last executing test programs: 2.055027822s ago: executing program 0 (id=1298): r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0xfffffe05, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="c00000002a00010000000000000000000100000004000080a50001"], 0xc0}}, 0x0) 2.026287194s ago: executing program 0 (id=1300): socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x44, 0x14, 0x509, 0x0, 0x0, {0x2, 0x1, 0x0, 0xfd, r1}, [@IFA_LOCAL={0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IFA_BROADCAST={0x8, 0x4, @multicast1}, @IFA_BROADCAST={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x1f}}, @IFA_LABEL={0x14, 0x3, 'veth1_to_bond\x00'}]}, 0x44}}, 0x0) 1.945886291s ago: executing program 0 (id=1304): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb80, &(0x7f0000000c40)="$eJzs3MtrXFUYAPDv3jyaNrGTiqgtggGpFcVp2hSFrlrXooIuuuyYTErI9GEmggldpHWvLkRcFKR/guDeunAluKgLrX9BEYsU3bQuInce6dBkktjO9PTx+8GZe86c6XzfN5fOPQfmJoAn1kTxkEfsjYiTWUSp9XweEcON3kjESvN1t2+eny5aFqur7/+VRRYRt26en26/V9Y6jrYGIxFx9a0snv50fdz60vJ8pVarLrTGBxdPnztYX1p+fe505VT1VPXMkak3j0y9MTXVw1qvn/vw6xd+eefli5c/m3z3q90/ZXEsxlpznXX0ykRMrH0mnQYjotLrYIkMtOrprDMbTJgQAACbyjvWcM9GKQbizuKtFD/+mjQ5AAAAoCdWByJWAQAAgMdcZv8PAAAAj7n27wBu3Tw/3W5pf5HwYN04HhHjzfrb9zc3ZwZjpXEciaGI2PV3Fp23tWbNf3bfJopI3/1cLVr06T7kzaxciIjnNzr/WaP+8cZd3OvrzyNisgfxJ+4aP0r1H+tB/NT1A/BkunK8eSFbf/3L19Y/scH1b3CDa9e9SH39a6//bq9b/92pf6DL+u+9bcbY9++rV7vNda7/Tnz++0wRvzjeV1H/w40LEfsGN6o/W6s/61L/yW3GGJ2+fqnbXFF/UW+7Pej6Vy9H7I+N62/LNvv7RAdn52rVyeZjlxj7fzhxoFv8zvNftCJ+ey/wIBTnf1eX+rc6/+e2GWP8uT/3dpvbuv78j+Hsg0ZvuPXMJ5XFxYVDEcPZ2+ufP7x5Lu3XtN+jqP+Vlzb//79R/cV3wkrrcyj2Ahdax2J88a6Yo/sPf3vv9fdXUf/MPZ7/L7YZ45vvL33UbS51/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GvKIGIssL6/187xcjhiNiGdiV147W198bfbsx2dmirmI8RjKZ+dq1cmIKDXHWTE+1OjfGR++azwVEXsi4svSzsa4PH22NpO6eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaMRsRYZHk5IvKI+KeU5+Vy6qwAAACAnhtPnQAAAADQd/b/AAAA8Piz/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDP9rx45VoWEStHdzZaYbg1N5Q0M6Df8tQJAMkMpE4ASGYwdQJAMvb4QLbF/EjXmR09zwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh9eBvVeuZRGxcnRnoxWGW3NDSTMD+i1PnQCQzEDqBIBkBlMnACRjjw9kW8yPdJ3Z0fNcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4jTValpcjIm/087xcjngqIsZjKJudq1UnI2J3RPxWGtpRjA+lThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeqy8tz1dqteqCjo6Ozlon9TcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1JeW5yu1WnWhnjoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILX60vJ8pVarLvSxk7pGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS+S8AAP//szUGGQ==") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000745c0)={0x0, [], 0x0, "7464fbe08eb369"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000526c0)={0x0, [], 0x0, "d30f30dd6d2240"}) pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x3) 1.945004881s ago: executing program 3 (id=1305): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./bus\x00', 0xa08886, &(0x7f0000000040)=ANY=[], 0x3, 0x2b9, &(0x7f0000000ac0)="$eJzs3U1oE2kYwPGnH9t2u7QJy7KwC7v77PayigxNzkIbpBUxUNFGqgVhaicaMiYhE6Ip0kQQevHgxa+zCiKFgngQhFIPnqRFevPgrbcerCeLiCPp9COp6Qc1bQr9/w7tQ573mTx538mQvIFk/ujtK/GoY0TNjNS31El9txRksU78Ui8rCnLo6sTbv86cO38yFA73nFbtDfUHgqra/s/k4PXx/6Yyv5x93v6yWab9F+YXgnPTv0//Mf+1/3LM0ZijiWRGTR1KJjPmkG3p8F0nbqiesi3TsTSWcKx0WT5qJ1OpnJqJ4bbWVNpyHDUTOY1bOc0kNZPOqXnJjCXUMAxtaxVsbjz7ILRxNvJ00XVlIfPGdZsL4rpu8caWPWwPNba0/q5bsv63at0S9lDJRb1FxB7LRrIR77+XD0UlJrZY0ik++SLFc8R9OOEunSrFv9eCE+HZw69fqapfRu38cn0+G2korw+IT/xejceLe0+EewLqKa//SVpL64Pik98q1wcr1jfJ/x0l9Yb4ZPaiJMWWmcl/P831jd1bqR8NqB7rC6+r/1mG16bpyccarQ8AAAAAAAAAADth6KqK+/dGccDNEVVtW5f36it9PrB+f76z4v58o/zZWNvHDgAAAADAQeHkRuKmbVvpHwyKb+WrcZzqB81S2zYe3dj+4L97Nx/T0dUw0/2ukLKtdF72x/RuJ/g8sC/aKA9kefdpq8ENVX6mrAUfqnKcuuX+Nh5zfPD9sy2P0/Td/GxkavevSgAAAAB2w9qL/i7JR19k8wNH7tS6JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADpodfOXYzP1KKS0Gvz6ulFq9M+/3xQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPaVbwEAAP//u5TQrw==") ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x60c2, 0x0) r2 = open$dir(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000300), 0x16) r4 = dup3(r3, r1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'syztnl1\x00', 0x0}) sendfile(r4, r2, 0x0, 0x800008038) socket$inet6(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendfile(r1, r2, 0x0, 0xef84) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280), 0x6) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) sync() 1.916609303s ago: executing program 4 (id=1306): sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) renameat2(r0, 0x0, 0xffffffffffffffff, 0x0, 0x7) perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xb3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) socket$inet6(0xa, 0x2, 0x3a) r1 = socket$inet6(0xa, 0x2, 0x3a) r2 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x7}}) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x2, 0x4, 0x7fe2, 0x3}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x90) r3 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000000180)={0x60, 0x1, &(0x7f00004bb000/0x4000)=nil, &(0x7f00004c1000/0x1000)=nil, 0x7fff, 0x0, 0x0, 0xffffffff7ffffff8, 0x0, 0x0, 0x40, 0x42}) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20020, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x8}, 