49afa05d8c9d5bdc3c1feed5c593a5d8482f3fcb287655b007368593c6c4a1513115f1382adfe98cf4d8ae0fb0b8c3022df57e70b3140b6027b9ad373a027a75e2fd187b421663ca8c579554e825e2a65f6a17f65a0b246710654555e59b08e4a52a36fcdb0278fd80b4d6aea4c0db6652f56f7c91530539f98554348794696597c7d4ead2548f8f636b20e1e5b4cceb0ad42784752595cba883e9de9abe2c16bba1c4a786f11b8ebd31d5941a6d47ec9727315e03711623e99ac4ce0eb40b51ef9d9d7cbf1e5a30883eccde1564b805bd3db0d6c389c694df6fae50c2c03dc90f5a0e9b8d6ceab763940f505a6d4617be5c236e8087c4fd0428d0c6a0c6b2d64f9cf1a7bb009064cb20d28427df575c04df0d2c20b8beb24eaa42c79a1ee9ae5f3e47d4c5c2d646450a6353f58c5e8d22669a02b88c69a09770e34603865c96505caff1200"/1374], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x14) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x1f2f, 0x1cf, 0x38f, &(0x7f00000007c0)="9f44948721919580684010a486dd", 0x0, 0x241, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23) 2.676268021s ago: executing program 4 (id=3310): syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000200)={0x1d, 0x0, 0x2}, 0x18) r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x1000004) accept4(r0, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3000490, &(0x7f0000000100)={[{@dioread_lock}, {@usrjquota}, {@errors_remount}, {@norecovery}, {@auto_da_alloc}, {@data_err_ignore}, {@grpquota}, {@barrier_val={'barrier', 0x3d, 0x6}}, {@discard}, {@jqfmt_vfsold}]}, 0x45, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==") chdir(&(0x7f0000000140)='./file0\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) socket(0x10, 0x3, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x301080, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r4}, 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @private0}], 0x2c) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000340)={'#! ', '', [{0x20, '3\x89?\xeeS\x0f\t\xf9\xd2)\xd2\x91`u\xb0\x8d\x1e\xcf\xde\xb7\xfaQ\x1a\xc6\xe0-\"\x0fE\"\xa0x\xbd\xe2\x96\x10\fJ\xf0\x16\xd9Q\xd3\xba\xb1\x8a\xdd\x8b\xd0\xbd5\xa9SJ\xe4\"R\x8b-\xd6\xab\r\x1c\r3\x14 {X\xcf\x9b|\xcd\x80\xbe+\x7f\x1f\xbb\x1c\xf7o\xa1y\xda\xde\xbc'}, {0x20, 'grpquota'}]}, 0x65) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@map, 0xffffffffffffffff, 0x0, 0x0, 0x4, @prog_fd}, 0x20) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r6 = epoll_create(0x9) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r2, &(0x7f00000000c0)) getdents64(r1, &(0x7f0000000100)=""/42, 0x2a) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x0) pipe2$9p(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) pipe2$9p(&(0x7f0000000000), 0x0) write$P9_RLERRORu(r7, &(0x7f0000000240)={0xf, 0x7, 0x0, {{0x2, '.,'}, 0x200}}, 0xf) write$P9_RSTAT(r7, &(0x7f0000000080)=ANY=[], 0xfdeb) 1.695250811s ago: executing program 0 (id=3357): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff0}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_LIMIT={0x5}, @IFLA_IPTUN_FLOWINFO={0x8}]}}}]}, 0x44}}, 0x0) 1.695085001s ago: executing program 0 (id=3358): r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000080)=[r1, r1, r0, r2, r0, r0, r0, r0, r0], 0x9) (async) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f00000027c0)={0x2, 0x3, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x5}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1}}]}, 0x70}, 0x1, 0x7}, 0x0) 1.643850905s ago: executing program 0 (id=3363): r0 = fsopen(&(0x7f00000002c0)='rpc_pipefs\x00', 0x0) r1 = getpid() r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x4, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f00000001c0)}, 0x20) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000240), r4) sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRES16=r5, @ANYBLOB="01000000000000000000010000000800010004e4ffff2b00048005001d00010000000500030080ffffff05000300000000000500030080ffffff05000300050000000800020003"], 0x50}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0xc, &(0x7f0000000100)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00'}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) shutdown(0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0xb00, 0x0, 0x0) 1.004422398s ago: executing program 1 (id=3377): socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) read$watch_queue(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) syz_emit_ethernet(0x2a6, &(0x7f0000000700)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x270, 0x3a, 0xff, @remote, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x1, {0x3, 0x6, "3549a3", 0x0, 0x0, 0x1, @local, @ipv4={'\x00', '\xff\xff', @multicast1}, [@fragment={0xa5, 0x0, 0xa0, 0x0, 0x0, 0xf, 0x66}, @dstopts={0x2b, 0x1d, '\x00', [@ra={0x5, 0x2, 0x401}, @generic={0x6c, 0xba, "0da51fa68ff5cb91cfc7f748fc154793e5eff079c1913b9a485642e13af3d003cb1d4178722ef68cad09c59fbe30b07b4f68cc41ac38da9b71e1deee5e99b99384b1d323276be5263f4685dc8c345aafd888d9ee710ba37dbb0a115d2cd48e7e76c8a5d050708eca06c0095d945c3f7effde27de13a6397898383a5478297c857c573c40e0f326e00f7a6ec9d79fd5a2a27d857896666cc05d7501b6ffcaa1964730cbc6b724ca682bc39e4467aa1bde7f36a89d8a7ea699c7ad"}, @generic={0x2c, 0xe, "0f2d498872672e77d8620ea31e2b"}, @jumbo={0xc2, 0x4, 0xa59}, @ra={0x5, 0x2, 0x1}, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}]}, @dstopts={0x5e, 0xb, '\x00', [@calipso={0x7, 0x50, {0x1, 0x12, 0x6, 0x6, [0x2, 0x7, 0x7, 0x3, 0x3d8b, 0x8000000000000, 0x1, 0x7, 0x41a1]}}, @jumbo={0xc2, 0x4, 0x10001}]}], "e45e0d3727df66518f2c2e2a3b2f55f7a44a3fa1a1c618861ae82f03597f17bb91c1877e7fa19bf0c91ebb891c4cd0b1c087a81c0f8811a8b30539f8725c9a6df95acb2ec45add8333c7c46e805aa53064d84428139b159e44fddcd3f027f22474c2326e9f95df8f234ff02b57b0d4181d7e0e0ae267f4b25d07517020ffa60773818d37d40af56df01392e715d8813c77db16212b11c31b49a1d10fe61c752f263bdfc76651162f5ca5d1299fae81bddaf573fe3a445bb4c75bc09dbc92fbcfb3d857286040e222e676a6069e94047cef1ba71604aa628c2a90ade3f0e204d6"}}}}}}}, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448df, 0x0) dup2(0xffffffffffffffff, r0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="640000001400010000000000000000000a3800fe", @ANYRES32=r3, @ANYBLOB="140002000000000000000000000000000000000014000600000000008003000001000000000000001400"], 0x64}}, 0x0) 1.003857948s ago: executing program 1 (id=3379): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000009c0)={'vcan0\x00', 0x0}) setsockopt$SO_J1939_FILTER(r0, 0x6b, 0x1, &(0x7f0000000280)=[{}], 0x20) syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x200000, &(0x7f0000000200)={[], [{@flag='sync'}]}, 0x1, 0x544, &(0x7f0000000540)="$eJzs3c9vHFcdAPDvjL22m7p1Cj1ABSRAIaAou/Gmjape2lxAqKqEqDggDqmxN5bJbjZk16U2kXD/BpBA4gR/AgckDkg9ceDGkRtCKgekABYoRqJi0cyOnY29myzxepd6Px9pMj+e933f82bmvX3jnRfA1DofETsRMRcRb0fEUnE8KZZ4vbtkP3d/9+7q3u7d1fhPp/PW35I8PTsWPa/JPF3kuRAR3/hqxHeSo3FbW9s3V+r12p1iv9Ju3K60trYvbTRW1mvrtVvV6tXlq5dfufJydWR1Pdf45b2vbLzxzd/8+tMf/H7nyz/IirVYpPXWY5S6VS8dxMnMRsQbJxFsAmaK9dyEy8GTSSPiYxHxufz8X4qZ/H8nAHCadTpL0Vnq3QcATrs0HwNL0nIxFrAYaVoud8fwno8zab3Zal+80dy8tdYdKzsbpXS+6Ct8L/+3lNzYqNeW87Q8Pd+vHtq/EhHPRcSP55/K98urzfraZLo8ADD1nj7U/v9zvtv+D6HPXT0A4CNjYdIFAADGqRTafwCYStp/AJg+Q7T/xc3+nRMvCwAwHj7/A8D00f4DwPTR/gPAVPn6m29mS2eveP712jtbmzeb71xaq7Vulhubq+XV5p3b5fVmcz1/Zk/jcfnVm83byy/F5ruVdq3VrrS2tq83mpu32tfz53pfr5XGUisA4FGeO/f+H5KI2Hn1qXwJcznA1EgnXQBgYmYmXQBgYsz2BdNr+PH4351oOYDJ6fsw74W+mw/76f8QxN8Zwf+VC58cPP5/uG/gvgCcLsb/YXo92fj/ayMvBzB+/cb/9fNhOnQ6yeE5/+cOkgCAU+kY38fr/HBUnRBgoh43mfdI7v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKbMYEd+NJC0Xc4EvRpqWyxHPRMTZKCU3Nuq1yxHxbJyLiNJ8tr886UIDAMeU/iUp5v+6sPTi4uHUueRf81HMCf79n731k3dX2u07y9nxvx8cn9+fPqz64HXHmFcQABixvP2uFuueD/L3d++u7i/jLM+9a/FhMRXx6t7u3XzppszGbL5eyPsSZ/6RFPvduUhfiIiZEcTfeS8iPnFQ/+TDTqeIn+RjI2eLmU9740cR+5nRx+/5/R+Onz4UP83Tuuus8/XxQ/mmIygbnHbvX4uI1/udf2mcz9f9z/+F/Ap1fPeudTPbv/bt9cTfv/7N9ImfnfPnh43x0m+/duRgZ6mb9l7EC7P94icH8ZMB8V8cMv4fP/WZH702IK3z84gL0T9+b6xKu3G70travrTRWFmvrdduVatXl69efuXKy9VKPkZd2R+pPuqvr158dlDZsvqfGRB/oW/95w5e+4Uh6/+Lf7/97c8+Iv6XPt///X++b/yurE384pDxV878auD03Vn8tQH1f9z7f3HI+B/8eXttyB8FAMagtbV9c6Ver9051kb2aXMU+RzZyIr44Mh+B2SkIR7a+FOcVM5PsFE6qd/qiW/MHvQVR5vzt7Icx1yddOS1ONbG/XHFmtw1CRiPByf9pEsCAAAAAAAAAAAAAAAMMo6vLk26jgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxe/w0AAP//6jPHpg==") r2 = socket$inet(0x2, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000003200)=ANY=[@ANYRESDEC=r2], &(0x7f0000000300)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x37, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000002480)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r7, 0x0, r10, 0x0, 0x7, 0x0) write$P9_RWRITE(r10, &(0x7f0000000040)={0xb}, 0x11000) write(r10, &(0x7f0000000140)='i', 0x1) read(r9, &(0x7f0000019440)=""/102391, 0x18ff7) dup2(r7, r8) r11 = open(&(0x7f0000000000)='./bus\x00', 0x400200, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r4, 0x0, 0xb) splice(r12, 0x0, r11, 0x0, 0x1000, 0x0) write$binfmt_misc(r9, &(0x7f0000000340)=ANY=[], 0xfdef) splice(r3, 0x0, r13, 0x0, 0x80, 0x0) r14 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r14, &(0x7f00000002c0)={0x1d, r1, 0x0, {0x0, 0x0, 0x3}}, 0x18) sendmsg$can_j1939(r14, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) r15 = socket$nl_route(0x10, 0x3, 0x0) bind$can_j1939(r0, &(0x7f0000000200)={0x1d, r1}, 0x18) r16 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r16, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendmsg$nl_route_sched(r15, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000f00)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r17}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 782.900086ms ago: executing program 0 (id=3389): ioctl$TIOCMBIS(0xffffffffffffffff, 0x5416, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) socket$kcm(0x10, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602fe0000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) 687.114544ms ago: executing program 0 (id=3390): socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) read$watch_queue(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) syz_emit_ethernet(0x2a6, &(0x7f0000000700)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x270, 0x3a, 0xff, @remote, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x1, {0x3, 0x6, "3549a3", 0x0, 0x0, 0x1, @local, @ipv4={'\x00', '\xff\xff', @multicast1}, [@fragment={0xa5, 0x0, 0xa0, 0x0, 0x0, 0xf, 0x66}, @dstopts={0x2b, 0x1d, '\x00', [@ra={0x5, 0x2, 0x401}, @generic={0x6c, 0xba, "0da51fa68ff5cb91cfc7f748fc154793e5eff079c1913b9a485642e13af3d003cb1d4178722ef68cad09c59fbe30b07b4f68cc41ac38da9b71e1deee5e99b99384b1d323276be5263f4685dc8c345aafd888d9ee710ba37dbb0a115d2cd48e7e76c8a5d050708eca06c0095d945c3f7effde27de13a6397898383a5478297c857c573c40e0f326e00f7a6ec9d79fd5a2a27d857896666cc05d7501b6ffcaa1964730cbc6b724ca682bc39e4467aa1bde7f36a89d8a7ea699c7ad"}, @generic={0x2c, 0xe, "0f2d498872672e77d8620ea31e2b"}, @jumbo={0xc2, 0x4, 0xa59}, @ra={0x5, 0x2, 0x1}, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}]}, @dstopts={0x5e, 0xb, '\x00', [@calipso={0x7, 0x50, {0x1, 0x12, 0x6, 0x6, [0x2, 0x7, 0x7, 0x3, 0x3d8b, 0x8000000000000, 0x1, 0x7, 0x41a1]}}, @jumbo={0xc2, 0x4, 0x10001}]}], "e45e0d3727df66518f2c2e2a3b2f55f7a44a3fa1a1c618861ae82f03597f17bb91c1877e7fa19bf0c91ebb891c4cd0b1c087a81c0f8811a8b30539f8725c9a6df95acb2ec45add8333c7c46e805aa53064d84428139b159e44fddcd3f027f22474c2326e9f95df8f234ff02b57b0d4181d7e0e0ae267f4b25d07517020ffa60773818d37d40af56df01392e715d8813c77db16212b11c31b49a1d10fe61c752f263bdfc76651162f5ca5d1299fae81bddaf573fe3a445bb4c75bc09dbc92fbcfb3d857286040e222e676a6069e94047cef1ba71604aa628c2a90ade3f0e204d6"}}}}}}}, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448df, 0x0) dup2(0xffffffffffffffff, r0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="640000001400010000000000000000000a3800fe", @ANYRES32=r3, @ANYBLOB="140002000000000000000000000000000000000014000600000000008003000001000000000000001400"], 0x64}}, 0x0) 659.900296ms ago: executing program 0 (id=3392): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) write$binfmt_aout(r0, &(0x7f0000002140)=ANY=[], 0xff2e) 288.595077ms ago: executing program 2 (id=3399): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d90000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=@newtaction={0xe68, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x5}, [{0x400300}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) 288.158337ms ago: executing program 2 (id=3400): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000000)=ANY=[@ANYBLOB="ac010000170001030000000000000000ffffffff0000000000000000000000000000000000000000fe8000000008000000000000000000bb00000000000000000000ffff7f000001ff01000000000000000000000000000100000000000000000000000000000000e69d4a73596dde0a38e4eeaa0f85a703760b9c9648e49ae6e1753b24553dfc03295a4ab46d5a61ef0b378e69f3102a94c630c267920b560fe326176cd773950b897ff03e74283c2cdf4a1f2b69a9b7bd6877b4de7d4dcd018a17cd6896d801e4a062b7e1143dd141a9d712c8e997021cea8bc7d7e6af0bb7a970d781f6be8641333fcbb218c83577d6db6d7ff284a2f13f8fce7beaf6c076109fa866d7e5dbddd7442af775b75def76da3812"], 0x1ac}}, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f0000000380)="eecd8179ce3365698809802bff10e49e90234024c0df5c1f741a790949ed7498c7418695a1196510491e1b1fabf68fefaa04e86f24954e6f26ed2d0910d2a9e4b148c458103b3fed7430cb00374eaa9f307865375b5d368d760c2bf9e60c578ee9a3a51fba4b9f7b5911cc17c59250a11f6e357f26c4d223269288cb1b6d7fd575e3763b0613a514c751abbfe2d5c27e239e", &(0x7f00000002c0)=""/42}, 0x20) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000404000000002e"], 0x0, 0x37}, 0x20) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2) io_uring_register$IORING_REGISTER_IOWQ_AFF(0xffffffffffffffff, 0x11, &(0x7f0000000540)="fb6ddd91a667605493a87d67f2543c3844881b5337a33148d69c72d3aca763c57c761a17b956720c57701f6b92e316b77f8f12d30f96fd1417930a2fc57e9497dc4b9ced575762b9e0821944dd8061271a27", 0x52) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000040)={0x20, 0x1, 0x0, 0x3f, 0x0, 0x0, 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x12, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r2, 0x0, 0x1}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x3, 0x0, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001d80)=ANY=[@ANYRES32], &(0x7f0000000340)='syzkaller\x00'}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_es_remove_extent\x00', r3}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000240)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000900)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @private1}}, {{0xa, 0x0, 0x0, @private1}}]}, 0x190) unlink(&(0x7f0000000140)='./cgroup\x00') perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, @perf_bp={&(0x7f0000000500), 0x2}, 0x40, 0x0, 0x4, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) 282.034747ms ago: executing program 3 (id=3401): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x800000001ff, 0xe8082) dup(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x2012, r1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x0, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000001340)={0x11, @remote, 0xffff, 0x0, 'wrr\x00'}, 0x2c) 263.050518ms ago: executing program 3 (id=3402): socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) read$watch_queue(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) syz_emit_ethernet(0x2a6, &(0x7f0000000700)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x270, 0x3a, 0xff, @remote, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x1, {0x3, 0x6, "3549a3", 0x0, 0x0, 0x1, @local, @ipv4={'\x00', '\xff\xff', @multicast1}, [@fragment={0xa5, 0x0, 0xa0, 0x0, 0x0, 0xf, 0x66}, @dstopts={0x2b, 0x1d, '\x00', [@ra={0x5, 0x2, 0x401}, @generic={0x6c, 0xba, "0da51fa68ff5cb91cfc7f748fc154793e5eff079c1913b9a485642e13af3d003cb1d4178722ef68cad09c59fbe30b07b4f68cc41ac38da9b71e1deee5e99b99384b1d323276be5263f4685dc8c345aafd888d9ee710ba37dbb0a115d2cd48e7e76c8a5d050708eca06c0095d945c3f7effde27de13a6397898383a5478297c857c573c40e0f326e00f7a6ec9d79fd5a2a27d857896666cc05d7501b6ffcaa1964730cbc6b724ca682bc39e4467aa1bde7f36a89d8a7ea699c7ad"}, @generic={0x2c, 0xe, "0f2d498872672e77d8620ea31e2b"}, @jumbo={0xc2, 0x4, 0xa59}, @ra={0x5, 0x2, 0x1}, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}]}, @dstopts={0x5e, 0xb, '\x00', [@calipso={0x7, 0x50, {0x1, 0x12, 0x6, 0x6, [0x2, 0x7, 0x7, 0x3, 0x3d8b, 0x8000000000000, 0x1, 0x7, 0x41a1]}}, @jumbo={0xc2, 0x4, 0x10001}]}], "e45e0d3727df66518f2c2e2a3b2f55f7a44a3fa1a1c618861ae82f03597f17bb91c1877e7fa19bf0c91ebb891c4cd0b1c087a81c0f8811a8b30539f8725c9a6df95acb2ec45add8333c7c46e805aa53064d84428139b159e44fddcd3f027f22474c2326e9f95df8f234ff02b57b0d4181d7e0e0ae267f4b25d07517020ffa60773818d37d40af56df01392e715d8813c77db16212b11c31b49a1d10fe61c752f263bdfc76651162f5ca5d1299fae81bddaf573fe3a445bb4c75bc09dbc92fbcfb3d857286040e222e676a6069e94047cef1ba71604aa628c2a90ade3f0e204d6"}}}}}}}, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448df, 0x0) dup2(0xffffffffffffffff, r0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="640000001400010000000000000000000a3800fe", @ANYRES32=r3, @ANYBLOB="140002000000000000000000000000000000000014000600000000008003000001000000000000001400"], 0x64}}, 0x0) 262.630719ms ago: executing program 2 (id=3403): r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt(0xffffffffffffffff, 0x0, 0x2712, 0x0, 0x0) syz_io_uring_setup(0x0, 0x0, &(0x7f00000000c0), 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000240)={'wg0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000180083ad0400000000000000020000000000fe020c00000008000400", @ANYRES32=r3], 0x24}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000180083ad0400000000000000020000000000fe020c000c"], 0x24}}, 0x0) 241.2938ms ago: executing program 3 (id=3404): perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf00, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4400000010004b043f000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800080081000000060027"], 0x44}}, 0x0) 180.467656ms ago: executing program 2 (id=3405): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000850000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$9p_tcp(&(0x7f0000000000), &(0x7f0000000140)='./file0/../file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000340)={'trans=tcp,', {'port', 0x3d, 0x48000000}}) 179.750266ms ago: executing program 3 (id=3406): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0xf, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0xea, 0x36, 0x2, 0xc7, 0x0, 0xb792, 0x20400, 0x5, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0xc, 0x2, @perf_config_ext={0x5, 0x2}, 0x500, 0x7, 0xffff, 0x3, 0x5, 0x8, 0xad, 0x0, 0x6, 0x0, 0x1}, 0x0, 0x3, 0xffffffffffffffff, 0xa) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r4}}) r6 = socket(0x2a, 0x2, 0x0) sendto(r6, 0x0, 0x0, 0x0, &(0x7f0000000040)=@qipcrtr, 0x80) dup2(r3, r6) ioctl$FICLONE(r1, 0x40049409, r0) r7 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xe4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000a40)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6493790710000000000080000b2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de99f381faca0f9d9924be41a9169bdfaf16da915b2e249f21c6eee84309e7a23c19a394830f2539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bfb1c0e6b1244d35b213bda84cc172afcc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbb888b0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab2e4b380a00d72bc0480f94479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b844139f1111f2df9c941c5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e558d17879570c8ad943e392955f4f979ea13201bafe4f0f6ea508000000a0c548552b571bed5647323478a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151fcda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526894aa7fe5e68949a3b304723177d356c4604bca492ecec37e83efceefd78a2533659edc8bef9cb85451c6a145074343caea5c4bf690441974b155f5adc681a90f9b3e01b57a57f5e2ce8b0cbbbe3c033e54ffcebde1d9d3d350000000000000000e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e5a61561a9845e4ff29e2bd43b5b923b272341c5e093fd66a2946501559335781092cf8ce987c56cd31121624d7455f2a3666276c3c0e812b28e2f30d035cee5d0e77a3c72208ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f030b8d3ebcef5af469abe753314fae31a09c3a041a1e7b55c4e81dba1e12289ee34463aaf28345bde0c195bc9f022ca8ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262d0af3246eb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a0600adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa7000008000000000000117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cd50feeb7bfad9b7be3283b6450d34264e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5a71e0d7696caba172745c7dd919ffb631820420b75b6522c0e21c882c66f4f25ffb6d95e07e068000000000000eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff201000000000000002e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa66237e0dacc107f532348cc2116473381e961f3d9c8c21578fe3245097c280abe51427b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6f0100000000000000f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d174b0000000000000000000000fa08ad0731ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282b6caa2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc979720f48b5647dd177db6810fae0533496b6d58da50ee80a6b9a7438978c5465113f668eb4484350048289d07dbef325d3221a7cb35f812f257941a9781e3214c2a3dcf89d99844b762a9cf17548c54fccad2c7ae8072b82e0880815daf966bd5343c1635e123f868a7167cfcff33320253af570f4ef9c0254afdd89ac3943562b530dd88da8a94013bbaf204bebc38055adc39f07f7c22711f4d1f6dcc928d1578a093c072e0b92babc76f47ee367e745a024a2278319d9a4d1378482b74c516647652bfb6e93002494a5cd74e2a9a4734487062437da23e1efa6ef7674108aaa3ffac859c3577c2637bb3bdc69bc365b1f20dba96b8acca62f3f80045318de0facf2ed44b814e842c2a520159bb6c320cec0910c0b8bd3d547bdfba2e09d24d117ed0388afd37affbad2f9c77c9c1314a16ffe64f5e3744a2fffd7039670f5706e589a4c3868db06fd892d68a547477f8ef686ff0dba7b8c18c94d5a89b0567a851750a35d9cc2217db890d89385fcaa00f0f2e524672e6f4c8bedfd5da5b157709b8265cf511dc5846ab1d85916c4a6b2d1b408575982e11230cbac0a9c6eaa03c945645581f678403c2a936c53ae72940aa92bcf22b82c6bc028e0acdddf9fef595f0f7a9f80c0e4c659ced769ec463d26a81e468846761a8e1efd6a031ab7adc8665e267be0065cc315aa23012423ec8b8492d9b50fa4d8c5891959b761eec6dc988532782fda13239c63737039350db59e25c796b79cc04f3d1a5a13000000001e301d82000000000000000000"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) r9 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r9, 0x0, 0x80, &(0x7f00000000c0)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000000000f8ffffff000000000000000000000000000000000000000000000000000000000000feffffff00000000000000000000000000000000000000f00c0000000000170000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000000000000008006966623000000000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000182c20000000000000000000000b8000000b8000000e80000006970000000000000000000000000000000000000000000a823c565625b8d720020000000000000007f0000e1d80014000000000000000000000041554449540000bcb92dfff07fca000000466ef58f5dc8438b000000000000000800"/376]}, 0x1f0) getsockopt$IP6T_SO_GET_ENTRIES(r2, 0x29, 0x41, &(0x7f0000000200)={'nat\x00', 0xd, "22cdfa1510d8e3039f88071024"}, &(0x7f0000000240)=0x31) ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r8) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000440)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x0) 179.598196ms ago: executing program 2 (id=3407): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0x71d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xe, 0x8}, {0x0, 0xffff}}}, 0x24}, 0x1, 0x0, 0x700}, 0x0) 178.986676ms ago: executing program 2 (id=3408): syz_open_dev$tty1(0xc, 0x4, 0x1) socket$tipc(0x1e, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(0xffffffffffffffff, 0x5386, &(0x7f0000000080)) socket$netlink(0x10, 0x3, 0x0) listen(0xffffffffffffffff, 0x0) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3fb}, 0x0, 0x0) open(0x0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0xfffffe3e) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @empty}, 0x10) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @empty=0xffffffd7}, 0x10) 160.671237ms ago: executing program 1 (id=3409): perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000013c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x101}, @NFT_MSG_NEWFLOWTABLE={0x44, 0x16, 0xa, 0x1, 0x0, 0x2500, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HOOK={0x18, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x4}]}]}, @NFT_MSG_DELFLOWTABLE={0x30, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}]}], {0x14, 0x10}}, 0xb0}}, 0x0) 71.827004ms ago: executing program 3 (id=3410): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @private2}, 0x1c) listen(r0, 0xc) (async) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) (async) r2 = io_uring_setup(0x30d3, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}) (async) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}]}}}]}]}], {0x14}}, 0x78}}, 0x0) (async) close_range(r2, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) r5 = openat$cgroup_procs(r4, &(0x7f0000000280)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000400), 0x21) (async) unshare(0x22020400) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000340)='cgroup\x00'}, 0x30) (async) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000079e02200850000006d00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r6}, 0x10) (async) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@deltaction={0x24, 0x31, 0xd03, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}]}, 0x24}}, 0x0) (async) r8 = syz_open_procfs$namespace(0x0, 0x0) preadv(r8, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/21, 0x45}], 0x2, 0x0, 0x0) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x2000000000000021, &(0x7f0000000080)=[{0x28, 0x4, 0x3, 0x4}, {0x6}]}, 0x10) socket$inet_dccp(0x2, 0x6, 0x0) (async) r9 = memfd_create(&(0x7f0000000000)='secer\x03\x00\x00\x00selin\x8cB\xabl\xa6e\x15ux\x00\xab', 0x0) pwrite64(r9, &(0x7f000003bfff)='/', 0x1, 0x0) (async) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r9, 0x0) (async) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl2\x00', &(0x7f0000000180)={'gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @private, @remote}}}}) unshare(0x2c020400) (async) msgget$private(0x0, 0x0) msgsnd(0x0, &(0x7f0000000180)=ANY=[], 0x2000, 0x0) 12.616779ms ago: executing program 1 (id=3411): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x101, 0x0, 0xffffffff}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x10}}, 0x5c}}, 0x0) 12.326379ms ago: executing program 1 (id=3412): setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x800000001ff, 0xe8082) dup(r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x2012, r1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x0, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000001340)={0x11, @remote, 0xffff, 0x0, 'wrr\x00'}, 0x2c) 11.606499ms ago: executing program 1 (id=3413): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1) mknod$loop(0x0, 0x0, 0x1) socket$nl_route(0x10, 0x3, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000040)) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, &(0x7f0000000000)=0x1, 0x0, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r2, &(0x7f00000003c0)='@', 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x7b, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={r4, @in={{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, &(0x7f0000000180)=0x9c) readv(r1, &(0x7f0000002200)=[{&(0x7f0000002140)=""/98, 0x62}], 0x1) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x8000400) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000040)=0x20, 0x62) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x8, 0x4, &(0x7f00000001c0)=ANY=[@ANYRES64=r6, @ANYRESDEC=r1], &(0x7f0000001040)='GPL\x00', 0x0, 0x86, &(0x7f00000004c0)=""/134, 0x0, 0x0, '\x00', 0x0, 0x5}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10040, &(0x7f0000000200)={[{@journal_dev}, {@nouid32}]}, 0xfe, 0x254, &(0x7f0000000840)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzLTn1EkpvTXssvYReWgo9pW0O6aXQhh4aemgPW2Znt2yTDW2zyU7JfD4wO/P2vZnfDMz37V5mN4DCGo2IyYgoR8RYRFQjIuke8H62jLabK7X12Yhm85t7SWtc1s509huJiEZEfBZR6fQtrf2w9WDjq4/+Wax+eGrt+9qgrq/b9tbm1zsnp/8+O/Xp0pVrd6aTmIx6u6/7Og5T0uO9ShLxxlEUe0kklbzPgOcx8+eZ62nu34yID1r5r0apHdl/F165WI1PTuy37393r749yHMFDl+zWU0/AxtNoHBKEVGPpDQeEdl2qTQ+nn2Hv1EeLv02v/DH2K/zi3O/5D1TAYelHrH55fmhcyO78n+7nOUfOL7S/H87s3oz3d4p5302wEC8k63S/I/9tPxxyD8UjvxDcck/FJf8wzFwwOzKPxSX/ENxyT8cY9XORqNnt/xDcck/FJf8Q3F15x8AKJbmUN5PIAN5yXv+AQAAAAAAAAAAAAAAAAAA9lqprc92lkHVvPR/xPYXEVHpVb/c+j/iiFdbr8P3k3TYE0m2W19+fK/PA/TpdM5PX792K9/6l989muP+9XSztt+45bmIRjp4olLZe/8l7fvv4F5/Rn/15z4LvKBkV/vz7wZbf7dHq/nWn9qIuJDOPxO95p9SvNVa955/6t0/sXxAvz/s8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzOMAAAD//7MNbSk=") mknod$loop(0x0, 0x0, 0x1) r7 = openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$UHID_CREATE2(r7, 0x0, 0x119) set_mempolicy(0x3, &(0x7f0000000040)=0x7, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000003380)=ANY=[@ANYBLOB="180000000300000000000000a012544f95002b000000000093adffa82255f674412d020000000000005ab527ee3697f1ed4436dd1164b1b3f427f6ba6b34f98125f30e631d273683626e00dc254d570d4a6b78a5833488cfe410090000004aa900003d3cd62f00158e6eee8501000000520a0000151d010000000100bf000000003bbd424c6e6cafbe9309aba218812868a51d129e78f6ae170bf5a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b000024b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e460a000517ebc406e89dcbb7677e6528b0856e31eb9474c0106fc48e1f8c1a5f6945ac24cf609068f6ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bedf59ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e148bf56497e5d56d06c7551b870b2851c3f0a1aab71587a21c8f1b3369ebfcb4cb2946601b0f04edb256c604f068773f6db9d661bd7f0e2536f000000000000000055211c6f864f983d745f5865aad41d29158ae7602a2d6cd415e8351ebc283df54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121a96eb372713255012e028cb2654d493a0b4b35faae176f99b745eda2967199cc93685bb537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d0007ae4e1e347c0cff28235a6bb7aa3804b907a8f2880c5cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec64fa6c718bbd1aa591140cff0be4c6f8df084c5e9734ae30aa9afdc7125f01ab03a9b1074407136b4506000f0916aada035df2e0452a9b39e73aeeb6eaf14652dda689e2051d9b7eb85f3f2d5ae2c51944da8d7391d5b6b97419a3b76600cd1aa0afe5f8f46df4c5124ca425d374b419a6248029d33d61dd5c844024ba757371867a79b31c6617fc3327191fbf514573f1e30d1fd2d763f3ee9218b15c1d60be2168fffcd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc97def5f07f2980005a4f81a9cf8110971b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c4407eca22debc99335583b00013c3130978fa069af8223b38ced735c2d90c6d84c30a0d87d42647489b39601be5c27696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c534187a6240412c8f283cc0c1eba2866dc9580000000000000007fffffffff554b82d9c162f3556076b80552d961ca74f1ffdaccf0ea5f02e03a9ccb9087e6c3b3917bb74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb01efada800e50000000000fdaf2f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433d866665b98ca2002c836e89feef904c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc8d0834fb8d124638fec58faeb4c16abb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a68d2bb2dd163e863314e8449801b52bb93f6c9084659ce777dda8563c859656a357770289a61faa95a82bf1cfb7f2f97252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b00110635376413c29f7c6f7b7e29b9f4bddd5e328661f4615e627a6f608ad53a4168fe8e5d7d934aa289b4bd2b870000000000000000000000000000bc4b4ff50000009b777883a02ffd92dfc4cb4114b9f9cf4ad155110cd3ace2b322ae31bfa27847c799c8869a1ea5b98e525e6383ad7fd9795170e7b11e247603000000001459c7f606d721d3979676bffb3049166ab84ac1061991bd57c2566c10c296352a5105b6164e3f2491e4793e590dcc71f110da96366c40dd44a2c9882d3aa0f8a797b8fea6efcfb5276b7679f15559cdaabf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22adef9546abb7a2d9c085b189b5fd1f30e4e0c13f60870fde1f88d830b11002135e8e7262f29b6d7923bfbe0bd2a8be179e56b41ff3792cee2fc37eee739c3008ce740d8804f8e705f0dc59d000021363e8df94ff175b48dc8c12def681a11647946595445bf1cb7d2778cd27a6b3b2966b08be600000020a8a711d193bae0ab2db9ed9c6cb3c3de42ab89524414cae922141f7baf17ebb790ad60bd03870c39d1ad12c750837e63f9880fd70259e35590afb4843cd4e9989398eaa89cefb3aa13cab8d015cbaf1561d95362decd73b8f8cbf8269cac091cfaaa3c7e46d6e79145fc0f1d1b383752ccb40515a772356d746914540216adf4c0f44f1cff3760afa252720ec6dad3a98671ecdaff46cddffb1f05a0c0976070d603a442d014822369fa3eacbb69bd1b0a074357acd5d02161fed146ad3aa15d2b8101b7bd1e091ada78ecd50181f4b35cae1b29aff91494c916323b61f815c4e0701657087ad11eef97952921365bc898ba2c76a9b6e0052f43b1ad2dfdf3f958fc1d32e692bc8846c78a956ada453c67c1c2cdc4f8b1c94e9adc106e85b31e030d955c5578e107a6e8ca0d4dd05344c3e2af25d9a3b0f7805624016aeab271a75f0bacb101a103ef8948064569154a7de08f80e4df4c339b69431b0a5671097d89212b465b0b32275deae10a77e334c9fc074d181bdeb5be80a6249d472e78e6be57a5ccd354cf181e099605a644ecade221a2be926210b2690d09e4b7a3dea25403397439979c27d5613262de08bacecfff2d58437f422df4252c018795310c25e8fce18ed366ac2caade564ca869727a7d63c26271e17d7aba48971835530311545273d3caadeb5d2017dcddab8f38f2068f68a4111ddd587b5df4b5d8f1ce00231a2092eb2e797c491a1e66f73606fd95bbe0f10521862b6262f0259da51ff7517ace7361460a4669a97f7d0bf095c2787f00bdbfee19670d1e0ec5e6c3cb09972fa4d94993157b96d6695177c99d83716651129320924352cda7b8ead91c3301af620c1e8d703dd29ad77f54836779600bb0db3ecfbd36fa8164999898e4aaa56324e1c03a74daf593f92a8ecc03f8c8e3af9ae07dc03780cc0d69da9e3528c1693fb51998731992ceb27dcc0be5be4decefe41b78bc1847bf54b087e095172f06cfa6d4bf958b1d4544947ff1230655199db4f475006047fe83caca97758dffa53cee764f85932eb20d54241b2d515c0826dfe1f0f40ae920455a4548fb35e2a345c05b1c252b7877bb3d834b0b3579a36249146f832ef258df5127318c7017ac1a996c4f902f82deb60fd113ccf812d55ffd625057bd4ff3960992b85bc8d30edfca386be16b1c549aec52e31e1405f86c7760282901750b732ec06b0db735222a730000000000000000001ed58cd2c684667178576dbb57345b63c313e4a8fcfefe511e084c24b31a2e693946748bb73511695bc0eec1553b0f67d50678fb29ad13d2104fdd7a992574d475d3e51652fb3fda6a9fc0458f10b6d121bd48664858b51a9054d7c1d310af6a043e4b99472fbff86fea83924059419d54f07da0b6b7d6e6d61e680f151b0e"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7}, 0x48) 0s ago: executing program 3 (id=3414): r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x42}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000007c0)={@cgroup, r1, 0x5, 0x0, 0xffffffffffffffff, @prog_id}, 0x20) close(r0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x1) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000040)={0xffffffffffffffff}) close_range(r4, 0xffffffffffffffff, 0x0) r5 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xc, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r5, 0x47f9, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): nvalid port number 23 [ 139.650075][T11005] loop4: detected capacity change from 0 to 512 [ 139.657126][T11005] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 139.669830][ T29] kauditd_printk_skb: 30 callbacks suppressed [ 139.669843][ T29] audit: type=1326 audit(2000000076.050:1361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11009 comm="syz.1.2444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29dfa03bd9 code=0x7ffc0000 [ 139.704391][ T29] audit: type=1326 audit(2000000076.050:1362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11009 comm="syz.1.2444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f29dfa03bd9 code=0x7ffc0000 [ 139.728022][ T29] audit: type=1326 audit(2000000076.050:1363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11009 comm="syz.1.2444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29dfa03bd9 code=0x7ffc0000 [ 139.728045][ T29] audit: type=1326 audit(2000000076.050:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11009 comm="syz.1.2444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f29dfa03bd9 code=0x7ffc0000 [ 139.728125][ T29] audit: type=1326 audit(2000000076.050:1365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11009 