0x0, 0x85a, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r4 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r4, 0x400, 0x0) r5 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x0) fcntl$setlease(r5, 0x400, 0x0) fcntl$getflags(r5, 0x401) socket$inet(0x2, 0x80001, 0x84) socket$inet_smc(0x2b, 0x1, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) socket$tipc(0x1e, 0x2, 0x0) socket$tipc(0x1e, 0x5, 0x0) 1.795809903s ago: executing program 4 (id=1307): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x9) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x4) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) flock(0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r5, 0x0, 0x8000f28, 0x0) splice(r4, 0x0, r2, 0x0, 0x7f, 0xe000000) 1.681329782s ago: executing program 0 (id=1308): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 999.880398ms ago: executing program 0 (id=1310): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb80, &(0x7f0000000c40)="$eJzs3MtrXFUYAPDv3jyaNrGTiqgtggGpFcVp2hSFrlrXooIuuuyYTErI9GEmggldpHWvLkRcFKR/guDeunAluKgLrX9BEYsU3bQuInce6dBkktjO9PTx+8GZe86c6XzfN5fOPQfmJoAn1kTxkEfsjYiTWUSp9XweEcON3kjESvN1t2+eny5aFqur7/+VRRYRt26en26/V9Y6jrYGIxFx9a0snv50fdz60vJ8pVarLrTGBxdPnztYX1p+fe505VT1VPXMkak3j0y9MTXVw1qvn/vw6xd+eefli5c/m3z3q90/ZXEsxlpznXX0ykRMrH0mnQYjotLrYIkMtOrprDMbTJgQAACbyjvWcM9GKQbizuKtFD/+mjQ5AAAAoCdWByJWAQAAgMdcZv8PAAAAj7n27wBu3Tw/3W5pf5HwYN04HhHjzfrb9zc3ZwZjpXEciaGI2PV3Fp23tWbNf3bfJopI3/1cLVr06T7kzaxciIjnNzr/WaP+8cZd3OvrzyNisgfxJ+4aP0r1H+tB/NT1A/BkunK8eSFbf/3L19Y/scH1b3CDa9e9SH39a6//bq9b/92pf6DL+u+9bcbY9++rV7vNda7/Tnz++0wRvzjeV1H/w40LEfsGN6o/W6s/61L/yW3GGJ2+fqnbXFF/UW+7Pej6Vy9H7I+N62/LNvv7RAdn52rVyeZjlxj7fzhxoFv8zvNftCJ+ey/wIBTnf1eX+rc6/+e2GWP8uT/3dpvbuv78j+Hsg0ZvuPXMJ5XFxYVDEcPZ2+ufP7x5Lu3XtN+jqP+Vlzb//79R/cV3wkrrcyj2Ahdax2J88a6Yo/sPf3vv9fdXUf/MPZ7/L7YZ45vvL33UbS51/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GvKIGIssL6/187xcjhiNiGdiV147W198bfbsx2dmirmI8RjKZ+dq1cmIKDXHWTE+1OjfGR++azwVEXsi4svSzsa4PH22NpO6eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaMRsRYZHk5IvKI+KeU5+Vy6qwAAACAnhtPnQAAAADQd/b/AAAA8Piz/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDP9rx45VoWEStHdzZaYbg1N5Q0M6Df8tQJAMkMpE4ASGYwdQJAMvb4QLbF/EjXmR09zwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh9eBvVeuZRGxcnRnoxWGW3NDSTMD+i1PnQCQzEDqBIBkBlMnACRjjw9kW8yPdJ3Z0fNcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4jTValpcjIm/087xcjngqIsZjKJudq1UnI2J3RPxWGtpRjA+lThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeqy8tz1dqteqCjo6Ozlon9TcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1JeW5yu1WnWhnjoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILX60vJ8pVarLvSxk7pGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS+S8AAP//szUGGQ==") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000526c0)={0x0, [], 0x0, "d30f30dd6d2240"}) pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x3) 962.309421ms ago: executing program 4 (id=1311): r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000003200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0xfffffe05, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="c00000002a00010000000000000000000100000004000080a50001"], 0xc0}}, 0x0) 941.898383ms ago: executing program 3 (id=1312): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x0, 0x8, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f00000000c0), &(0x7f0000000100)=r0}, 0x20) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000040)={r1, &(0x7f00000007c0), 0x20000000}, 0x20) 906.455686ms ago: executing program 4 (id=1315): socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x44, 0x14, 0x509, 0x0, 0x0, {0x2, 0x1, 0x0, 0xfd, r1}, [@IFA_LOCAL={0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IFA_BROADCAST={0x8, 0x4, @multicast1}, @IFA_BROADCAST={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x1f}}, @IFA_LABEL={0x14, 0x3, 'veth1_to_bond\x00'}]}, 0x44}}, 0x0) 846.85929ms ago: executing program 3 (id=1316): r0 = socket(0x10, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040), 0x10) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000080)={0x200000000000001}, 0x8) shutdown(r1, 0x1) r2 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg$inet(r2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@ip_tos_u8={{0x11}}, @ip_tos_int={{0x14, 0x110, 0x2, 0x3}}], 0x30, 0x4c00}, 0x0) sendmmsg$inet6(r1, &(0x7f0000000a40)=[{{&(0x7f0000000100)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c, 0x0}}], 0x1, 0x4040804) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000007c0)={'tunl0\x00', &(0x7f0000000480)={'ip_vti0\x00', 0x0, 0x8050, 0x72e, 0x7, 0x80000000, {{0xa, 0x4, 0x0, 0x1, 0x28, 0x0, 0x0, 0x7e, 0x2f, 0x0, @rand_addr=0x64010102, @remote, {[@generic={0x43, 0x11, "bb5e406f7af047f3dbe1bdef0d1390"}]}}}}}) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={0x0}, 0x1, 0x0, 0x0, 0x20008000}, 0x4044) socket$vsock_stream(0x28, 0x1, 0x0) clock_settime(0x26b63767e4fa4493, &(0x7f0000000380)) bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000200)={'erspan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000240), 0x10) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) socket$inet(0x2, 0x3, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x5, 