comm="syz.1.2444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29dfa03bd9 code=0x7ffc0000 [ 139.728183][ T29] audit: type=1326 audit(2000000076.050:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11009 comm="syz.1.2444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f29dfa03bd9 code=0x7ffc0000 [ 139.728209][ T29] audit: type=1326 audit(2000000076.050:1367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11009 comm="syz.1.2444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29dfa03bd9 code=0x7ffc0000 [ 139.728236][ T29] audit: type=1326 audit(2000000076.050:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11009 comm="syz.1.2444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f29dfa03bd9 code=0x7ffc0000 [ 139.914701][T11022] loop2: detected capacity change from 0 to 8192 [ 139.964323][T11022] loop2: p2 p3 p4 [ 139.968209][T11022] loop2: p2 start 4293394690 is beyond EOD, truncated [ 139.975056][T11022] loop2: p3 size 14090496 extends beyond EOD, truncated [ 139.982640][T11022] loop2: p4 size 50331904 extends beyond EOD, truncated [ 140.059239][T11025] FAULT_INJECTION: forcing a failure. [ 140.059239][T11025] name failslab, interval 1, probability 0, space 0, times 0 [ 140.071954][T11025] CPU: 0 PID: 11025 Comm: syz.2.2447 Not tainted 6.10.0-rc7-syzkaller-00012-g34afb82a3c67 #0 [ 140.082158][T11025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 140.092252][T11025] Call Trace: [ 140.095516][T11025] [ 140.098463][T11025] dump_stack_lvl+0xf2/0x150 [ 140.103060][T11025] dump_stack+0x15/0x20 [ 140.107238][T11025] should_fail_ex+0x229/0x230 [ 140.111918][T11025] ? security_prepare_creds+0x4c/0x100 [ 140.117364][T11025] __should_failslab+0x92/0xa0 [ 140.122201][T11025] should_failslab+0x9/0x20 [ 140.126769][T11025] __kmalloc_noprof+0xa5/0x370 [ 140.131526][T11025] security_prepare_creds+0x4c/0x100 [ 140.136810][T11025] prepare_creds+0x346/0x480 [ 140.141436][T11025] lookup_user_key+0x132/0xdf0 [ 140.146217][T11025] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 140.152385][T11025] __se_sys_add_key+0x24b/0x320 [ 140.157223][T11025] ? fput+0x13b/0x180 [ 140.161215][T11025] __x64_sys_add_key+0x67/0x80 [ 140.166033][T11025] x64_sys_call+0x267d/0x2d70 [ 140.170740][T11025] do_syscall_64+0xc9/0x1c0 [ 140.175286][T11025] ? clear_bhb_loop+0x55/0xb0 [ 140.179973][T11025] ? clear_bhb_loop+0x55/0xb0 [ 140.184696][T11025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.190580][T11025] RIP: 0033:0x7fbe86d1ebd9 [ 140.195023][T11025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.214750][T11025] RSP: 002b:00007fbe85fa0048 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 140.223150][T11025] RAX: ffffffffffffffda RBX: 00007fbe86eacf60 RCX: 00007fbe86d1ebd9 [ 140.231217][T11025] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 00000000200000c0 [ 140.239191][T11025] RBP: 00007fbe85fa00a0 R08: ffffffffffffffff R09: 0000000000000000 [ 140.247276][T11025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.255249][T11025] R13: 000000000000000b R14: 00007fbe86eacf60 R15: 00007ffc8981a338 [ 140.263280][T11025] [ 140.302787][T11030] loop3: detected capacity change from 0 to 512 [ 140.316967][T11030] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 140.329908][T11030] ext4 filesystem being mounted at /38/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 140.341245][T11030] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.414358][T11048] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 140.436562][T11044] netlink: 'syz.2.2454': attribute type 10 has an invalid length. [ 140.454049][T11044] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 140.481583][T11057] loop3: detected capacity change from 0 to 512 [ 140.492370][T11057] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 140.500673][T11057] EXT4-fs (loop3): orphan cleanup on readonly fs [ 140.507519][T11057] Quota error (device loop3): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 140.517824][T11057] EXT4-fs warning (device loop3): ext4_enable_quotas:7078: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 140.532970][T11057] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 140.540063][T11057] EXT4-fs error (device loop3): ext4_orphan_get:1394: inode #16: comm syz.3.2458: casefold flag without casefold feature [ 140.555520][T11057] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz.3.2458: couldn't read orphan inode 16 (err -117) [ 140.564786][T11066] loop1: detected capacity change from 0 to 2048 [ 140.569426][T11057] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 140.596158][T11066] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.621217][ T8333] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.670341][ T9754] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.694252][ T29] audit: type=1400 audit(2000000077.080:1369): avc: denied { getopt } for pid=11069 comm="syz.0.2464" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 140.760292][T11082] netlink: 'syz.3.2466': attribute type 12 has an invalid length. [ 140.797025][T11089] loop2: detected capacity change from 0 to 2048 [ 140.819046][T11089] Alternate GPT is invalid, using primary GPT. [ 140.825445][T11089] loop2: p1 p2 p3 [ 140.832292][T11098] loop3: detected capacity change from 0 to 1764 [ 140.876050][T11100] netlink: 'syz.1.2474': attribute type 10 has an invalid length. [ 140.876123][T11106] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11106 comm=syz.4.2477 [ 140.928691][T11108] loop3: detected capacity change from 0 to 128 [ 140.946816][T11108] FAT-fs (loop3): Unrecognized mount option " " or missing value [ 140.958312][T11116] netlink: 'syz.2.2478': attribute type 3 has an invalid length. [ 140.983471][T11121] loop4: detected capacity change from 0 to 512 [ 140.989845][ T4322] IPVS: starting estimator thread 0... [ 140.995896][T11121] EXT4-fs (loop4): ea_inode feature is not supported for Hurd [ 141.023990][T11127] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10522 sclass=netlink_route_socket pid=11127 comm=syz.0.2483 [ 141.068850][T11111] 9pnet: Could not find request transport: o= [ 141.104186][T11122] IPVS: using max 2448 ests per chain, 122400 per kthread [ 141.162900][T11169] dvmrp8: entered allmulticast mode [ 141.169254][T11167] dvmrp8: left allmulticast mode [ 141.184433][ T3319] IPVS: starting estimator thread 0... [ 141.225046][T11194] block device autoloading is deprecated and will be removed. [ 141.236059][T11196] loop1: detected capacity change from 0 to 128 [ 141.246432][T11196] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 141.262192][T11196] ext4 filesystem being mounted at /228/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 141.295411][T11187] IPVS: using max 2736 ests per chain, 136800 per kthread [ 141.323953][T11196] 9pnet_fd: p9_fd_create_unix (11196): address too long: ./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 141.368944][ T8333] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 141.492519][T11208] loop2: detected capacity change from 0 to 512 [ 141.521829][T11212] vcan0 speed is unknown, defaulting to 1000 [ 141.602296][T11221] No such timeout policy "syz0" [ 141.901434][T11255] bond0: (slave netdevsim1): Releasing backup interface [ 141.917617][T11258] loop1: detected capacity change from 0 to 512 [ 141.925201][T11255] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 141.934552][T11255] team0: Failed to send options change via netlink (err -105) [ 141.942038][T11255] team0: Port device netdevsim1 added [ 141.948539][T11258] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #15: comm syz.1.2519: casefold flag without casefold feature [ 141.961625][T11258] EXT4-fs (loop1): Remounting filesystem read-only [ 141.961725][T11243] team0: Port device netdevsim1 removed [ 141.969880][T11258] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.976082][T11243] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 141.988338][T11258] SELinux: (dev loop1, type ext4) getxattr errno 5 [ 142.006604][T11258] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.016609][T11251] team0: Failed to send options change via netlink (err -105) [ 142.025681][T11251] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 142.035229][T11251] team0: Port device netdevsim1 removed [ 142.043069][T11251] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 142.097366][T11270] loop1: detected capacity change from 0 to 2048 [ 142.118467][T11270] EXT4-fs error (device loop1): ext4_orphan_get:1420: comm syz.1.2523: bad orphan inode 8192 [ 142.146897][T11270] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.182421][ T8333] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.202469][T11292] bond0: (slave netdevsim1): Releasing backup interface [ 142.211514][T11292] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 142.222129][T11292] team0: Failed to send options change via netlink (err -105) [ 142.229636][T11292] team0: Port device netdevsim1 added [ 142.250248][T11291] team0: Port device netdevsim1 removed [ 142.261628][T11291] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 142.281595][T11292] team0: Failed to send options change via netlink (err -105) [ 142.291510][T11292] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 142.301004][T11292] team0: Port device netdevsim1 removed [ 142.310261][T11292] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 142.384941][T11313] loop2: detected capacity change from 0 to 4096 [ 142.431643][T11326] loop2: detected capacity change from 0 to 164 [ 142.440230][T11329] veth1_macvtap: left promiscuous mode [ 142.651177][T11351] loop3: detected capacity change from 0 to 1024 [ 142.677676][T11351] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.690649][T11355] wg0: entered allmulticast mode [ 142.702101][ T9754] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.719457][T11355] dvmrp8: entered allmulticast mode [ 142.726040][T11354] dvmrp8: left allmulticast mode [ 142.750568][T11359] __nla_validate_parse: 14 callbacks suppressed [ 142.750582][T11359] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2556'. [ 142.765904][T11359] bridge0: port 3(gretap0) entered blocking state [ 142.772427][T11359] bridge0: port 3(gretap0) entered disabled state [ 142.779019][T11359] gretap0: entered allmulticast mode [ 142.784891][T11359] gretap0: entered promiscuous mode [ 142.790195][T11359] bridge0: port 3(gretap0) entered blocking state [ 142.796679][T11359] bridge0: port 3(gretap0) entered forwarding state [ 143.155683][T11382] netlink: 164 bytes leftover after parsing attributes in process `syz.4.2564'. [ 143.178413][T11382] syz_tun: refused to change device tx_queue_len [ 143.185824][T11382] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2564'. [ 143.226898][T11385] team0: Failed to send options change via netlink (err -105) [ 143.234534][T11385] team0: Port device netdevsim1 added [ 143.254547][T11385] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 143.275167][T11385] team0: Failed to send options change via netlink (err -105) [ 143.288046][T11385] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 143.297947][T11385] team0: Port device netdevsim1 removed [ 143.306231][T11385] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 143.325590][T11399] netlink: 596 bytes leftover after parsing attributes in process `syz.1.2570'. [ 143.336722][T11401] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2571'. [ 143.350040][T11403] loop1: detected capacity change from 0 to 512 [ 143.353698][T11404] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11404 comm=syz.4.2567 [ 143.359615][T11403] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2234: inode #15: comm syz.1.2572: corrupted in-inode xattr: invalid ea_ino [ 143.382846][T11403] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.2572: couldn't read orphan inode 15 (err -117) [ 143.388343][T11407] validate_nla: 19 callbacks suppressed [ 143.388437][T11407] netlink: 'syz.3.2573': attribute type 6 has an invalid length. [ 143.396040][T11403] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.432920][T11403] EXT4-fs warning (device loop1): ext4_rename_delete:3738: inode #2: comm syz.1.2572: Deleting old file: nlink 4, error=-2 [ 143.463453][T11414] loop4: detected capacity change from 0 to 512 [ 143.471204][T11414] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #17: comm syz.4.2575: iget: bad i_size value: -2594073385365405596 [ 143.488961][T11414] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz.4.2575: couldn't read orphan inode 17 (err -117) [ 143.493910][ T8333] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.512143][T11420] netlink: 'syz.0.2577': attribute type 1 has an invalid length. [ 143.515155][T11414] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.523566][T11422] loop3: detected capacity change from 0 to 512 [ 143.546960][T11422] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.563957][T11422] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.582206][T11431] loop1: detected capacity change from 0 to 512 [ 143.592116][T11431] /dev/loop1: Can't open blockdev [ 143.595703][ T9754] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.599392][ T9459] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.613774][T11432] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2578'. [ 143.629792][T11431] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2578'. [ 143.630888][T11430] loop1: detected capacity change from 0 to 512 [ 143.724462][T11453] 9pnet_fd: Insufficient options for proto=fd [ 143.735826][T11455] loop3: detected capacity change from 0 to 256 [ 143.738227][T11459] loop4: detected capacity change from 0 to 512 [ 143.749240][T11459] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 143.764190][T11459] EXT4-fs (loop4): 1 truncate cleaned up [ 143.770206][T11459] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.813843][ T9459] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.900079][T11481] loop4: detected capacity change from 0 to 1024 [ 143.913328][T11481] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 143.922386][T11492] loop3: detected capacity change from 0 to 256 [ 143.929230][T11481] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 143.942807][T11492] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 143.972747][T11500] loop1: detected capacity change from 0 to 512 [ 143.981141][T11500] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 143.989611][T11500] EXT4-fs (loop1): inodes count not valid: 12 vs 32 [ 143.998028][T11497] netlink: 'syz.0.2602': attribute type 10 has an invalid length. [ 144.006247][ T9459] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.016312][T11497] bond0: (slave netdevsim1): Releasing backup interface [ 144.025100][T11497] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 144.035197][T11497] team0: Failed to send options change via netlink (err -105) [ 144.042706][T11497] team0: Port device netdevsim1 added [ 144.053186][T11497] netlink: 'syz.0.2602': attribute type 10 has an invalid length. [ 144.070489][T11497] team0: Failed to send options change via netlink (err -105) [ 144.078157][T11497] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 144.096340][T11497] team0: Port device netdevsim1 removed [ 144.107151][T11509] loop4: detected capacity change from 0 to 512 [ 144.108221][T11497] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 144.124553][T11509] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 144.133607][T11509] EXT4-fs (loop4): Couldn't mount because of unsupported optional features (fffc1829) [ 144.143335][T11509] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities [ 144.171583][T11517] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 144.196180][T11527] 9pnet_rdma: rdma_create_trans (11527): problem binding to privport: 13 [ 144.218376][T11531] netlink: 'syz.3.2616': attribute type 3 has an invalid length. [ 144.236174][T11509] loop4: detected capacity change from 0 to 512 [ 144.247052][T11509] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 144.266720][T11509] EXT4-fs (loop4): invalid journal inode [ 144.272446][ T4018] IPVS: starting estimator thread 0... [ 144.279707][T11509] EXT4-fs (loop4): can't get journal size [ 144.292948][T11509] EXT4-fs (loop4): 1 truncate cleaned up [ 144.305196][T11537] loop1: detected capacity change from 0 to 8192 [ 144.308689][T11509] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.334315][T11537] loop1: p2 p3 p4 [ 144.339444][ T9459] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.354279][T11537] loop1: p2 start 452985600 is beyond EOD, truncated [ 144.361060][T11537] loop1: p3 start 4177527808 is beyond EOD, truncated [ 144.365177][T11539] IPVS: using max 2352 ests per chain, 117600 per kthread [ 144.367938][T11537] loop1: p4 size 3599499392 extends beyond EOD, truncated [ 144.505129][T11586] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2639'. [ 144.554520][T11592] 9pnet_fd: Insufficient options for proto=fd [ 144.563059][T11596] netem: change failed [ 144.622992][T11604] netlink: 'syz.1.2644': attribute type 10 has an invalid length. [ 144.642430][T11577] loop3: detected capacity change from 0 to 2048 [ 144.651281][T11577] EXT4-fs (loop3): Invalid log block size: 2147483647 [ 144.675582][T11604] bond0: (slave netdevsim1): Releasing backup interface [ 144.684723][T11604] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 144.684818][T11604] team0: Failed to send options change via netlink (err -105) [ 144.684885][T11604] team0: Port device netdevsim1 added [ 144.689017][T11592] loop4: detected capacity change from 0 to 1024 [ 144.689290][T11592] EXT4-fs: quotafile must be on filesystem root [ 144.771845][ T29] kauditd_printk_skb: 38 callbacks suppressed [ 144.771938][ T29] audit: type=1326 audit(2000000081.150:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.0.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 144.781899][T11611] netlink: 'syz.1.2648': attribute type 8 has an invalid length. [ 144.802004][ T29] audit: type=1326 audit(2000000081.150:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.0.