0xc}, 0x48) r4 = fcntl$dupfd(r3, 0x0, r3) write$sndseq(r4, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time={0xdd}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@tick=0x41}, {0x0, 0x0, 0x40, 0x0, @time={0x0, 0x4000000}, {}, {}, @connect}], 0x70) 846.51492ms ago: executing program 4 (id=1317): socket$inet(0x2, 0x4000000000000001, 0x0) r0 = perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) socket$packet(0x11, 0x2, 0x300) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x2, &(0x7f0000000080)) capset(&(0x7f0000000300)={0x20080522}, &(0x7f0000000340)) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b7000000ff000000bfa30000000000000703000018feffff720aa9fff8ffffff71a4f0ff0000000072030200000000131d400500000000004704000001ed00006b030000000000001d440000000000007a0a00fe00ffffffc303000040000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7109000000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a1074649c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c0dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6acdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e50002a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de5c028d6112a0c2d21b2dc98814106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c53218294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb118888876b617398d00a7526103ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fed000000007baa5b6a686b50f0937f778af083e08b7ab6cd9c65ba55f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddc42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293d364b9effa9a9406ac2683e231d4774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479517dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a79e59e1712c8c546768e5722da19fcdb4c2890cda1f96b952511e3a49d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767987d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca485683252b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c32040098e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a0032f37ff559be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1be62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee07751532d5e7d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070f66b2b388f0f744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e2fa3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef907000000f01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e015cb56119df72c7533a48d028a3a981463f25c068d4410dad0c74e2a9478fa3be18a1a27bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb581012fd7a8139166fd5e59c84f4ab07001b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe293308b2a146f12a4c205235924cee765d94b1cc06641247c773ab8d1abbeb03ea68"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff11, 0x0, 0xffffffffffffffff, 0xfffffffffffffea5}, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r3, &(0x7f0000000200)=@abs={0x1}, 0x6e) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) socket$isdn_base(0x22, 0x3, 0x0) 811.754113ms ago: executing program 3 (id=1319): socket$inet_tcp(0x2, 0x1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x8, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f00000000c0), &(0x7f0000000100)=r0}, 0x20) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000080)={r1, &(0x7f0000000100), 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000040)={r1, &(0x7f00000007c0), 0x20000000}, 0x20) 764.289608ms ago: executing program 3 (id=1321): mkdir(&(0x7f0000000180)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f00000036c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000800)=ANY=[@ANYBLOB="5100000007000042009ce6f8fdd3ae"], 0x53) mount$9p_fd(0xa00, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x6b}}) 763.131057ms ago: executing program 0 (id=1322): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./bus\x00', 0xa08886, &(0x7f0000000040)=ANY=[], 0x3, 0x2b9, &(0x7f0000000ac0)="$eJzs3U1oE2kYwPGnH9t2u7QJy7KwC7v77PayigxNzkIbpBUxUNFGqgVhaicaMiYhE6Ip0kQQevHgxa+zCiKFgngQhFIPnqRFevPgrbcerCeLiCPp9COp6Qc1bQr9/w7tQ573mTx538mQvIFk/ujtK/GoY0TNjNS31El9txRksU78Ui8rCnLo6sTbv86cO38yFA73nFbtDfUHgqra/s/k4PXx/6Yyv5x93v6yWab9F+YXgnPTv0//Mf+1/3LM0ZijiWRGTR1KJjPmkG3p8F0nbqiesi3TsTSWcKx0WT5qJ1OpnJqJ4bbWVNpyHDUTOY1bOc0kNZPOqXnJjCXUMAxtaxVsbjz7ILRxNvJ00XVlIfPGdZsL4rpu8caWPWwPNba0/q5bsv63at0S9lDJRb1FxB7LRrIR77+XD0UlJrZY0ik++SLFc8R9OOEunSrFv9eCE+HZw69fqapfRu38cn0+G2korw+IT/xejceLe0+EewLqKa//SVpL64Pik98q1wcr1jfJ/x0l9Yb4ZPaiJMWWmcl/P831jd1bqR8NqB7rC6+r/1mG16bpyccarQ8AAAAAAAAAADth6KqK+/dGccDNEVVtW5f36it9PrB+f76z4v58o/zZWNvHDgAAAADAQeHkRuKmbVvpHwyKb+WrcZzqB81S2zYe3dj+4L97Nx/T0dUw0/2ukLKtdF72x/RuJ/g8sC/aKA9kefdpq8ENVX6mrAUfqnKcuuX+Nh5zfPD9sy2P0/Td/GxkavevSgAAAAB2w9qL/i7JR19k8wNH7tS6JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADpodfOXYzP1KKS0Gvz6ulFq9M+/3xQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPaVbwEAAP//u5TQrw==") ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x60c2, 0x0) r2 = open$dir(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000300), 0x16) r4 = dup3(r3, r1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'syztnl1\x00', 0x0}) sendfile(r4, r2, 0x0, 0x800008038) socket$inet6(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendfile(r1, r2, 0x0, 