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 144.836314][ T29] audit: type=1326 audit(2000000081.150:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.0.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 144.859943][ T29] audit: type=1326 audit(2000000081.150:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.0.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 144.883464][ T29] audit: type=1326 audit(2000000081.150:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.0.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 144.907404][ T29] audit: type=1326 audit(2000000081.150:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.0.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 144.930946][ T29] audit: type=1326 audit(2000000081.150:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.0.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 144.936524][T11621] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 144.954422][ T29] audit: type=1326 audit(2000000081.150:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.0.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 144.962506][T11621] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 144.994462][ T29] audit: type=1326 audit(2000000081.150:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.0.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 145.018002][ T29] audit: type=1326 audit(2000000081.150:1417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11612 comm="syz.0.2649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 145.056065][T11625] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6160 sclass=netlink_route_socket pid=11625 comm=syz.0.2653 [ 145.115609][T11644] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2659'. [ 145.195305][T11652] netlink: 'syz.3.2662': attribute type 10 has an invalid length. [ 145.225309][T11652] bond0: (slave netdevsim1): Releasing backup interface [ 145.241157][T11652] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 145.253161][T11652] team0: Failed to send options change via netlink (err -105) [ 145.259824][T11669] loop1: detected capacity change from 0 to 8192 [ 145.260664][T11652] team0: Port device netdevsim1 added [ 145.278943][T11675] netlink: 'syz.3.2662': attribute type 10 has an invalid length. [ 145.296314][T11675] team0: Failed to send options change via netlink (err -105) [ 145.303881][T11675] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 145.313471][T11675] team0: Port device netdevsim1 removed [ 145.321579][T11675] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 145.474399][T11694] loop4: detected capacity change from 0 to 512 [ 145.494719][T11694] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.2675: bg 0: block 5: invalid block bitmap [ 145.546749][T11694] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 145.570860][T11706] loop2: detected capacity change from 0 to 512 [ 145.582579][T11694] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.2675: invalid indirect mapped block 3 (level 2) [ 145.602076][T11712] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2681'. [ 145.605079][T11694] EXT4-fs (loop4): 1 orphan inode deleted [ 145.616751][T11694] EXT4-fs (loop4): 1 truncate cleaned up [ 145.622850][T11694] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.676866][T11719] netlink: 'syz.2.2683': attribute type 3 has an invalid length. [ 145.721928][ T9459] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.746919][T11716] bond0: (slave netdevsim1): Releasing backup interface [ 145.766934][T11716] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 145.776326][T11716] team0: Failed to send options change via netlink (err -105) [ 145.783820][T11716] team0: Port device netdevsim1 added [ 145.811804][T11716] team0: Failed to send options change via netlink (err -105) [ 145.824640][T11716] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 145.838926][T11716] team0: Port device netdevsim1 removed [ 145.858359][T11716] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 145.871683][T11735] dvmrp8: entered allmulticast mode [ 145.880821][T11734] dvmrp8: left allmulticast mode [ 145.994261][T11751] loop1: detected capacity change from 0 to 2048 [ 146.007561][T11751] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 146.041094][ T8333] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.184934][T11771] loop1: detected capacity change from 0 to 128 [ 146.200948][T11771] FAT-fs (loop1): Unrecognized mount option "iocharsEt=cp863" or missing value [ 146.263615][T11781] bond0: (slave netdevsim1): Releasing backup interface [ 146.281423][T11781] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 146.290748][T11781] team0: Failed to send options change via netlink (err -105) [ 146.298300][T11781] team0: Port device netdevsim1 added [ 146.311639][T11781] team0: Failed to send options change via netlink (err -105) [ 146.319456][T11781] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 146.329110][T11781] team0: Port device netdevsim1 removed [ 146.336757][T11781] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 146.432257][T11797] loop1: detected capacity change from 0 to 128 [ 146.551881][T11813] bond0: (slave netdevsim1): Releasing backup interface [ 146.560688][T11813] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 146.570293][T11813] team0: Failed to send options change via netlink (err -105) [ 146.577786][T11813] team0: Port device netdevsim1 added [ 146.587933][T11813] team0: Failed to send options change via netlink (err -105) [ 146.595538][T11813] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 146.605347][T11813] team0: Port device netdevsim1 removed [ 146.613360][T11813] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 146.964776][T11847] tmpfs: Bad value for 'nr_inodes' [ 147.085697][T11863] loop3: detected capacity change from 0 to 2048 [ 147.094476][T11865] loop4: detected capacity change from 0 to 1024 [ 147.102061][T11865] ext4: Unknown parameter 'nobarri./file0' [ 147.121602][T11863] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.299585][T11883] FAULT_INJECTION: forcing a failure. [ 147.299585][T11883] name failslab, interval 1, probability 0, space 0, times 0 [ 147.312378][T11883] CPU: 1 PID: 11883 Comm: syz.1.2737 Not tainted 6.10.0-rc7-syzkaller-00012-g34afb82a3c67 #0 [ 147.322544][T11883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 147.332649][T11883] Call Trace: [ 147.335931][T11883] [ 147.338870][T11883] dump_stack_lvl+0xf2/0x150 [ 147.343564][T11883] dump_stack+0x15/0x20 [ 147.347809][T11883] should_fail_ex+0x229/0x230 [ 147.352523][T11883] ? __alloc_skb+0x10b/0x300 [ 147.357228][T11883] __should_failslab+0x92/0xa0 [ 147.361992][T11883] should_failslab+0x9/0x20 [ 147.366569][T11883] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 147.372394][T11883] __alloc_skb+0x10b/0x300 [ 147.376821][T11883] netlink_alloc_large_skb+0xad/0xe0 [ 147.382129][T11883] netlink_sendmsg+0x3b4/0x6e0 [ 147.386916][T11883] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.392234][T11883] __sock_sendmsg+0x140/0x180 [ 147.396958][T11883] ____sys_sendmsg+0x312/0x410 [ 147.401734][T11883] __sys_sendmsg+0x1e9/0x280 [ 147.406340][T11883] __x64_sys_sendmsg+0x46/0x50 [ 147.411117][T11883] x64_sys_call+0xb25/0x2d70 [ 147.415785][T11883] do_syscall_64+0xc9/0x1c0 [ 147.420319][T11883] ? clear_bhb_loop+0x55/0xb0 [ 147.425017][T11883] ? clear_bhb_loop+0x55/0xb0 [ 147.429698][T11883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.435711][T11883] RIP: 0033:0x7f29dfa03bd9 [ 147.440128][T11883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.459807][T11883] RSP: 002b:00007f29dec85048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 147.468251][T11883] RAX: ffffffffffffffda RBX: 00007f29dfb91f60 RCX: 00007f29dfa03bd9 [ 147.476249][T11883] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 147.484269][T11883] RBP: 00007f29dec850a0 R08: 0000000000000000 R09: 0000000000000000 [ 147.492245][T11883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 147.500264][T11883] R13: 000000000000000b R14: 00007f29dfb91f60 R15: 00007ffee67848c8 [ 147.508232][T11883] [ 147.526481][T11879] vcan0 speed is unknown, defaulting to 1000 [ 147.564230][T10726] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 147.595351][T10726] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 147.607971][T10726] EXT4-fs (loop3): This should not happen!! Data will be lost [ 147.607971][T10726] [ 147.617635][T10726] EXT4-fs (loop3): Total free blocks count 0 [ 147.617647][T10726] EXT4-fs (loop3): Free/Dirty block details [ 147.617657][T10726] EXT4-fs (loop3): free_blocks=2415919104 [ 147.617667][T10726] EXT4-fs (loop3): dirty_blocks=8192 [ 147.617677][T10726] EXT4-fs (loop3): Block reservation details [ 147.617688][T10726] EXT4-fs (loop3): i_reserved_data_blocks=512 [ 147.675904][T10726] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 147.695112][T11879] chnl_net:caif_netlink_parms(): no params data found [ 147.761913][T11879] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.769268][T11879] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.776890][T11879] bridge_slave_0: entered allmulticast mode [ 147.783325][T11879] bridge_slave_0: entered promiscuous mode [ 147.792036][T11879] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.799133][T11879] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.806467][T11879] bridge_slave_1: entered allmulticast mode [ 147.812816][T11879] bridge_slave_1: entered promiscuous mode [ 147.835706][T11879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.848490][T11879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.882152][T11879] team0: Port device team_slave_0 added [ 147.886701][T11920] loop3: detected capacity change from 0 to 512 [ 147.892033][T11879] team0: Port device team_slave_1 added [ 147.909673][T11879] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 147.916734][T11879] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.918186][T11920] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.942611][T11879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 147.943332][T11879] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 147.972531][T11920] ext4 filesystem being mounted at /88/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.972820][T11879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.992877][T11925] loop2: detected capacity change from 0 to 256 [ 148.009011][T11879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.050703][T11928] loop1: detected capacity change from 0 to 512 [ 148.058574][T11928] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #15: comm syz.1.2751: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 148.060554][T11879] hsr_slave_0: entered promiscuous mode [ 148.078874][T11928] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.2751: couldn't read orphan inode 15 (err -117) [ 148.094434][T11879] hsr_slave_1: entered promiscuous mode [ 148.100795][T11928] EXT4-fs (loop1): mounted filesystem ffffff7f-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.103128][T11930] proc: Bad value for 'gid' [ 148.112841][T11879] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 148.118356][T11925] loop2: detected capacity change from 0 to 256 [ 148.125127][T11928] ext4 filesystem being mounted at /288/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.135290][T11879] Cannot create hsr debugfs directory [ 148.157865][ T8333] EXT4-fs (loop1): unmounting filesystem ffffff7f-0000-0000-0000-000000000000. [ 148.215602][T11879] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.268409][T11879] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.295766][T11955] loop1: detected capacity change from 0 to 128 [ 148.316461][T11879] bond0: (slave netdevsim1): Releasing backup interface [ 148.325702][T11879] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.373698][T11962] __nla_validate_parse: 6 callbacks suppressed [ 148.373709][T11962] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2766'. [ 148.404954][T11879] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.421486][T11967] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2769'. [ 148.468058][T11967] loop1: detected capacity change from 0 to 1024 [ 148.482631][T11879] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 148.492313][T11979] tipc: Started in network mode [ 148.497262][T11979] tipc: Node identity 1, cluster identity 4711 [ 148.503433][T11979] tipc: Node number set to 1 [ 148.509810][T11967] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.510004][T11979] tipc: Cannot configure node identity twice [ 148.530796][T11879] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 148.540022][T11879] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 148.548737][T11879] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 148.559513][T11985] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2775'. [ 148.600865][T11879] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.619700][T11879] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.634191][ T4018] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.641267][ T4018] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.667381][ T4018] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.674570][ T4018] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.696164][ T9754] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /88/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 148.709125][T11879] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 148.732297][T12000] validate_nla: 11 callbacks suppressed [ 148.732312][T12000] netlink: 'syz.1.2782': attribute type 29 has an invalid length. [ 148.734165][ T9754] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /88/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 148.761097][T12000] netlink: 'syz.1.2782': attribute type 29 has an invalid length. [ 148.777184][T11989] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2778'. [ 148.777307][ T9754] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /88/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 148.808901][ T9754] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /88/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 148.809111][T12000] netlink: 'syz.1.2782': attribute type 29 has an invalid length. [ 148.841484][T12000] netlink: 500 bytes leftover after parsing attributes in process `syz.1.2782'. [ 148.851065][ T9754] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /88/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 148.865382][T11879] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 148.880761][ T9754] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /88/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 148.921593][T12017] netlink: 'syz.2.2787': attribute type 1 has an invalid length. [ 148.923524][ T9754] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /88/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 148.945205][T12017] 8021q: adding VLAN 0 to HW filter on device bond1 [ 148.986939][ T9754] EXT4-fs error (device loop3): ext4_map_blocks:580: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1) [ 149.039236][T12036] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2791'. [ 149.058046][T11879] veth0_vlan: entered promiscuous mode [ 149.069082][T11879] veth1_vlan: entered promiscuous mode [ 149.093385][T12038] netlink: 'syz.2.2790': attribute type 10 has an invalid length. [ 149.105747][T12038] bond0: (slave netdevsim1): Releasing backup interface [ 149.114824][T12038] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 149.124611][T12038] team0: Failed to send options change via netlink (err -105) [ 149.132101][T12038] team0: Port device netdevsim1 added [ 149.141103][T12046] netlink: 'syz.2.2790': attribute type 10 has an invalid length. [ 149.170798][T12046] team0: Failed to send options change via netlink (err -105) [ 149.180171][T12046] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 149.190337][T12046] team0: Port device netdevsim1 removed [ 149.198801][T12048] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2793'. [ 149.216575][T12046] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 149.245996][T11879] veth0_macvtap: entered promiscuous mode [ 149.252752][T12052] netlink: 'syz.0.2794': attribute type 27 has an invalid length. [ 149.320342][T12052] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.327580][T12052] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.418930][T12052] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 149.436175][T12052] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 149.492920][T12052] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.501938][T12052] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.510895][T12052] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.519863][T12052] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.542303][T12058] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.549515][T12058] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.562603][ T6888] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.581950][T11879] veth1_macvtap: entered promiscuous mode [ 149.609469][ T6888] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.634936][T11879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.645456][T11879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.655445][T11879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.666082][T11879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.676047][T11879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.686645][T11879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.696610][T11879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.707086][T11879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.708272][T12075] SELinux: Context Ü is not valid (left unmapped). [ 