0xef84) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280), 0x6) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) sync() 761.257328ms ago: executing program 4 (id=1323): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./bus\x00', 0xa08886, &(0x7f0000000040)=ANY=[], 0x3, 0x2b9, &(0x7f0000000ac0)="$eJzs3U1oE2kYwPGnH9t2u7QJy7KwC7v77PayigxNzkIbpBUxUNFGqgVhaicaMiYhE6Ip0kQQevHgxa+zCiKFgngQhFIPnqRFevPgrbcerCeLiCPp9COp6Qc1bQr9/w7tQ573mTx538mQvIFk/ujtK/GoY0TNjNS31El9txRksU78Ui8rCnLo6sTbv86cO38yFA73nFbtDfUHgqra/s/k4PXx/6Yyv5x93v6yWab9F+YXgnPTv0//Mf+1/3LM0ZijiWRGTR1KJjPmkG3p8F0nbqiesi3TsTSWcKx0WT5qJ1OpnJqJ4bbWVNpyHDUTOY1bOc0kNZPOqXnJjCXUMAxtaxVsbjz7ILRxNvJ00XVlIfPGdZsL4rpu8caWPWwPNba0/q5bsv63at0S9lDJRb1FxB7LRrIR77+XD0UlJrZY0ik++SLFc8R9OOEunSrFv9eCE+HZw69fqapfRu38cn0+G2korw+IT/xejceLe0+EewLqKa//SVpL64Pik98q1wcr1jfJ/x0l9Yb4ZPaiJMWWmcl/P831jd1bqR8NqB7rC6+r/1mG16bpyccarQ8AAAAAAAAAADth6KqK+/dGccDNEVVtW5f36it9PrB+f76z4v58o/zZWNvHDgAAAADAQeHkRuKmbVvpHwyKb+WrcZzqB81S2zYe3dj+4L97Nx/T0dUw0/2ukLKtdF72x/RuJ/g8sC/aKA9kefdpq8ENVX6mrAUfqnKcuuX+Nh5zfPD9sy2P0/Td/GxkavevSgAAAAB2w9qL/i7JR19k8wNH7tS6JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADpodfOXYzP1KKS0Gvz6ulFq9M+/3xQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPaVbwEAAP//u5TQrw==") ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x60c2, 0x0) r2 = open$dir(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000300), 0x16) r4 = dup3(r3, r1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'syztnl1\x00', 0x0}) sendfile(r4, r2, 0x0, 0x800008038) socket$inet6(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendfile(r1, r2, 0x0, 0xef84) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280), 0x6) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) sync() 716.091341ms ago: executing program 3 (id=1324): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./bus\x00', 0xa08886, &(0x7f0000000040)=ANY=[], 0x3, 0x2b9, &(0x7f0000000ac0)="$eJzs3U1oE2kYwPGnH9t2u7QJy7KwC7v77PayigxNzkIbpBUxUNFGqgVhaicaMiYhE6Ip0kQQevHgxa+zCiKFgngQhFIPnqRFevPgrbcerCeLiCPp9COp6Qc1bQr9/w7tQ573mTx538mQvIFk/ujtK/GoY0TNjNS31El9txRksU78Ui8rCnLo6sTbv86cO38yFA73nFbtDfUHgqra/s/k4PXx/6Yyv5x93v6yWab9F+YXgnPTv0//Mf+1/3LM0ZijiWRGTR1KJjPmkG3p8F0nbqiesi3TsTSWcKx0WT5qJ1OpnJqJ4bbWVNpyHDUTOY1bOc0kNZPOqXnJjCXUMAxtaxVsbjz7ILRxNvJ00XVlIfPGdZsL4rpu8caWPWwPNba0/q5bsv63at0S9lDJRb1FxB7LRrIR77+XD0UlJrZY0ik++SLFc8R9OOEunSrFv9eCE+HZw69fqapfRu38cn0+G2korw+IT/xejceLe0+EewLqKa//SVpL64Pik98q1wcr1jfJ/x0l9Yb4ZPaiJMWWmcl/P831jd1bqR8NqB7rC6+r/1mG16bpyccarQ8AAAAAAAAAADth6KqK+/dGccDNEVVtW5f36it9PrB+f76z4v58o/zZWNvHDgAAAADAQeHkRuKmbVvpHwyKb+WrcZzqB81S2zYe3dj+4L97Nx/T0dUw0/2ukLKtdF72x/RuJ/g8sC/aKA9kefdpq8ENVX6mrAUfqnKcuuX+Nh5zfPD9sy2P0/Td/GxkavevSgAAAAB2w9qL/i7JR19k8wNH7tS6JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADpodfOXYzP1KKS0Gvz6ulFq9M+/3xQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPaVbwEAAP//u5TQrw==") ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x60c2, 0x0) r2 = open$dir(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000300), 0x16) r4 = dup3(r3, r1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'syztnl1\x00', 0x0}) sendfile(r4, r2, 0x0, 0x800008038) socket$inet6(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendfile(r1, r2, 0x0, 0xef84) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280), 0x6) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)) sync() 582.729222ms ago: executing program 2 (id=1329): socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x44, 0x14, 0x509, 0x0, 0x0, {0x2, 0x1, 0x0, 0xfd, r2}, [@IFA_LOCAL={0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IFA_BROADCAST={0x8, 0x4, @multicast1}, @IFA_BROADCAST={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x1f}}, @IFA_LABEL={0x14, 0x3, 'veth1_to_bond\x00'}]}, 0x44}}, 0x0) 509.407208ms ago: executing program 2 (id=1331): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb80, &(0x7f0000000c40)="$eJzs3MtrXFUYAPDv3jyaNrGTiqgtggGpFcVp2hSFrlrXooIuuuyYTErI9GEmggldpHWvLkRcFKR/guDeunAluKgLrX9BEYsU3bQuInce6dBkktjO9PTx+8GZe86c6XzfN5fOPQfmJoAn1kTxkEfsjYiTWUSp9XweEcON3kjESvN1t2+eny5aFqur7/+VRRYRt26en26/V9Y6jrYGIxFx9a0snv50fdz60vJ8pVarLrTGBxdPnztYX1p+fe505VT1VPXMkak3j0y9MTXVw1qvn/vw6xd+eefli5c/m3z3q90/ZXEsxlpznXX0ykRMrH0mnQYjotLrYIkMtOrprDMbTJgQAACbyjvWcM9GKQbizuKtFD/+mjQ5AAAAoCdWByJWAQAAgMdcZv8PAAAAj7n27wBu3Tw/3W5pf5HwYN04HhHjzfrb9zc3ZwZjpXEciaGI2PV3Fp23tWbNf3bfJopI3/1cLVr06T7kzaxciIjnNzr/WaP+8cZd3OvrzyNisgfxJ+4aP0r1H+tB/NT1A/BkunK8eSFbf/3L19Y/scH1b3CDa9e9SH39a6//bq9b/92pf6DL+u+9bcbY9++rV7vNda7/Tnz++0wRvzjeV1H/w40LEfsGN6o/W6s/61L/yW3GGJ2+fqnbXFF/UW+7Pej6Vy9H7I+N62/LNvv7RAdn52rVyeZjlxj7fzhxoFv8zvNftCJ+ey/wIBTnf1eX+rc6/+e2GWP8uT/3dpvbuv78j+Hsg0ZvuPXMJ5XFxYVDEcPZ2+ufP7x5Lu3XtN+jqP+Vlzb//79R/cV3wkrrcyj2Ahdax2J88a6Yo/sPf3vv9fdXUf/MPZ7/L7YZ45vvL33UbS51/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GvKIGIssL6/187xcjhiNiGdiV147W198bfbsx2dmirmI8RjKZ+dq1cmIKDXHWTE+1OjfGR++azwVEXsi4svSzsa4PH22NpO6eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaMRsRYZHk5IvKI+KeU5+Vy6qwAAACAnhtPnQAAAADQd/b/AAAA8Piz/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDP9rx45VoWEStHdzZaYbg1N5Q0M6Df8tQJAMkMpE4ASGYwdQJAMvb4QLbF/EjXmR09zwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh9eBvVeuZRGxcnRnoxWGW3NDSTMD+i1PnQCQzEDqBIBkBlMnACRjjw9kW8yPdJ3Z0fNcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4jTValpcjIm/087xcjngqIsZjKJudq1UnI2J3RPxWGtpRjA+lThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeqy8tz1dqteqCjo6Ozlon9TcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1JeW5yu1WnWhnjoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILX60vJ8pVarLvSxk7pGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS+S8AAP//szUGGQ==") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x108) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0xd000943d, &(0x7f00000526c0)={0x0, [], 0x0, "d30f30dd6d2240"}) pwritev2(r2, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x3) 489.78154ms ago: executing program 1 (id=1332): socket$inet_tcp(0x2, 0x1, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x8, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f00000000c0), &(0x7f0000000100)=r0}, 0x20) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000080)={r1, &(0x7f0000000100), 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000040)={r1, &(0x7f00000007c0), 0x20000000}, 0x20) 382.919359ms ago: executing program 1 (id=1333): socket$inet(0x2, 0x4000000000000001, 0x0) r0 = perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) socket$packet(0x11, 0x2, 0x300) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x2, &(0x7f0000000080)) capset(&(0x7f0000000300)={0x20080522}, &(0x7f0000000340)) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b7000000ff000000bfa30000000000000703000018feffff720aa9fff8ffffff71a4f0ff0000000072030200000000131d400500000000004704000001ed00006b030000000000001d440000000000007a0a00fe00ffffffc303000040000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7109000000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a1074649c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c0dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6acdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e50002a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de5c028d6112a0c2d21b2dc98814106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c53218294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb118888876b617398d00a7526103ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fed000000007baa5b6a686b50f0937f778af083e08b7ab6cd9c65ba55f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddc42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293d364b9effa9a9406ac2683e231d4774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479517dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a79e59e1712c8c546768e5722da19fcdb4c2890cda1f96b952511e3a49d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767987d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca485683252b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c32040098e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a0032f37ff559be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1be62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee07751532d5e7d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070f66b2b388f0f744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e2fa3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef907000000f01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e015cb56119df72c7533a48d028a3a981463f25c068d4410dad0c74e2a9478fa3be18a1a27bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb581012fd7a8139166fd5e59c84f4ab07001b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe293308b2a146f12a4c205235924cee765d94b1cc06641247c773ab8d1abbeb03ea68"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff11, 0x0, 0xffffffffffffffff, 0xfffffffffffffea5}, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r2, &(0x7f0000000200)=@abs={0x1}, 0x6e) socket$isdn_base(0x22, 0x3, 0x0) 339.808082ms ago: executing program 2 (id=1334): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb80, &(0x7f0000000c40)="$eJzs3MtrXFUYAPDv3jyaNrGTiqgtggGpFcVp2hSFrlrXooIuuuyYTErI9GEmggldpHWvLkRcFKR/guDeunAluKgLrX9BEYsU3bQuInce6dBkktjO9PTx+8GZe86c6XzfN5fOPQfmJoAn1kTxkEfsjYiTWUSp9XweEcON3kjESvN1t2+eny5aFqur7/+VRRYRt26en26/V9Y6jrYGIxFx9a0snv50fdz60vJ8pVarLrTGBxdPnztYX1p+fe505VT1VPXMkak3j0y9MTXVw1qvn/vw6xd+eefli5c/m3z3q90/ZXEsxlpznXX0ykRMrH0mnQYjotLrYIkMtOrprDMbTJgQAACbyjvWcM9GKQbizuKtFD/+mjQ5AAAAoCdWByJWAQAAgMdcZv8PAAAAj7n27wBu3Tw/3W5pf5HwYN04HhHjzfrb9zc3ZwZjpXEciaGI2PV3Fp23tWbNf3bfJopI3/1cLVr06T7kzaxciIjnNzr/WaP+8cZd3OvrzyNisgfxJ+4aP0r1H+tB/NT1A/BkunK8eSFbf/3L19Y/scH1b3CDa9e9SH39a6//bq9b/92pf6DL+u+9bcbY9++rV7vNda7/Tnz++0wRvzjeV1H/w40LEfsGN6o/W6s/61L/yW3GGJ2+fqnbXFF/UW+7Pej6Vy9H7I+N62/LNvv7RAdn52rVyeZjlxj7fzhxoFv8zvNftCJ+ey/wIBTnf1eX+rc6/+e2GWP8uT/3dpvbuv78j+Hsg0ZvuPXMJ5XFxYVDEcPZ2+ufP7x5Lu3XtN+jqP+Vlzb//79R/cV3wkrrcyj2Ahdax2J88a6Yo/sPf3vv9fdXUf/MPZ7/L7YZ45vvL33UbS51/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GvKIGIssL6/187xcjhiNiGdiV147W198bfbsx2dmirmI8RjKZ+dq1cmIKDXHWTE+1OjfGR++azwVEXsi4svSzsa4PH22NpO6eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaMRsRYZHk5IvKI+KeU5+Vy6qwAAACAnhtPnQAAAADQd/b/AAAA8Piz/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDP9rx45VoWEStHdzZaYbg1N5Q0M6Df8tQJAMkMpE4ASGYwdQJAMvb4QLbF/EjXmR09zwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh9eBvVeuZRGxcnRnoxWGW3NDSTMD+i1PnQCQzEDqBIBkBlMnACRjjw9kW8yPdJ3Z0fNcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4jTValpcjIm/087xcjngqIsZjKJudq1UnI2J3RPxWGtpRjA+lThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeqy8tz1dqteqCjo6Ozlon9TcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1JeW5yu1WnWhnjoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILX60vJ8pVarLvSxk7pGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS+S8AAP//szUGGQ==") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000526c0)={0x0, [], 