149.717072][T11879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.734113][T11879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.744102][T11879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.754548][T11879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.782059][T11879] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 149.792486][ T6888] bond0: (slave netdevsim1): Releasing backup interface [ 149.801840][ T6888] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.816907][T11879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.827484][T11879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.837377][T11879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.847845][T11879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.857750][T11879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.868178][T11879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.878073][T11879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.888625][T11879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.898472][T11879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.908905][T11879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.918854][T11879] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.929345][T11879] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.948469][T11879] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 149.962840][T12081] netlink: 'syz.2.2804': attribute type 10 has an invalid length. [ 149.984969][T12081] bond0: (slave netdevsim1): Releasing backup interface [ 150.002505][T12081] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 150.011854][T12081] team0: Failed to send options change via netlink (err -105) [ 150.019568][T12081] team0: Port device netdevsim1 added [ 150.029997][ T6888] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.036852][T12093] loop1: detected capacity change from 0 to 512 [ 150.047447][T12090] netlink: 'syz.2.2804': attribute type 10 has an invalid length. [ 150.060328][T12090] team0: Failed to send options change via netlink (err -105) [ 150.068167][T12090] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 150.069437][T12093] ext4 filesystem being mounted at /306/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.078065][T12090] team0: Port device netdevsim1 removed [ 150.098314][T12090] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 150.107915][T11879] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.116758][T11879] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.125576][T11879] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.134449][T11879] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.155239][T12060] vcan0 speed is unknown, defaulting to 1000 [ 150.161784][T12099] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2808'. [ 150.200841][T12104] FAULT_INJECTION: forcing a failure. [ 150.200841][T12104] name failslab, interval 1, probability 0, space 0, times 0 [ 150.213800][T12104] CPU: 1 PID: 12104 Comm: syz.2.2809 Not tainted 6.10.0-rc7-syzkaller-00012-g34afb82a3c67 #0 [ 150.224004][T12104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 150.225087][T12101] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2807'. [ 150.234094][T12104] Call Trace: [ 150.234104][T12104] [ 150.234112][T12104] dump_stack_lvl+0xf2/0x150 [ 150.234149][T12104] dump_stack+0x15/0x20 [ 150.257897][T12104] should_fail_ex+0x229/0x230 [ 150.262686][T12104] ? __alloc_skb+0x10b/0x300 [ 150.267345][T12104] __should_failslab+0x92/0xa0 [ 150.272121][T12104] should_failslab+0x9/0x20 [ 150.276693][T12104] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 150.282511][T12104] __alloc_skb+0x10b/0x300 [ 150.286954][T12104] netlink_alloc_large_skb+0xad/0xe0 [ 150.292244][T12104] netlink_sendmsg+0x3b4/0x6e0 [ 150.297101][T12104] ? __pfx_netlink_sendmsg+0x10/0x10 [ 150.302391][T12104] __sock_sendmsg+0x140/0x180 [ 150.307081][T12104] ____sys_sendmsg+0x312/0x410 [ 150.311882][T12104] __sys_sendmsg+0x1e9/0x280 [ 150.316483][T12104] __x64_sys_sendmsg+0x46/0x50 [ 150.321247][T12104] x64_sys_call+0xb25/0x2d70 [ 150.325914][T12104] do_syscall_64+0xc9/0x1c0 [ 150.330463][T12104] ? clear_bhb_loop+0x55/0xb0 [ 150.335196][T12104] ? clear_bhb_loop+0x55/0xb0 [ 150.339876][T12104] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.345829][T12104] RIP: 0033:0x7fbe86d1ebd9 [ 150.350260][T12104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.369879][T12104] RSP: 002b:00007fbe85fa0048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 150.378288][T12104] RAX: ffffffffffffffda RBX: 00007fbe86eacf60 RCX: 00007fbe86d1ebd9 [ 150.386389][T12104] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000005 [ 150.394350][T12104] RBP: 00007fbe85fa00a0 R08: 0000000000000000 R09: 0000000000000000 [ 150.402396][T12104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 150.410357][T12104] R13: 000000000000000b R14: 00007fbe86eacf60 R15: 00007ffc8981a338 [ 150.418403][T12104] [ 150.446705][ T6888] gretap0: left allmulticast mode [ 150.451762][ T6888] gretap0: left promiscuous mode [ 150.456838][ T6888] bridge0: port 3(gretap0) entered disabled state [ 150.466430][ T6888] bridge_slave_1: left allmulticast mode [ 150.472292][ T6888] bridge_slave_1: left promiscuous mode [ 150.475676][T12107] loop4: detected capacity change from 0 to 256 [ 150.478357][ T6888] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.492437][ T6888] bridge_slave_0: left allmulticast mode [ 150.498229][ T6888] bridge_slave_0: left promiscuous mode [ 150.503983][ T6888] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.648073][ T6888] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 150.665598][ T6888] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 150.681402][ T6888] bond0 (unregistering): Released all slaves [ 150.694052][T12111] batman_adv: batadv0: Adding interface: ipvlan2 [ 150.700466][T12111] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.725913][T12111] batman_adv: batadv0: Interface activated: ipvlan2 [ 150.746491][T12107] geneve2: entered promiscuous mode [ 150.748229][T12131] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2817'. [ 150.751690][T12107] geneve2: entered allmulticast mode [ 150.835648][ T6888] dummy0: left promiscuous mode [ 150.841719][ T6888] batadv0: left promiscuous mode [ 150.848767][ T6888] hsr_slave_0: left promiscuous mode [ 150.861372][ T6888] hsr_slave_1: left promiscuous mode [ 150.867721][ T6888] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 150.875364][ T6888] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 150.885277][ T6888] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.885307][ T6888] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.893085][ T6888] veth1_macvtap: left promiscuous mode [ 150.905722][ T6888] veth1_vlan: left promiscuous mode [ 150.905830][ T6888] veth0_vlan: left promiscuous mode [ 151.015751][ T6888] team0 (unregistering): Port device team_slave_1 removed [ 151.026211][ T6888] team0 (unregistering): Port device team_slave_0 removed [ 151.063222][T12143] netlink: 'syz.1.2821': attribute type 10 has an invalid length. [ 151.075721][T12151] team0: Port device netdevsim1 removed [ 151.082980][T12151] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 151.100296][T12060] chnl_net:caif_netlink_parms(): no params data found [ 151.139913][ T4018] IPVS: starting estimator thread 0... [ 151.163774][T12060] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.171073][T12060] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.178699][T12060] bridge_slave_0: entered allmulticast mode [ 151.186049][T12060] bridge_slave_0: entered promiscuous mode [ 151.199959][T12060] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.207293][T12060] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.240329][T12060] bridge_slave_1: entered allmulticast mode [ 151.254125][T12175] IPVS: using max 2304 ests per chain, 115200 per kthread [ 151.257447][T12060] bridge_slave_1: entered promiscuous mode [ 151.290492][T12060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 151.309758][T12060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 151.326363][T12211] loop4: detected capacity change from 0 to 2048 [ 151.341848][T12060] team0: Port device team_slave_0 added [ 151.359889][T12060] team0: Port device team_slave_1 added [ 151.387924][ T6888] IPVS: stop unused estimator thread 0... [ 151.400566][T12220] bond0: (slave netdevsim1): Releasing backup interface [ 151.427572][T12220] team0: Port device netdevsim1 added [ 151.433868][T12060] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 151.440871][T12060] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.466915][T12060] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 151.490025][T12060] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 151.497043][T12060] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.522983][T12060] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 151.595375][T12060] hsr_slave_0: entered promiscuous mode [ 151.595891][T12060] hsr_slave_1: entered promiscuous mode [ 151.601635][T12060] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 151.601649][T12060] Cannot create hsr debugfs directory [ 151.686997][ T29] kauditd_printk_skb: 16 callbacks suppressed [ 151.687066][ T29] audit: type=1326 audit(2000000088.070:1434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12260 comm="syz.2.2854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe86d1ebd9 code=0x7ffc0000 [ 151.701718][T12242] loop4: detected capacity change from 0 to 8192 [ 151.716837][ T29] audit: type=1326 audit(2000000088.070:1435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12260 comm="syz.2.2854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe86d1ebd9 code=0x7ffc0000 [ 151.766765][ T29] audit: type=1326 audit(2000000088.110:1436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12260 comm="syz.2.2854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe86d1ebd9 code=0x7ffc0000 [ 151.774601][T12242] loop4: p1 p2 p4 [ 151.790297][ T29] audit: type=1326 audit(2000000088.110:1437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12260 comm="syz.2.2854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe86d1ebd9 code=0x7ffc0000 [ 151.797981][T12242] loop4: p1 size 108922248 extends beyond EOD, [ 151.817665][ T29] audit: type=1326 audit(2000000088.110:1438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12260 comm="syz.2.2854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe86d1ebd9 code=0x7ffc0000 [ 151.823924][T12242] truncated [ 151.850871][ T29] audit: type=1326 audit(2000000088.110:1439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12260 comm="syz.2.2854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe86d1ebd9 code=0x7ffc0000 [ 151.874622][ T29] audit: type=1326 audit(2000000088.110:1440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12260 comm="syz.2.2854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe86d1ebd9 code=0x7ffc0000 [ 151.874718][ T29] audit: type=1326 audit(2000000088.110:1441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12260 comm="syz.2.2854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fbe86d1ebd9 code=0x7ffc0000 [ 151.874746][ T29] audit: type=1326 audit(2000000088.110:1442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12260 comm="syz.2.2854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe86d1ebd9 code=0x7ffc0000 [ 151.901904][T12242] loop4: p2 start 861536256 is beyond EOD, truncated [ 151.901959][T12242] loop4: p4 start 4194304 is beyond EOD, truncated [ 152.103920][T12060] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 152.116391][T12060] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 152.125607][T12310] siw: device registration error -23 [ 152.127531][T12060] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 152.140715][T12060] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 152.188655][T12060] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.202021][T12060] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.217656][ T4018] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.224798][ T4018] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.250462][T12060] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 152.260874][T12060] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 152.275404][ T29] audit: type=1400 audit(2000000088.650:1443): avc: denied { read } for pid=2769 comm="acpid" name="event5" dev="devtmpfs" ino=568 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 152.275638][ T4017] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.304182][ T4017] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.375179][T12327] FAULT_INJECTION: forcing a failure. [ 152.375179][T12327] name failslab, interval 1, probability 0, space 0, times 0 [ 152.387892][T12327] CPU: 1 PID: 12327 Comm: syz.0.2873 Not tainted 6.10.0-rc7-syzkaller-00012-g34afb82a3c67 #0 [ 152.398101][T12327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 152.408152][T12327] Call Trace: [ 152.411518][T12327] [ 152.414489][T12327] dump_stack_lvl+0xf2/0x150 [ 152.419160][T12327] dump_stack+0x15/0x20 [ 152.423347][T12327] should_fail_ex+0x229/0x230 [ 152.428092][T12327] ? security_inode_alloc+0x32/0xd0 [ 152.433362][T12327] __should_failslab+0x92/0xa0 [ 152.438198][T12327] should_failslab+0x9/0x20 [ 152.442710][T12327] kmem_cache_alloc_noprof+0x4c/0x290 [ 152.448118][T12327] security_inode_alloc+0x32/0xd0 [ 152.453261][T12327] inode_init_always+0x428/0x470 [ 152.458202][T12327] ? __pfx_rpc_alloc_inode+0x10/0x10 [ 152.463545][T12327] alloc_inode+0x7d/0x160 [ 152.467907][T12327] new_inode+0x1d/0x130 [ 152.472069][T12327] __rpc_create_common+0x3f/0x1b0 [ 152.477138][T12327] __rpc_mkdir+0x2e/0x140 [ 152.481506][T12327] rpc_populate+0x15a/0x3b0 [ 152.486045][T12327] ? __pfx_rpc_fill_super+0x10/0x10 [ 152.491291][T12327] rpc_fill_super+0x194/0x4d0 [ 152.495993][T12327] ? __pfx_set_anon_super_fc+0x10/0x10 [ 152.501459][T12327] ? __pfx_rpc_fill_super+0x10/0x10 [ 152.506675][T12327] get_tree_keyed+0x95/0x110 [ 152.511266][T12327] rpc_fs_get_tree+0x66/0xa0 [ 152.515932][T12327] vfs_get_tree+0x56/0x1d0 [ 152.520434][T12327] vfs_cmd_create+0xb9/0x170 [ 152.525034][T12327] __se_sys_fsconfig+0x5f8/0x8f0 [ 152.530028][T12327] __x64_sys_fsconfig+0x67/0x80 [ 152.534926][T12327] x64_sys_call+0x115e/0x2d70 [ 152.539637][T12327] do_syscall_64+0xc9/0x1c0 [ 152.544186][T12327] ? clear_bhb_loop+0x55/0xb0 [ 152.548920][T12327] ? clear_bhb_loop+0x55/0xb0 [ 152.553627][T12327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.559549][T12327] RIP: 0033:0x7f0433a11bd9 [ 152.563976][T12327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.583589][T12327] RSP: 002b:00007f0432c51048 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 152.592026][T12327] RAX: ffffffffffffffda RBX: 00007f0433ba0110 RCX: 00007f0433a11bd9 [ 152.600007][T12327] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 152.608017][T12327] RBP: 00007f0432c510a0 R08: 0000000000000000 R09: 0000000000000000 [ 152.615999][T12327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 152.624035][T12327] R13: 000000000000006e R14: 00007f0433ba0110 R15: 00007ffe8a963188 [ 152.632114][T12327] [ 152.635632][T12327] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd4_cb [ 152.646113][T12327] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 152.685461][T12060] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.798373][T12060] veth0_vlan: entered promiscuous mode [ 152.817619][T12352] dvmrp8: entered allmulticast mode [ 152.823837][T12060] veth1_vlan: entered promiscuous mode [ 152.833824][T12351] dvmrp8: left allmulticast mode [ 152.862276][T12060] veth0_macvtap: entered promiscuous mode [ 152.872935][T12060] veth1_macvtap: entered promiscuous mode [ 152.883695][T12060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.894262][T12060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.904123][T12060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.914717][T12060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.924533][T12060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.935005][T12060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.944902][T12060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.955378][T12060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.965289][T12060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.975724][T12060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.985573][T12060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.996005][T12060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.013136][T12060] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 153.022362][T12060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.032850][T12060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.042688][T12060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.053171][T12060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.063034][T12060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.073554][T12060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.083498][T12060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.094025][T12060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.103959][T12060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.114519][T12060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.124532][T12060] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 153.134988][T12060] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.148042][T12060] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 153.176433][T12060] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.185339][T12060] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.194182][T12060] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.202889][T12060] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.277553][T12394] openvswitch: netlink: Tunnel attr 3599 out of range max 16 [ 153.302179][T12402] x_tables: duplicate underflow at hook 2 [ 153.370364][T12404] dvmrp8: entered allmulticast mode [ 153.376362][T12403] dvmrp8: left allmulticast mode [ 153.418323][T12422] __nla_validate_parse: 11 callbacks suppressed [ 153.418336][T12422] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2911'. [ 153.467049][T12428] sctp: [Deprecated]: syz.0.2914 (pid 12428) Use of struct sctp_assoc_value in delayed_ack socket option. [ 153.467049][T12428] Use struct sctp_sack_info instead [ 153.524454][T12435] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2916'. [ 153.559142][T12443] loop3: detected capacity change from 0 to 512 [ 153.566588][T12443] EXT4-fs (loop3): corrupt root inode, run e2fsck [ 153.573238][T12443] EXT4-fs (loop3): mount failed [ 153.619564][T12447] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2920'. [ 153.631958][T12443] loop3: detected capacity change from 0 to 256 [ 153.639510][T12443] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 153.718582][T12454] loop1: detected capacity change from 0 to 1024 [ 153.726435][T12454] EXT4-fs (loop1): unsupported inode size: 0 [ 153.732465][T12454] EXT4-fs (loop1): blocksize: 1024 [ 153.740608][T12452] tipc: Trying to set illegal importance in message [ 153.776361][T12463] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2925'. [ 153.807630][T12469] loop2: detected capacity change from 0 to 512 [ 153.827517][T12474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2931'. [ 153.956405][T12492] loop1: detected capacity change from 0 to 512 [ 153.985803][T12494] bond0: (slave bond_slave_0): Releasing backup interface [ 153.986713][T12492] ext4 filesystem being mounted at /338/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.067629][T12504] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2943'. [ 154.096262][T12506] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2939'. [ 154.120426][T12517] validate_nla: 5 callbacks suppressed [ 154.120438][T12517] netlink: 'syz.1.2946': attribute type 10 has an invalid length. [ 154.133757][T12517] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2946'. [ 154.142918][T12517] bridge0: port 3(gretap0) entered blocking state [ 154.149518][T12517] bridge0: port 3(gretap0) entered disabled state [ 154.156878][T12517] gretap0: entered allmulticast mode [ 154.162980][T12517] gretap0: entered promiscuous mode [ 154.171038][T12517] bridge0: port 3(gretap0) entered blocking state [ 154.177607][T12517] bridge0: port 3(gretap0) entered forwarding state [ 154.188018][T12522] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2948'. [ 154.233856][T12524] loop2: detected capacity change from 0 to 8192 [ 154.266156][T12526] loop1: detected capacity change from 0 to 128 [ 154.333807][T12532] loop2: detected capacity change from 0 to 2048 [ 154.360364][T12542] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2957'. [ 154.390671][T12532] can: request_module (can-proto-0) failed. [ 154.421360][T12560] netlink: 'syz.1.2961': attribute type 6 has an invalid length. [ 154.524571][T12577] netlink: 'syz.2.2967': attribute type 1 has an invalid length. [ 155.017623][T12590] loop2: detected capacity change from 0 to 256 [ 155.059750][T12590] loop2: detected capacity change from 0 to 1024 [ 155.106586][T12590] program syz.2.2972 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 155.252414][T12607] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12607 comm=syz.4.2976 [ 155.890741][T12629] netlink: 'syz.3.2982': attribute type 11 has an invalid length. [ 155.911510][T12631] loop3: detected capacity change from 0 to 1024 [ 155.919183][T12631] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 156.054136][T12637] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12637 comm=syz.3.2984 [ 156.068794][T12641] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 156.238116][T12661] netlink: 'syz.1.2995': attribute type 10 has an invalid length. [ 156.250265][T12665] loop4: detected capacity change from 0 to 512 [ 156.258837][T12669] loop3: detected capacity change from 0 to 2048 [ 156.266120][T12661] bond0: (slave netdevsim1): Releasing backup interface [ 156.267355][T12669] EXT4-fs: Ignoring removed i_version option [ 156.279663][T12669] EXT4-fs (loop3): unsupported descriptor size 1344 [ 156.280910][T12661] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 156.295229][T12665] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #4: comm syz.4.2997: pblk 19 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 156.295488][T12665] EXT4-fs error (device loop4): ext4_quota_enable:7037: comm syz.4.2997: Bad quota inode: 4, type: 1 [ 156.313288][T12661] team0: Failed to send options change via netlink (err -105) [ 156.329077][T12665] EXT4-fs warning (device loop4): ext4_enable_quotas:7078: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 156.331583][T12661] team0: Port device netdevsim1 added [ 156.347964][T12665] EXT4-fs (loop4): mount failed [ 156.352816][T12664] netlink: 'syz.0.2996': attribute type 10 has an invalid length. [ 156.365341][T12664] bond0: (slave netdevsim1): Releasing backup interface [ 156.373927][T12664] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 156.383195][T12664] team0: Failed to send options change via netlink (err -105) [ 156.390763][T12664] team0: Port device netdevsim1 added [ 156.396923][T12673] netlink: 'syz.1.2995': attribute type 10 has an invalid length. [ 156.411074][T12682] program syz.2.3000 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 156.425328][T12673] team0: Failed to send options change via netlink (err -105) [ 156.440392][T12673] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 156.463679][T12673] team0: Port device netdevsim1 removed [ 156.470721][T12684] loop2: detected capacity change from 0 to 128 [ 156.480224][T12673] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 156.496195][T12686] vcan0 speed is unknown, defaulting to 1000 [ 156.587662][T12680] loop3: detected capacity change from 0 to 2048 [ 156.597645][T12680] EXT4-fs (loop3): Invalid log block size: 4294934529 [ 156.606857][T12702] netlink: 'syz.1.3006': attribute type 1 has an invalid length. [ 156.636728][T12709] netlink: 'syz.2.3009': attribute type 8 has an invalid length. [ 156.801192][T12721] netlink: 'syz.3.3013': attribute type 10 has an invalid length. [ 156.803534][T12704] FAULT_INJECTION: forcing a failure. [ 156.803534][T12704] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 156.809786][T12721] team0: Device netdevsim1 is up. Set it down before adding it as a team port [ 156.822146][T12704] CPU: 1 PID: 12704 Comm: syz.4.3007 Not tainted 6.10.0-rc7-syzkaller-00012-g34afb82a3c67 #0 [ 156.841131][T12704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 156.851187][T12704] Call Trace: [ 156.854475][T12704] [ 156.857427][T12704] dump_stack_lvl+0xf2/0x150 [ 156.862056][T12704] dump_stack+0x15/0x20 [ 156.866271][T12704] should_fail_ex+0x229/0x230 [ 156.870969][T12704] should_fail+0xb/0x10 [ 156.875201][T12704] should_fail_usercopy+0x1a/0x20 [ 156.880238][T12704] copy_page_from_iter_atomic+0x22a/0xda0 [ 156.885995][T12704] ? shmem_write_begin+0xa0/0x1c0 [ 156.891135][T12704] ? shmem_write_begin+0x10c/0x1c0 [ 156.896376][T12704] generic_perform_write+0x21a/0x410 [ 156.901838][T12704] ? __pfx_shmem_write_end+0x10/0x10 [ 156.907241][T12704] shmem_file_write_iter+0xc8/0xf0 [ 156.912426][T12704] vfs_write+0x78f/0x900 [ 156.916695][T12704] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 156.922499][T12704] ksys_write+0xeb/0x1b0 [ 156.926805][T12704] __x64_sys_write+0x42/0x50 [ 156.931452][T12704] x64_sys_call+0x27ef/0x2d70 [ 156.936191][T12704] do_syscall_64+0xc9/0x1c0 [ 156.940757][T12704] ? clear_bhb_loop+0x55/0xb0 [ 156.945547][T12704] ? clear_bhb_loop+0x55/0xb0 [ 156.950293][T12704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.956242][T12704] RIP: 0033:0x7f996346075f [ 156.960653][T12704] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 156.980255][T12704] RSP: 002b:00007f99626e2e00 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 156.988731][T12704] RAX: ffffffffffffffda RBX: 0000000000100000 RCX: 00007f996346075f [ 156.996773][T12704] RDX: 0000000000100000 RSI: 00007f995a2c3000 RDI: 0000000000000006 [ 157.004738][T12704] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000789 [ 157.012701][T12704] R10: 00000000000003c0 R11: 0000000000000293 R12: 0000000000000006 [ 157.020734][T12704] R13: 00007f99626e2f00 R14: 00007f99626e2ec0 R15: 00007f995a2c3000 [ 157.028703][T12704] [ 157.036554][T12731] 9pnet_fd: p9_fd_create_tcp (12731): problem connecting socket to 127.0.0.1 [ 157.053093][T12704] loop4: detected capacity change from 0 to 2048 [ 157.060674][T12730] bond0: (slave netdevsim1): Releasing backup interface [ 157.071467][T12730] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 157.080656][T12730] team0: Failed to send options change via netlink (err -105) [ 157.088186][T12730] team0: Port device netdevsim1 added [ 157.125890][T12723] team0: Failed to send options change via netlink (err -105) [ 157.133529][T12723] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 157.143168][T12723] team0: Port device netdevsim1 removed [ 157.152471][T12723] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 157.229002][T12744] batadv_slave_1: entered promiscuous mode [ 157.270534][T12754] loop4: detected capacity change from 0 to 512 [ 157.276467][T12756] team0: Device netdevsim1 is up. Set it down before adding it as a team port [ 157.298677][T12754] ext4 filesystem being mounted at /39/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 157.316043][T12743] batadv_slave_1: left promiscuous mode [ 157.341222][T12766] team0: Failed to send options change via netlink (err -105) [ 157.348753][T12766] team0: Port device netdevsim1 added [ 157.363596][T12766] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 157.377696][T12766] team0: Failed to send options change via netlink (err -105) [ 157.385486][T12766] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 157.395229][T12766] team0: Port device netdevsim1 removed [ 157.403359][T12766] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 157.412687][ T29] kauditd_printk_skb: 17 callbacks suppressed [ 157.412701][ T29] audit: type=1326 audit(2000000093.800:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.0.3031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 157.442315][ T29] audit: type=1326 audit(2000000093.800:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.0.3031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 157.466046][ T29] audit: type=1326 audit(2000000093.800:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.0.3031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 157.489608][ T29] audit: type=1326 audit(2000000093.800:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.0.3031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 157.513237][ T29] audit: type=1326 audit(2000000093.800:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.0.3031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 157.536793][ T29] audit: type=1326 audit(2000000093.800:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.0.3031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 157.560278][ T29] audit: type=1326 audit(2000000093.800:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.0.3031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 157.583768][ T29] audit: type=1326 audit(2000000093.800:1468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.0.3031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 157.607554][ T29] audit: type=1326 audit(2000000093.800:1469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.0.3031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 157.631235][ T29] audit: type=1326 audit(2000000093.800:1470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.0.3031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f0433a11bd9 code=0x7ffc0000 [ 157.656482][T12782] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 157.656587][T12771] team0: Port device netdevsim1 removed [ 157.672623][T12771] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 157.688455][T12779] bond1: entered promiscuous mode [ 157.698776][T12782] vlan2: entered promiscuous mode [ 157.704176][T12782] team0: entered promiscuous mode [ 157.709410][T12782] team_slave_0: entered promiscuous mode [ 157.715146][T12782] team_slave_1: entered promiscuous mode [ 157.720930][T12782] vlan2: entered allmulticast mode [ 157.726168][T12782] team0: entered allmulticast mode [ 157.731343][T12782] team_slave_0: entered allmulticast mode [ 157.737231][T12782] team_slave_1: entered allmulticast mode [ 157.745271][T12782] team0: left allmulticast mode [ 157.750224][T12782] team_slave_0: left allmulticast mode [ 157.755741][T12782] team_slave_1: left allmulticast mode [ 157.761457][T12782] team0: left promiscuous mode [ 157.766359][T12782] team_slave_0: left promiscuous mode [ 157.772001][T12782] team_slave_1: left promiscuous mode [ 157.800924][T12779] ip6gretap1: entered promiscuous mode [ 157.806864][T12779] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 157.819686][T12790] bond0: (slave netdevsim1): Releasing backup interface [ 157.830133][T12790] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 157.839417][T12790] team0: Failed to send options change via netlink (err -105) [ 157.846896][T12790] team0: Port device netdevsim1 added [ 157.906175][T12805] team0: Port device netdevsim1 removed [ 157.916277][T12805] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 157.971377][T12825] loop2: detected capacity change from 0 to 1024 [ 157.978260][T12825] EXT4-fs: Ignoring removed nobh option [ 157.983850][T12825] EXT4-fs: Ignoring removed orlov option [ 158.082655][T12840] team0: Port device netdevsim1 removed [ 158.093638][T12840] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 158.195810][T12857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:24) already exists on: ipvlan2 [ 158.205805][T12857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.215798][T12857] dummy0: entered promiscuous mode [ 158.221416][T12857] dummy0: left promiscuous mode [ 158.302690][T12865] loop2: detected capacity change from 0 to 512 [ 158.309615][T12865] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 158.318225][T12865] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 not in group (block 100)! [ 158.328701][T12865] EXT4-fs (loop2): group descriptors corrupted! [ 158.399138][T12872] bond0: (slave netdevsim1): Releasing backup interface [ 158.410427][T12872] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 158.422392][T12872] team0: Failed to send options change via netlink (err -105) [ 158.429915][T12872] team0: Port device netdevsim1 added [ 158.463405][T12877] team0: Failed to send options change via netlink (err -105) [ 158.471191][T12877] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 158.481972][T12877] team0: Port device netdevsim1 removed [ 158.492641][T12877] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 158.506464][T12880] loop2: detected capacity change from 0 to 128 [ 158.550661][T12886] loop3: detected capacity change from 0 to 1024 [ 158.562875][T12886] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 158.573942][T12886] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 158.587501][T12886] jbd2_journal_init_inode: Cannot locate journal superblock [ 158.594892][T12886] EXT4-fs (loop3): Could not load journal inode [ 158.619668][T12890] __nla_validate_parse: 14 callbacks suppressed [ 158.619682][T12890] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3076'. [ 158.643311][T12886] loop3: detected capacity change from 0 to 1024 [ 158.650510][T12886] EXT4-fs (loop3): first meta block group too large: 7 (group descriptor block count 1) [ 158.782802][T12900] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3081'. [ 158.805848][T12898] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 158.819840][T12898] vlan2: entered promiscuous mode [ 158.824935][T12898] team0: entered promiscuous mode [ 158.829958][T12898] team_slave_0: entered promiscuous mode [ 158.835652][T12898] team_slave_1: entered promiscuous mode [ 158.841437][T12898] vlan2: entered allmulticast mode [ 158.846572][T12898] team0: entered allmulticast mode [ 158.851676][T12898] team_slave_0: entered allmulticast mode [ 158.857408][T12898] team_slave_1: entered allmulticast mode [ 158.920482][T12904] loop3: detected capacity change from 0 to 164 [ 158.927481][T12904] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 158.935805][T12904] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 158.976007][T12898] team0: left allmulticast mode [ 158.980895][T12898] team_slave_0: left allmulticast mode [ 158.986464][T12898] team_slave_1: left allmulticast mode [ 158.991922][T12898] team0: left promiscuous mode [ 158.996697][T12898] team_slave_0: left promiscuous mode [ 159.002109][T12898] team_slave_1: left promiscuous mode [ 159.073445][T12910] team0: Failed to send options change via netlink (err -105) [ 159.080998][T12910] team0: Port device netdevsim1 added [ 159.121434][T12910] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 159.161793][T12914] loop1: detected capacity change from 0 to 512 [ 159.162355][T12910] team0: Failed to send options change via netlink (err -105) [ 159.177021][T12910] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 159.186563][T12910] team0: Port device netdevsim1 removed [ 159.194275][T12910] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 159.201042][T12914] EXT4-fs mount: 14 callbacks suppressed [ 159.201108][T12914] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.226360][T12914] ext4 filesystem being mounted at /362/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 159.245068][ T8333] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.256982][T12923] validate_nla: 16 callbacks suppressed [ 159.256996][T12923] netlink: 'syz.0.3087': attribute type 10 has an invalid length. [ 159.272989][T12923] bond0: (slave netdevsim1): Releasing backup interface [ 