0x0, "d30f30dd6d2240"}) pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x3) 337.052452ms ago: executing program 1 (id=1335): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb80, &(0x7f0000000c40)="$eJzs3MtrXFUYAPDv3jyaNrGTiqgtggGpFcVp2hSFrlrXooIuuuyYTErI9GEmggldpHWvLkRcFKR/guDeunAluKgLrX9BEYsU3bQuInce6dBkktjO9PTx+8GZe86c6XzfN5fOPQfmJoAn1kTxkEfsjYiTWUSp9XweEcON3kjESvN1t2+eny5aFqur7/+VRRYRt26en26/V9Y6jrYGIxFx9a0snv50fdz60vJ8pVarLrTGBxdPnztYX1p+fe505VT1VPXMkak3j0y9MTXVw1qvn/vw6xd+eefli5c/m3z3q90/ZXEsxlpznXX0ykRMrH0mnQYjotLrYIkMtOrprDMbTJgQAACbyjvWcM9GKQbizuKtFD/+mjQ5AAAAoCdWByJWAQAAgMdcZv8PAAAAj7n27wBu3Tw/3W5pf5HwYN04HhHjzfrb9zc3ZwZjpXEciaGI2PV3Fp23tWbNf3bfJopI3/1cLVr06T7kzaxciIjnNzr/WaP+8cZd3OvrzyNisgfxJ+4aP0r1H+tB/NT1A/BkunK8eSFbf/3L19Y/scH1b3CDa9e9SH39a6//bq9b/92pf6DL+u+9bcbY9++rV7vNda7/Tnz++0wRvzjeV1H/w40LEfsGN6o/W6s/61L/yW3GGJ2+fqnbXFF/UW+7Pej6Vy9H7I+N62/LNvv7RAdn52rVyeZjlxj7fzhxoFv8zvNftCJ+ey/wIBTnf1eX+rc6/+e2GWP8uT/3dpvbuv78j+Hsg0ZvuPXMJ5XFxYVDEcPZ2+ufP7x5Lu3XtN+jqP+Vlzb//79R/cV3wkrrcyj2Ahdax2J88a6Yo/sPf3vv9fdXUf/MPZ7/L7YZ45vvL33UbS51/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GvKIGIssL6/187xcjhiNiGdiV147W198bfbsx2dmirmI8RjKZ+dq1cmIKDXHWTE+1OjfGR++azwVEXsi4svSzsa4PH22NpO6eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaMRsRYZHk5IvKI+KeU5+Vy6qwAAACAnhtPnQAAAADQd/b/AAAA8Piz/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDP9rx45VoWEStHdzZaYbg1N5Q0M6Df8tQJAMkMpE4ASGYwdQJAMvb4QLbF/EjXmR09zwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh9eBvVeuZRGxcnRnoxWGW3NDSTMD+i1PnQCQzEDqBIBkBlMnACRjjw9kW8yPdJ3Z0fNcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4jTValpcjIm/087xcjngqIsZjKJudq1UnI2J3RPxWGtpRjA+lThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeqy8tz1dqteqCjo6Ozlon9TcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1JeW5yu1WnWhnjoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILX60vJ8pVarLvSxk7pGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS+S8AAP//szUGGQ==") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x108) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000526c0)={0x0, [], 0x0, "d30f30dd6d2240"}) pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x3) 213.217042ms ago: executing program 1 (id=1336): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb80, &(0x7f0000000c40)="$eJzs3MtrXFUYAPDv3jyaNrGTiqgtggGpFcVp2hSFrlrXooIuuuyYTErI9GEmggldpHWvLkRcFKR/guDeunAluKgLrX9BEYsU3bQuInce6dBkktjO9PTx+8GZe86c6XzfN5fOPQfmJoAn1kTxkEfsjYiTWUSp9XweEcON3kjESvN1t2+eny5aFqur7/+VRRYRt26en26/V9Y6jrYGIxFx9a0snv50fdz60vJ8pVarLrTGBxdPnztYX1p+fe505VT1VPXMkak3j0y9MTXVw1qvn/vw6xd+eefli5c/m3z3q90/ZXEsxlpznXX0ykRMrH0mnQYjotLrYIkMtOrprDMbTJgQAACbyjvWcM9GKQbizuKtFD/+mjQ5AAAAoCdWByJWAQAAgMdcZv8PAAAAj7n27wBu3Tw/3W5pf5HwYN04HhHjzfrb9zc3ZwZjpXEciaGI2PV3Fp23tWbNf3bfJopI3/1cLVr06T7kzaxciIjnNzr/WaP+8cZd3OvrzyNisgfxJ+4aP0r1H+tB/NT1A/BkunK8eSFbf/3L19Y/scH1b3CDa9e9SH39a6//bq9b/92pf6DL+u+9bcbY9++rV7vNda7/Tnz++0wRvzjeV1H/w40LEfsGN6o/W6s/61L/yW3GGJ2+fqnbXFF/UW+7Pej6Vy9H7I+N62/LNvv7RAdn52rVyeZjlxj7fzhxoFv8zvNftCJ+ey/wIBTnf1eX+rc6/+e2GWP8uT/3dpvbuv78j+Hsg0ZvuPXMJ5XFxYVDEcPZ2+ufP7x5Lu3XtN+jqP+Vlzb//79R/cV3wkrrcyj2Ahdax2J88a6Yo/sPf3vv9fdXUf/MPZ7/L7YZ45vvL33UbS51/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GvKIGIssL6/187xcjhiNiGdiV147W198bfbsx2dmirmI8RjKZ+dq1cmIKDXHWTE+1OjfGR++azwVEXsi4svSzsa4PH22NpO6eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaMRsRYZHk5IvKI+KeU5+Vy6qwAAACAnhtPnQAAAADQd/b/AAAA8Piz/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDP9rx45VoWEStHdzZaYbg1N5Q0M6Df8tQJAMkMpE4ASGYwdQJAMvb4QLbF/EjXmR09zwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh9eBvVeuZRGxcnRnoxWGW3NDSTMD+i1PnQCQzEDqBIBkBlMnACRjjw9kW8yPdJ3Z0fNcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4jTValpcjIm/087xcjngqIsZjKJudq1UnI2J3RPxWGtpRjA+lThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeqy8tz1dqteqCjo6Ozlon9TcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1JeW5yu1WnWhnjoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILX60vJ8pVarLvSxk7pGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS+S8AAP//szUGGQ==") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000745c0)={0x0, [], 0x0, "7464fbe08eb369"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, 0x0) pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x3) 177.606185ms ago: executing program 2 (id=1337): r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = syz_io_uring_setup(0xf3d, &(0x7f0000000480), &(0x7f0000000080), &(0x7f0000000540)) r3 = eventfd(0x0) io_uring_register$IORING_REGISTER_EVENTFD(r2, 0x4, &(0x7f0000000040)=r3, 0x1) 95.713182ms ago: executing program 1 (id=1338): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x0, 0x8, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f00000000c0), &(0x7f0000000100)=r0}, 0x20) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000040)={r1, &(0x7f00000007c0), 0x20000000}, 0x20) 35.906837ms ago: executing program 2 (id=1339): r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000003200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0xfffffe05, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="c00000002a00010000000000000000000100000004000080a50001"], 0xc0}}, 0x0) 28.841677ms ago: executing program 1 (id=1340): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000500)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000180)={r1}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000480)={0x0}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x58}}, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x7, &(0x7f00000000c0), 0xffffff6b) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x300}, 0x1c) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000080)={r2, 0x3, r0, 0x5}) bind$inet6(0xffffffffffffffff, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) shutdown(0xffffffffffffffff, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000040)={0x1, 0xffffffff}, 0x8) sendto$inet6(0xffffffffffffffff, &(0x7f0000000100)="bc", 0x1, 0x8000, &(0x7f00000000c0)={0xa, 0x4e22, 0xffffffff, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c) close(0xffffffffffffffff) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sync() socket$packet(0x11, 0xa, 0x300) r5 = socket$inet_udp(0x2, 0x2, 0x0) mbind(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3, 0x0, 0x400, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x102a, &(0x7f0000001040)={@multicast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x101c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x1008, 0x0, @opaque="07040198cebca2eba2b9720819cf475a66bf5deb2f6825052a35ab2e6dcbb56c571e67028581fc42ef904a2e23adb9254f7974c27b7cfbb46aa50836ab2fcedd8520ec7ccfb81c8f81d5255d482d1773ac056d7271b282000928a58861a09f63490a2a858c45cc3415c7d2934b4bd3a457f7b855dd1328047a6f2dc06b64bb3d7022c7d909284148067461e1294f8c7b162cd855bd4bb199bc15afb586dce3b884acc08d31af62080a13a8024322020680926e8cd6c412db72a1301b3cd4815ae2c007a28aee8e0ddefd70927f6316311746cb29f1d34619c1f5ab6afbfb661fed51971a1afaa1cb4a2fde4a7ddaceba71dc1cb956ff7ef480a0762eaf6d489846f8458ab26e5c82377c4cc82efffe55300b587d7e0f63728727992cf02308dd309a7ec17e7e9e664bd75fee586096b58e12f19eca1a1e7aebd64a3c549f904c4216954cc7900e4042df63d59669acf19631d45fed25d5f75c496c801288b6e7fabfa794836bbb28ebbf6c1cad669529baabb17eb96d9deafd6b4d53d2b8467dcdf4c0ea260e8cbbc1b573ca6daafe577bf2ea8e1c549228eab71f23622bf77cba783416bf64bcbf6ce11ddae8a934029da3f46f515e27557917ccf390465478a5fe5ca60c57aa5b4935d02be3707f0dcaace39ffaa69602ed700a40cf890aff1992527ba5152ad4f2fdd2f0c98a7d23fdfeae3614df3f5bc8e87dd703c2f90cc8e58930911566d49434dbf046a253820529d2c8b8c0fe11fc563c93a844cc050deb4b82351782d91b09d1b9300d15a1b1580da1361d85ec97840a25017a10bd10ab2496bbbb9d07fc93f7a6ae8464df5f83f7070c1977499856a234f23ef9b3f697c9a31b8f1078b0cf51854f5ae31ca758aad6fca971e65e96edd9e763d3ec4822ad36ffb6af8d7a479a70018bde96f642b73c6722c2f661caec1ffa3c888478686eba4739e414fe0f1467507a9fa48228eaa6c94164c6e812697e7a880c7d0cc72881b41e923c1c4caa183e63ebab705e5439ba355b25ca76f53c8f9eaeef2f9185edc83bef9d764f51348f5b05212cf2e70fc756aee6e9a1b259ccad4202d0be8cdfe676e74a6e70eac0f906c97a9f367260f4a3f0d976c44f17c5c8fc36430ccb5cb747cddc0f6ce8bcf7be76e44cd8153d567c3044cfc774cdb5962c03f24973279cd8e9cf1b76ce88ffcf3582992c647b9539af1da872c2a713f61caad8a40eaa76699bafc6e51ed033f0932abf4e1548b27f02989f4afb42a9573713b6251929549a0fbdbdbd84463a7d1861ff3ac078511d319b63c584ee1091d720ad8c8e7ecc756204d6c4a08388a62d1eb54dc75bdf1c30415d6a8f27f007619a6329bc6e1185694f86552e17e40fb1c729be46e2ee520890a76a9f7dd085e0b9a030497b4746f01ddb3d4062e78df62ae11a20a2425a64d9549572b46086d8c0996008a67383161bc8077c9b0201afdfa5c52dde3e0dcc61613b647a064d7e6e78fbdd7eb79fff390e46ef338844d5c6e227acc6024d49bb4d19acb74501be8f769e53ba5280502341a2b83d5833ba2a02a1808806dc33b1b7994dd24bf8dcfd67225cf690fc0d435283630849677822d4aa6cc76a747a98050279c61500f6a0160ad14a6035591ea171032b4fbef9e96cc3c74f47d986a741c8e386c14b3b290c24d17c33ee242d2f5a6b3372757136a4a4939b9844bffb5b78f892c1825924b57ff0e3eaf095e110aff0df81d32308f20d00b817836bc7e6732f167ab7fcfaead7f545989ee083d842dba008af1cd7fc576db09d0a3c52e7c75d3a9e70126e9350d467dc266f62e969fcc22e002a5be88306d2e8d849ff2d3285f6230f7ebca7ce46e2fcd04ae8ad0c53a3def2f9eecdcc3497b313c4c9b003837fd23734055868147402f1eac00a9e4e3c134b22ea825dae1a1101673ac5f4fb85ea9a358ae88e8166ffee26a222a25947d814727b33da83519a81d58308a19a28d0459dbb2fa006230e38518a04eebe70858be442782b4727c6917928e5163fb9c27bc1ec32dfeb642830a9a21e1050e256f6cdd455719f67b5e30ccda0f1027f298e1f4adbb24e090534f485e079492c8354ac1973cbc7a262ec89352b0cf19936b9e7da2e0c375552274029856bba69949318fb34ab4f4663c93943495c30ec32e0cfc9638bd63a26000e1216874ae5e1cc8ec7bb5babb4840c68cdcc7990edca909a8d84a4f118585127d0545c4a6a05d5d7a87bedb035340561f2524d892429bfab991f17477cdda4309f07f1666b0dc8621620790b57cf66cb3f557c52afc3ec0bbb4a8a04229e271c30414190fe869a7ada4f166cc074cb4f88dd871d60955683eb7711583af099bbe3caf7d5236da60c7fe2db66097158f49ea3b1a60472431b5ae0cce69aa817b4bbca9e5497ec7ca6c38eb267f2405be2613b6be29cdb33f435f7b2683063c3265e5003fa4be6a1b1f4f4487ab97e80ccfa875a3f5e2c79f4c323441527d7