159.280991][T12923] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 159.290122][T12923] team0: Failed to send options change via netlink (err -105) [ 159.297604][T12923] team0: Port device netdevsim1 added [ 159.306443][T12923] netlink: 'syz.0.3087': attribute type 10 has an invalid length. [ 159.317349][T12923] team0: Failed to send options change via netlink (err -105) [ 159.325191][T12923] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 159.335277][T12923] team0: Port device netdevsim1 removed [ 159.342477][T12923] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 159.460666][T12959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3102'. [ 159.481190][ T4017] IPVS: starting estimator thread 0... [ 159.560889][T12971] netlink: 'syz.3.3106': attribute type 10 has an invalid length. [ 159.576236][T12971] bond0: (slave netdevsim1): Releasing backup interface [ 159.585045][T12962] IPVS: using max 2736 ests per chain, 136800 per kthread [ 159.593959][T12971] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 159.606177][T12971] team0: Failed to send options change via netlink (err -105) [ 159.613773][T12971] team0: Port device netdevsim1 added [ 159.620531][T12974] netlink: 'syz.3.3106': attribute type 10 has an invalid length. [ 159.636922][T12974] team0: Failed to send options change via netlink (err -105) [ 159.646963][T12974] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 159.658148][T12974] team0: Port device netdevsim1 removed [ 159.666946][T12974] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 159.697287][T12979] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3108'. [ 159.747579][T12986] loop3: detected capacity change from 0 to 1024 [ 159.754583][T12986] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 159.765474][T12986] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 159.888955][T12060] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.971320][T12991] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3107'. [ 159.980334][T12991] netlink: 43 bytes leftover after parsing attributes in process `syz.2.3107'. [ 159.989310][T12991] netlink: 'syz.2.3107': attribute type 5 has an invalid length. [ 159.997097][T12991] netlink: 43 bytes leftover after parsing attributes in process `syz.2.3107'. [ 160.148749][T12997] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3114'. [ 160.242652][T13005] loop4: detected capacity change from 0 to 2048 [ 160.251810][T13006] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 160.264137][T13006] vlan3: entered promiscuous mode [ 160.267429][T13005] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.269170][T13006] team0: entered promiscuous mode [ 160.286271][T13006] team_slave_0: entered promiscuous mode [ 160.291993][T13006] team_slave_1: entered promiscuous mode [ 160.297753][T13006] vlan3: entered allmulticast mode [ 160.302860][T13006] team0: entered allmulticast mode [ 160.308028][T13006] team_slave_0: entered allmulticast mode [ 160.313741][T13006] team_slave_1: entered allmulticast mode [ 160.321577][T13006] team0: left allmulticast mode [ 160.326580][T13006] team_slave_0: left allmulticast mode [ 160.332135][T13006] team_slave_1: left allmulticast mode [ 160.337738][T13006] team0: left promiscuous mode [ 160.342578][T13006] team_slave_0: left promiscuous mode [ 160.348101][T13006] team_slave_1: left promiscuous mode [ 160.357259][T11879] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.425807][T13016] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3122'. [ 160.436486][T13015] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3119'. [ 160.516946][T13022] xt_TCPMSS: Only works on TCP SYN packets [ 160.566005][T13035] loop2: detected capacity change from 0 to 1024 [ 160.801056][T13054] vcan0 speed is unknown, defaulting to 1000 [ 160.893377][T13087] loop2: detected capacity change from 0 to 2048 [ 160.910086][ T6894] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.955741][T13054] chnl_net:caif_netlink_parms(): no params data found [ 160.975807][T13099] FAULT_INJECTION: forcing a failure. [ 160.975807][T13099] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 160.988999][T13099] CPU: 0 PID: 13099 Comm: syz.2.3150 Not tainted 6.10.0-rc7-syzkaller-00012-g34afb82a3c67 #0 [ 160.999276][T13099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 161.009327][T13099] Call Trace: [ 161.012599][T13099] [ 161.015544][T13099] dump_stack_lvl+0xf2/0x150 [ 161.020225][T13099] dump_stack+0x15/0x20 [ 161.024398][T13099] should_fail_ex+0x229/0x230 [ 161.029145][T13099] should_fail+0xb/0x10 [ 161.033307][T13099] should_fail_usercopy+0x1a/0x20 [ 161.038327][T13099] _copy_to_user+0x1e/0xa0 [ 161.042747][T13099] simple_read_from_buffer+0xa0/0x110 [ 161.048192][T13099] proc_fail_nth_read+0xfc/0x140 [ 161.053172][T13099] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 161.058756][T13099] vfs_read+0x1a2/0x6e0 [ 161.062935][T13099] ? do_sock_getsockopt+0x121/0x1a0 [ 161.068134][T13099] ? __pfx_netlink_getsockopt+0x10/0x10 [ 161.073747][T13099] ksys_read+0xeb/0x1b0 [ 161.077930][T13099] __x64_sys_read+0x42/0x50 [ 161.082493][T13099] x64_sys_call+0x27e5/0x2d70 [ 161.087209][T13099] do_syscall_64+0xc9/0x1c0 [ 161.091786][T13099] ? clear_bhb_loop+0x55/0xb0 [ 161.096500][T13099] ? clear_bhb_loop+0x55/0xb0 [ 161.101195][T13099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.107095][T13099] RIP: 0033:0x7fbe86d1d6bc [ 161.111582][T13099] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 161.131199][T13099] RSP: 002b:00007fbe85fa0040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 161.139633][T13099] RAX: ffffffffffffffda RBX: 00007fbe86eacf60 RCX: 00007fbe86d1d6bc [ 161.147603][T13099] RDX: 000000000000000f RSI: 00007fbe85fa00b0 RDI: 0000000000000005 [ 161.155595][T13099] RBP: 00007fbe85fa00a0 R08: 0000000000000000 R09: 0000000000000000 [ 161.163561][T13099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.171524][T13099] R13: 000000000000000b R14: 00007fbe86eacf60 R15: 00007ffc8981a338 [ 161.179625][T13099] [ 161.186520][ T6894] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.224169][T13114] netlink: 'syz.3.3155': attribute type 1 has an invalid length. [ 161.243057][T13114] 8021q: adding VLAN 0 to HW filter on device bond1 [ 161.257337][ T6894] bond0: (slave netdevsim1): Releasing backup interface [ 161.267938][ T6894] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.290679][T13054] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.298118][T13054] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.317605][T13054] bridge_slave_0: entered allmulticast mode [ 161.336544][T13054] bridge_slave_0: entered promiscuous mode [ 161.353941][ T6894] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.370110][T13132] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.378054][T13132] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.385131][T13132] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.401131][T13054] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.408225][T13054] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.415513][T13149] loop1: detected capacity change from 0 to 1024 [ 161.419272][T13054] bridge_slave_1: entered allmulticast mode [ 161.424336][T13149] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 161.429445][T13054] bridge_slave_1: entered promiscuous mode [ 161.438756][T13149] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869) [ 161.456238][T13149] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 161.467422][T13149] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #3: comm syz.1.3165: pblk 82 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 161.485610][T13149] EXT4-fs (loop1): no journal found [ 161.490838][T13149] EXT4-fs (loop1): can't get journal size [ 161.497673][T13149] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 161.512523][T13054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 161.536221][ T8333] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.555461][T13054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 161.572131][ T6894] bridge_slave_1: left allmulticast mode [ 161.577932][ T6894] bridge_slave_1: left promiscuous mode [ 161.583620][ T6894] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.593132][ T6894] bridge_slave_0: left allmulticast mode [ 161.598894][ T6894] bridge_slave_0: left promiscuous mode [ 161.604716][ T6894] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.758103][ T6894] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 161.768294][ T6894] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 161.778489][ T6894] bond0 (unregistering): Released all slaves [ 161.791765][T13054] team0: Port device team_slave_0 added [ 161.799796][T13054] team0: Port device team_slave_1 added [ 161.828579][T13054] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 161.835673][T13054] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 161.861683][T13054] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 161.873141][T13054] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 161.880178][T13054] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 161.906147][T13054] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 161.927988][T13183] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 161.942201][T13054] hsr_slave_0: entered promiscuous mode [ 161.950528][T13054] hsr_slave_1: entered promiscuous mode [ 161.957550][T13054] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 161.966613][T13054] Cannot create hsr debugfs directory [ 162.006589][T13191] netlink: 'syz.2.3179': attribute type 63 has an invalid length. [ 162.014515][T13193] netlink: 'syz.0.3181': attribute type 10 has an invalid length. [ 162.031496][T13193] bond0: (slave netdevsim1): Releasing backup interface [ 162.040050][T13193] team0: Port device netdevsim1 added [ 162.046448][T13193] netlink: 'syz.0.3181': attribute type 10 has an invalid length. [ 162.064128][T13193] team0: Port device netdevsim1 removed [ 162.072843][T13193] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 162.088489][T13203] loop1: detected capacity change from 0 to 512 [ 162.102515][ T6894] hsr_slave_0: left promiscuous mode [ 162.112504][ T6894] hsr_slave_1: left promiscuous mode [ 162.121253][T13203] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.134352][T13203] ext4 filesystem being mounted at /383/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 162.136117][ T6894] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 162.136159][ T6894] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 162.141879][ T6894] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 162.147757][ T8333] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.154236][ T6894] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 162.188502][ T6894] veth1_macvtap: left promiscuous mode [ 162.194120][ T6894] veth0_macvtap: left promiscuous mode [ 162.199609][ T6894] veth1_vlan: left promiscuous mode [ 162.204933][ T6894] veth0_vlan: left promiscuous mode [ 162.207191][T13217] loop2: detected capacity change from 0 to 512 [ 162.222594][T13215] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 162.239314][T13219] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=15612 sclass=netlink_xfrm_socket pid=13219 comm=syz.1.3189 [ 162.331217][ T6894] team0 (unregistering): Port device team_slave_1 removed [ 162.340232][T13221] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=13221 comm=syz.1.3192 [ 162.353212][ T6894] team0 (unregistering): Port device team_slave_0 removed [ 162.416802][T13229] wg0: entered allmulticast mode [ 162.452073][T13236] bridge0: port 3(vlan2) entered blocking state [ 162.458497][T13236] bridge0: port 3(vlan2) entered disabled state [ 162.466484][T13236] vlan2: entered allmulticast mode [ 162.472119][T13236] vlan2: left allmulticast mode [ 162.507633][T13251] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 162.517290][T13251] ip6gretap0: entered promiscuous mode [ 162.523598][T13251] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 162.531312][T13251] Cannot create hsr debugfs directory [ 162.574309][T13260] netlink: 'syz.2.3206': attribute type 7 has an invalid length. [ 162.605076][T13264] loop2: detected capacity change from 0 to 512 [ 162.611900][T13264] EXT4-fs: Ignoring removed nomblk_io_submit option [ 162.624158][T13264] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31 [ 162.669800][T13280] vcan0 speed is unknown, defaulting to 1000 [ 162.679385][T13279] loop1: detected capacity change from 0 to 512 [ 162.691977][T13284] FAULT_INJECTION: forcing a failure. [ 162.691977][T13284] name failslab, interval 1, probability 0, space 0, times 0 [ 162.704702][T13284] CPU: 1 PID: 13284 Comm: syz.2.3215 Not tainted 6.10.0-rc7-syzkaller-00012-g34afb82a3c67 #0 [ 162.712064][T13279] EXT4-fs: Ignoring removed i_version option [ 162.714859][T13284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 162.714875][T13284] Call Trace: [ 162.714882][T13284] [ 162.714889][T13284] dump_stack_lvl+0xf2/0x150 [ 162.720854][T13279] EXT4-fs: Ignoring removed nobh option [ 162.730882][T13284] dump_stack+0x15/0x20 [ 162.750551][ T6894] IPVS: stop unused estimator thread 0... [ 162.751465][T13284] should_fail_ex+0x229/0x230 [ 162.757999][T13279] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 162.761835][T13284] ? key_alloc+0x2a6/0xa40 [ 162.771706][T13279] EXT4-fs (loop1): inodes count not valid: 96 vs 32 [ 162.776050][T13284] __should_failslab+0x92/0xa0 [ 162.787538][T13284] should_failslab+0x9/0x20 [ 162.792064][T13284] kmem_cache_alloc_noprof+0x4c/0x290 [ 162.797451][T13284] key_alloc+0x2a6/0xa40 [ 162.801714][T13284] keyring_alloc+0x44/0xb0 [ 162.806204][T13284] lookup_user_key+0x318/0xdf0 [ 162.811062][T13284] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 162.817228][T13284] __se_sys_add_key+0x24b/0x320 [ 162.822091][T13284] ? fput+0x13b/0x180 [ 162.826073][T13284] __x64_sys_add_key+0x67/0x80 [ 162.830847][T13284] x64_sys_call+0x267d/0x2d70 [ 162.835566][T13284] do_syscall_64+0xc9/0x1c0 [ 162.840071][T13284] ? clear_bhb_loop+0x55/0xb0 [ 162.844872][T13284] ? clear_bhb_loop+0x55/0xb0 [ 162.849547][T13284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.855525][T13284] RIP: 0033:0x7fbe86d1ebd9 [ 162.859962][T13284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.879572][T13284] RSP: 002b:00007fbe85fa0048 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 162.888065][T13284] RAX: ffffffffffffffda RBX: 00007fbe86eacf60 RCX: 00007fbe86d1ebd9 [ 162.896030][T13284] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 00000000200000c0 [ 162.903995][T13284] RBP: 00007fbe85fa00a0 R08: ffffffffffffffff R09: 0000000000000000 [ 162.911975][T13284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.919938][T13284] R13: 000000000000000b R14: 00007fbe86eacf60 R15: 00007ffc8981a338 [ 162.927965][T13284] [ 162.951698][T13054] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 162.966426][T13054] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 162.975328][T13054] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 162.986053][T13054] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 163.000799][T13287] loop2: detected capacity change from 0 to 512 [ 163.050858][T13054] 8021q: adding VLAN 0 to HW filter on device bond0 [ 163.067099][T13054] 8021q: adding VLAN 0 to HW filter on device team0 [ 163.079772][ T4310] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.086969][ T4310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 163.100919][ T4323] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.108016][ T4323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 163.126859][T13295] loop1: detected capacity change from 0 to 512 [ 163.141799][T13054] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 163.152305][T13054] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 163.153211][T13295] EXT4-fs (loop1): too many log groups per flexible block group [ 163.170460][T13295] EXT4-fs (loop1): failed to initialize mballoc (-12) [ 163.185418][T13295] EXT4-fs (loop1): mount failed [ 163.214982][T13054] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 163.307402][T13325] vcan0 speed is unknown, defaulting to 1000 [ 163.346084][T13054] veth0_vlan: entered promiscuous mode [ 163.366362][T13054] veth1_vlan: entered promiscuous mode [ 163.407900][T13054] veth0_macvtap: entered promiscuous mode [ 163.416808][T13054] veth1_macvtap: entered promiscuous mode [ 163.434929][T13054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.445733][T13054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.455637][T13054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.466278][T13054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.476124][T13054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.486560][T13054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.496470][T13054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.506948][T13054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.516798][T13054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.527388][T13054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.533274][T13347] loop1: detected capacity change from 0 to 2048 [ 163.537217][T13054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.553989][T13054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.571766][T13054] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.606750][T13347] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.624755][T13054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.635244][T13054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.645056][T13054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.655499][T13054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.660808][T13350] loop3: detected capacity change from 0 to 2048 [ 163.665389][T13054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.665418][T13054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.665430][T13054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.702459][T13054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.712277][T13054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.722721][T13054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.732535][T13054] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.742962][T13054] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.755544][T13350] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.756497][T13054] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.778438][ T8333] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.779266][T13054] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.796255][T13054] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.805011][T13054] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.813727][T13054] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.827610][T13350] __nla_validate_parse: 15 callbacks suppressed [ 163.827625][T13350] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3233'. [ 163.876454][T12060] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.908825][T13364] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3237'. [ 163.951374][T13371] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 164.010407][T13338] loop2: detected capacity change from 0 to 65536 [ 164.017909][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 164.017922][ T29] audit: type=1400 audit(2000000100.390:1481): avc: denied { map } for pid=13381 comm="syz.4.3242" path="/proc/8/attr/sockcreate" dev="proc" ino=52170 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 164.050717][ T29] audit: type=1326 audit(2000000100.430:1482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13386 comm="syz.3.3243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a9835bd9 code=0x7ffc0000 [ 164.074276][ T29] audit: type=1326 audit(2000000100.430:1483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13386 comm="syz.3.3243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a9835bd9 code=0x7ffc0000 [ 164.099355][ T29] audit: type=1326 audit(2000000100.440:1484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13386 comm="syz.3.3243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30a9835bd9 code=0x7ffc0000 [ 164.122967][ T29] audit: type=1326 audit(2000000100.440:1485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13386 comm="syz.3.3243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a9835bd9 code=0x7ffc0000 [ 164.146508][ T29] audit: type=1326 audit(2000000100.440:1486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13386 comm="syz.3.3243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a9835bd9 code=0x7ffc0000 [ 164.169995][ T29] audit: type=1326 audit(2000000100.440:1487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13386 comm="syz.3.3243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30a9835bd9 code=0x7ffc0000 [ 164.193542][ T29] audit: type=1326 audit(2000000100.440:1488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13386 comm="syz.3.3243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a9835bd9 code=0x7ffc0000 [ 164.217013][ T29] audit: type=1326 audit(2000000100.440:1489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13386 comm="syz.3.3243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f30a9835bd9 code=0x7ffc0000 [ 164.240525][ T29] audit: type=1326 audit(2000000100.440:1490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13386 comm="syz.3.3243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a9835bd9 code=0x7ffc0000 [ 164.283032][T13394] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3245'. [ 164.294730][T13394] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3245'. [ 164.321094][T13325] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13325 comm=syz.2.3226 [ 164.343134][T13400] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3248'. [ 164.361080][T13405] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=13405 comm=syz.4.3251 [ 164.397159][T13412] loop3: detected capacity change from 0 to 512 [ 164.415884][T13416] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=11034 sclass=netlink_route_socket pid=13416 comm=syz.4.3254 [ 164.437782][T13412] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #4: comm syz.3.3252: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 164.455828][T13412] EXT4-fs error (device loop3): ext4_quota_enable:7037: comm syz.3.3252: Bad quota inode: 4, type: 1 [ 164.468953][T13412] EXT4-fs warning (device loop3): ext4_enable_quotas:7078: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 164.486539][T13412] EXT4-fs (loop3): mount failed [ 164.516911][T13429] netlink: 'syz.2.3259': attribute type 4 has an invalid length. [ 164.530376][T13429] netlink: 'syz.2.3259': attribute type 4 has an invalid length. [ 164.542757][T13430] tmpfs: Unknown parameter 'µ™®›¹BœØx&rü'UÅF ‹äÔïôv%Á‰2 ˜¢' [ 164.565065][T13432] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3260'. [ 164.592864][T13436] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3262'. [ 164.611529][T13440] netlink: 'syz.3.3264': attribute type 4 has an invalid length. [ 164.615728][T13444] loop2: detected capacity change from 0 to 512 [ 164.652021][T13444] loop2: detected capacity change from 0 to 1024 [ 164.658761][T13444] EXT4-fs: Ignoring removed nomblk_io_submit option [ 164.716018][T13444] netlink: 'syz.2.3265': attribute type 1 has an invalid length. [ 164.803055][T13468] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3274'. [ 164.867594][T13469] xt_CT: You must specify a L4 protocol and not use inversions on it [ 164.890695][T13482] FAULT_INJECTION: forcing a failure. [ 164.890695][T13482] name failslab, interval 1, probability 0, space 0, times 0 [ 164.903592][T13482] CPU: 0 PID: 13482 Comm: syz.1.3280 Not tainted 6.10.0-rc7-syzkaller-00012-g34afb82a3c67 #0 [ 164.913755][T13482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 164.923804][T13482] Call Trace: [ 164.927071][T13482] [ 164.930041][T13482] dump_stack_lvl+0xf2/0x150 [ 164.934638][T13482] dump_stack+0x15/0x20 [ 164.938800][T13482] should_fail_ex+0x229/0x230 [ 164.943542][T13482] ? skb_clone+0x154/0x1f0 [ 164.947951][T13482] __should_failslab+0x92/0xa0 [ 164.952925][T13482] should_failslab+0x9/0x20 [ 164.957428][T13482] kmem_cache_alloc_noprof+0x4c/0x290 [ 164.962961][T13482] skb_clone+0x154/0x1f0 [ 164.967224][T13482] __netlink_deliver_tap+0x2bd/0x4c0 [ 164.972511][T13482] netlink_dump+0x7d5/0x820 [ 164.977091][T13482] __netlink_dump_start+0x42e/0x510 [ 164.982321][T13482] inet_diag_handler_cmd+0xfb/0x150 [ 164.987557][T13482] ? __pfx_inet_diag_dump_start+0x10/0x10 [ 164.993405][T13482] ? __pfx_inet_diag_dump+0x10/0x10 [ 164.998609][T13482] ? __pfx_inet_diag_dump_done+0x10/0x10 [ 165.004269][T13482] ? __pfx_inet_diag_handler_cmd+0x10/0x10 [ 165.010081][T13482] sock_diag_rcv_msg+0x2b8/0x2e0 [ 165.015049][T13482] netlink_rcv_skb+0x12c/0x230 [ 165.019820][T13482] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 165.025328][T13482] sock_diag_rcv+0x1c/0x30 [ 165.029761][T13482] netlink_unicast+0x58d/0x660 [ 165.034528][T13482] netlink_sendmsg+0x5ca/0x6e0 [ 165.039303][T13482] ? __pfx_netlink_sendmsg+0x10/0x10 [ 165.044597][T13482] __sock_sendmsg+0x140/0x180 [ 165.049368][T13482] sock_write_iter+0x164/0x1b0 [ 165.054137][T13482] do_iter_readv_writev+0x339/0x3e0 [ 165.059415][T13482] vfs_writev+0x2e0/0x880 [ 165.063839][T13482] do_writev+0xf8/0x220 [ 165.068021][T13482] __x64_sys_writev+0x45/0x50 [ 165.072702][T13482] x64_sys_call+0x1ee2/0x2d70 [ 165.077456][T13482] do_syscall_64+0xc9/0x1c0 [ 165.082019][T13482] ? clear_bhb_loop+0x55/0xb0 [ 165.086707][T13482] ? clear_bhb_loop+0x55/0xb0 [ 165.091396][T13482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.097303][T13482] RIP: 0033:0x7f29dfa03bd9 [ 165.101788][T13482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.121406][T13482] RSP: 002b:00007f29dec85048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 165.129874][T13482] RAX: ffffffffffffffda RBX: 00007f29dfb91f60 RCX: 00007f29dfa03bd9 [ 165.137925][T13482] RDX: 0000000000000001 RSI: 0000000020000040 RDI: 000000000000000b [ 165.145890][T13482] RBP: 00007f29dec850a0 R08: 0000000000000000 R09: 0000000000000000 [ 165.153854][T13482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 165.161816][T13482] R13: 000000000000000b R14: 00007f29dfb91f60 R15: 00007ffee67848c8 [ 165.169850][T13482] [ 165.228246][T13491] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3282'. [ 165.263819][T13498] loop1: detected capacity change from 0 to 512 [ 165.271911][T13498] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #15: comm syz.1.3286: casefold flag without casefold feature [ 165.286155][T13498] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.3286: couldn't read orphan inode 15 (err -117) [ 165.301370][T13498] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.337284][T13507] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3289'. [ 165.378699][T13509] vcan0 speed is unknown, defaulting to 1000 [ 165.412219][T13498] ip6t_srh: unknown srh match flags 7402 [ 165.425011][T13511] dvmrp8: entered allmulticast mode [ 165.433230][T13510] dvmrp8: left allmulticast mode [ 165.523546][ T8333] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.531060][T13521] netlink: 'syz.2.3295': attribute type 2 has an invalid length. [ 165.540302][T13521] netlink: 'syz.2.3295': attribute type 8 has an invalid length. [ 165.548107][T13521] netlink: 'syz.2.3295': attribute type 1 has an invalid length. [ 165.579472][T13526] loop4: detected capacity change from 0 to 512 [ 165.600244][T13526] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.602619][T13535] openvswitch: netlink: IP tunnel dst address not specified [ 165.617532][T13526] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.643330][T13526] ebtables: ebtables: counters copy to user failed while replacing table [ 165.669246][T13054] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.715613][T13547] loop1: detected capacity change from 0 to 512 [ 165.735626][T13547] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.748868][T13547] ext4 filesystem being mounted at /414/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.785980][T13562] sctp: [Deprecated]: syz.0.3308 (pid 13562) Use of int in max_burst socket option. [ 165.785980][T13562] Use struct sctp_assoc_value instead [ 165.822121][ T8333] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.839858][T13566] loop4: detected capacity change from 0 to 2048 [ 165.857731][T13566] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.876028][T13566] EXT4-fs error (device loop4): ext4_lookup:1854: inode #14: comm syz.4.3310: iget: bad extra_isize 1056 (inode size 256) [ 165.889757][T13566] EXT4-fs (loop4): Remounting filesystem read-only [ 165.942003][T13581] loop2: detected capacity change from 0 to 512 [ 165.944696][T13575] dvmrp8: entered allmulticast mode [ 165.955747][T13574] dvmrp8: left allmulticast mode [ 165.971706][T13587] bond0: (slave bond_slave_0): Releasing backup interface [ 166.035286][T13602] loop2: detected capacity change from 0 to 128 [ 166.054302][T13607] loop1: detected capacity change from 0 to 512 [ 166.068023][T13607] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.080554][T13607] ext4 filesystem being mounted at /416/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.130551][T13617] loop2: detected capacity change from 0 to 1024 [ 166.218738][T13641] netlink: 'syz.2.3334': attribute type 6 has an invalid length. [ 166.266700][T13650] netlink: 'syz.3.3338': attribute type 1 has an invalid length. [ 166.413004][T13677] netlink: 'syz.2.3347': attribute type 5 has an invalid length. [ 166.441206][T13681] 9pnet: p9_errstr2errno: server reported unknown error œæçæŒÎsŧ‘̼§6 [ 166.608826][T13689] bond3: entered promiscuous mode [ 166.717780][T13701] loop2: detected capacity change from 0 to 512 [ 166.879409][T13722] loop2: detected capacity change from 0 to 512 [ 166.888662][T13722] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 166.897228][T13722] EXT4-fs (loop2): inodes count not valid: 15 vs 32 [ 166.999799][T13734] 9pnet_fd: Insufficient options for proto=fd [ 167.049010][ T8333] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.377638][T13749] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 167.388861][T13749] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 167.402307][T13749] bond0 (unregistering): (slave netdevsim1): Releasing backup interface [ 167.415931][T13749] bond0 (unregistering): Released all slaves [ 167.532141][T13765] loop1: detected capacity change from 0 to 512 [ 167.547322][T13765] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.559971][T13765] ext4 filesystem being mounted at /420/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 167.586005][T13781] program syz.2.3383 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 167.678170][T13796] loop3: detected capacity change from 0 to 512 [ 167.732329][T13796] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #4: comm syz.3.3388: pblk 19 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 167.755271][T13796] EXT4-fs error (device loop3): ext4_quota_enable:7037: comm syz.3.3388: Bad quota inode: 4, type: 1 [ 167.766566][T13801] bond0: (slave netdevsim1): Releasing backup interface [ 167.768236][T13796] EXT4-fs warning (device loop3): ext4_enable_quotas:7078: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 167.788804][T13796] EXT4-fs (loop3): mount failed [ 167.795315][T13801] team0: Failed to send port change of device netdevsim1 via netlink (err -105) [ 167.804511][T13801] team0: Failed to send options change via netlink (err -105) [ 167.811992][T13801] team0: Port device netdevsim1 added [ 167.932351][T13818] dvmrp8: entered allmulticast mode [ 167.939035][T13817] dvmrp8: left allmulticast mode [ 167.993114][T13827] rdma_rxe: rxe_newlink: failed to add vcan0 [ 168.001870][T13827] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 55738 - 0 [ 168.010750][T13827] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 55738 - 0 [ 168.019580][T13827] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 55738 - 0 [ 168.028392][T13827] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 55738 - 0 [ 168.037483][T13827] netdevsim netdevsim3 netdevsim0: set [1, 2] type 2 family 0 port 59199 - 0 [ 168.046400][T13827] netdevsim netdevsim3 netdevsim1: set [1, 2] type 2 family 0 port 59199 - 0 [ 168.048321][T13831] loop2: detected capacity change from 0 to 256 [ 168.055294][T13827] netdevsim netdevsim3 netdevsim2: set [1, 2] type 2 family 0 port 59199 - 0 [ 168.070381][T13827] netdevsim netdevsim3 netdevsim3: set [1, 2] type 2 family 0 port 59199 - 0 [ 168.080275][T13827] geneve2: entered promiscuous mode [ 168.087615][T13827] netdevsim netdevsim3 netdevsim0: unset [1, 2] type 2 family 0 port 59199 - 0 [ 168.096689][T13827] netdevsim netdevsim3 netdevsim1: unset [1, 2] type 2 family 0 port 59199 - 0 [ 168.105684][T13827] netdevsim netdevsim3 netdevsim2: unset [1, 2] type 2 family 0 port 59199 - 0 [ 168.114658][T13827] netdevsim netdevsim3 netdevsim3: unset [1, 2] type 2 family 0 port 59199 - 0 [ 168.123835][T13827] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 55738 - 0 [ 168.132820][T13827] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 55738 - 0 [ 168.141853][T13827] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 55738 - 0 [ 168.150821][T13827] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 55738 - 0 [ 168.305857][T13847] 9pnet_fd: p9_fd_create_tcp (13847): problem connecting socket to 127.0.0.1 [ 168.351662][ T8333] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.371855][T13849] loop3: detected capacity change from 0 to 512 [ 168.385384][T13849] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.398557][T13849] ext4 filesystem being mounted at /108/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.440565][T12060] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.504816][T13866] loop1: detected capacity change from 0 to 128 [ 168.513632][T13866] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 168.527143][T13866] ext4 filesystem being mounted at /424/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 168.587445][T13875] ================================================================== [ 168.595554][T13875] BUG: KCSAN: data-race in bprm_execve / copy_fs [ 168.601885][T13875] [ 168.604233][T13875] write to 0xffff88811152c190 of 4 bytes by task 13874 on cpu 0: [ 168.611969][T13875] bprm_execve+0x971/0xc60 [ 168.616405][T13875] do_execveat_common+0x768/0x7d0 [ 168.621422][T13875] __x64_sys_execve+0x5a/0x70 [ 168.626093][T13875] x64_sys_call+0x1378/0x2d70 [ 168.630775][T13875] do_syscall_64+0xc9/0x1c0 [ 168.635270][T13875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.641171][T13875] [ 168.643480][T13875] read to 0xffff88811152c190 of 4 bytes by task 13875 on cpu 1: [ 168.651096][T13875] copy_fs+0x95/0xf0 [ 168.655000][T13875] copy_process+0xe6c/0x1f90 [ 168.659588][T13875] create_io_thread+0x9e/0xd0 [ 168.664280][T13875] create_worker_cont+0x5b/0x350 [ 168.669239][T13875] task_work_run+0x13a/0x1a0 [ 168.673829][T13875] get_signal+0xeee/0x1080 [ 168.678256][T13875] arch_do_signal_or_restart+0x95/0x4b0 [ 168.683798][T13875] syscall_exit_to_user_mode+0x59/0x130 [ 168.689391][T13875] do_syscall_64+0xd6/0x1c0 [ 168.693891][T13875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.699822][T13875] [ 168.702158][T13875] value changed: 0x00000001 -> 0x00000000 [ 168.707856][T13875] [ 168.710158][T13875] Reported by Kernel Concurrency Sanitizer on: [ 168.716287][T13875] CPU: 1 PID: 13875 Comm: syz.3.3414 Not tainted 6.10.0-rc7-syzkaller-00012-g34afb82a3c67 #0 [ 168.726431][T13875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 168.736522][T13875] ================================================================== [ 168.795118][ T8333] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 169.979366][T13054] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.