bb0b2ba72e38415730a2539ef65c7e2fd9ce81f168f17cb4cfbd251f0627833588f7689eb58fa361a417736ef7276f7fe5fb698b0f190c683bf14446ab3e96a519ed787dbd5812c1ed988d9b845d099bc3180d438472c42102cfc180703349d4148939342eee92d34596a8f18dc8e58619f61867642b05db1f37f566f4e0e87e3fc8b4a8523f81afee47f33f515decfae8274962c737b30d055721a896f86991beb4fc94312afb528f4551b8aca80c4eb4626be74e76a75aa2ac64e8f75068fa5c19fe3df2eeba4f942d9db88fe6f79b10527aafc5233f3221078e52101866e067fe040394b3bab14eaf280f7a0302b238472e00eb2cca90835de094fb6c89f2d00ad1e846cbc5ea11bb6dee6b6cdcb950e3f041e6e8fabc191cd5338a5a84afd87bec92424b477282a31397bf6ddd664155975aa034b93281eef226bd012ca3736adce3d43c9d601554640f0d4ea0832e4f19846f568fcca8c8c799d3dab030dced9e79feed06583afd046dd0b796130d58d296651a2072a20ffa33c8c7eee5952c0d9fb14a0dd26ae6f25012a865f4e60c952d394009114a7ccb98316ab53e22b87ca6ac313d89e4aed30f59cb2d6ef2b0074a1e5553bafe286569ff2885b17f546a5c4dba836fbcb8ccdef44e20cfc69b6f7b90a1b1a65a507828bdb1851fb74094bb3fc3a9daacfc56a4bfd08c322fefdc8c20f549113439263968b5f49b6d1c1226d50e9a719c0340bbfa04dde2e66ead838f4a3d08056b9c39d40515f36d0cae8f957ed47763ddab879a7c9adf913ab75874df267a66b79bc5ffefd1a08da0a59b54ec1a5be375e23aa07680ac6f6df2362333691654d877a92535255b8e59f648bcb0aebf6ffc67bdf5510989fe5ede066a7aa2d6155f1d0b9454ec1e0a76f78726087bc489167df25a3746d4e0feb71db9bdb348c3af2c9e8ea84d7fe25e8a52864c01f7aad71850f53a06795730fc001871534059a62e4342a29f42f72be53538b0299951a61af231e5ae9fa897bbcf885396a2a6b21fc0bfdccc5f987a44c1ba1151a0ed4e8fc986aaab6d4601a35bf3f3d1af31cea4ec9d28614be62c830db61c47d85786f1d2e17503a9fed903619d7d693c1d01ec370c63ff39fbe5aca071499ad136a3242b20cca12545e8bb74b2d4b0f57ef12fbba0015d01de963d4b0c2f9075298fc615c901a20ae8bca091c71f7c9eb8c309dda7296950b640563802e81d7ad2c2c7e31601ef763f7f9bdd30b76dc7dc442ff1177a00e105ebf02151b2ed247928f6dc7971ba2e73a1d098bcdf3afcb27c3c3af486dbb93ebde28c59561ec89c27be3aed2f2b7ccefbe3f9a81518a9bf7171eb2aa66ae266f5a9faee1fca8d3e5e14fffad9b5ad9acac14a4f5822cca84cd9e2ba20ca44cbb5366d19952500899902316924d1b36c2da87d01c3229b1cb9e7c1343be8ce25c2a74f8d317cb65d05ddfeb8ca9653fced77a2630ad64601bdeff1fa672682fd6835511b20ec26f5e9dfe0862c32c5d56a603c4223f0f422aecbe2dda5eb5966d9a4fb385cae5cf2d596ee8b2d348df1ba225e405540c5ae50c82ecbbe9c0f26fbe2769f629018a1f97f04e1840b50bf64c4e5833ff123e66ffb9be92bf55d82ed0e305b042fd0a487ccca6db25a921bbc446501782d54db14eef5cc4a1248cf193c2584d73a1d7295b7dcb174324b2731f305bfc26d73a114d1e470138bbad5c444a0a957d587a5262e663d332f694045fb137590f5e0ed5b69a853e7f7c0249251e753ca1dace2263f341a00f4ab4283d2f02bccdde8afb53891dab7a3b412f6802ec903bbcd72340addfb3ab43ffe21c2c0c1e071d55d8c4820a1580c8e7fe122af528ca328ed1bb021d6a907ce19b837bea4b1c393d814aa9ebc538bcb3f192c1a4d93c3dd43b178518c8812315a093598ef090be02b97c13416ec781ab975c8d97a882e984ca022aaa3ce679ae82a5c7ff3099ead1a8e318b68e0be06356b04352f1d1127c60a9b1b678a513b453e62c0050bfaadc1d4426dcbcab438285908509491ed57e3a22ab8f76e54fa0470aa04440175f3e07c725e061bc4e88c7d69f5eddc3c403568f7e7e55f89ca3970a17458161eb1ccd51746e03e15355430674dc662b56f09e338e21a0e166a61f52b0ec68dc7cf281e6133baf6ba3368250f2c4649957a106ef025c0063371b0f5ef2944e2ac7a3ee3203583661c1b35a71cb0df8b6daf33718b43f95606a758402c720875584b74c7fe6a41a1edd38450265153cab24c2ddb4613c38e06f7f8e8962dde702ee0972a73ac8d745738f40258c2c96cc068e508957afead40750731172ce351cf2f553b921d11ca5165031e7c78a0e02f9396fa6eb7b89ba6937195a746591f1233d591ec78c153e3b715e93a9a1db368ec8258c2cd9aff57a5f34ab849a6d5579ca7acd1f576947e7bf6e6e64a66d41a17ed608054e3126b844d5063ec35dfff22af3003e012dbbc0cb848a1fc7887e6c339999f85f93bd031f1999568c5f3b79184f7d9042c2d56e5839e1aafe501aa3964e0fb12a7ed41e1645c2acfeeb4bc368ee15261384bc00936f4969880196a52a16d4a5d68b2cf5c6030bb9141d46b5a0b9d1ade2bf0172a39aa287f3d25213b72b4fb196b364c30565740511e31b26102656c20ca664218ed78166030993da115a1076fe642b45559b7c21aa33b411df42e2936d30b3bbf572ae069b98679bc4b055c69c618986b1d3bdc212a647408a840992b0b4466e6ac9db0f5d91cfd55e54de37801d4853ec04a8129a428949383448cd9ba131a111abb2333d2d56da33cc95674c4dd2f67a65266da53058134a51eebe935a119a0ef5185920a4606c62d4b4c6b6b6416024b1a09a6087334a8977b066b50ad73f88bf9e92afab24a9a33aeb0d17381275a552ea25fb15af58bb5d73e022e6cd6cd5fce5118ab2bf4f19e85c838c1c216fa79d868eeae9ecb3628b9b42b9b7ee7248dc77e81f4f643743e437f34ed415b782065b8ee0d04f54a5ad3e7b60f2569b4556683879ab3abc3d0f38b2d27fed8f20edda15a42dd147b8535d68ad5025de9fd7567a1a610eb758e8071238dd9b29300839ce9de12d2ee834a6f9e0ab3ec1cbc448c30ebdcb1a1e3ee545cb9123c5ece43ca8f6508fd958058fa70ed580c7940190d4b9664917a9c18bf8a86fb89224331e80784a105c2dfcfe6673f1643328522cb07bb8398182e14d5a484db358a369798deb21c79dc5719c30ebf4e1b2beb85b5265a705fb7005a49a16ba8536643434290ff514ef24605a4"}}}}}, 0x0) 0s ago: executing program 2 (id=1341): socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x44, 0x14, 0x509, 0x0, 0x0, {0x2, 0x1, 0x0, 0xfd, r2}, [@IFA_LOCAL={0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IFA_BROADCAST={0x8, 0x4, @multicast1}, @IFA_BROADCAST={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x1f}}, @IFA_LABEL={0x14, 0x3, 'veth1_to_bond\x00'}]}, 0x44}}, 0x0) kernel console output (not intermixed with test programs): : adding VLAN 0 to HW filter on device batadv0 [ 80.441316][ T5664] loop1: detected capacity change from 0 to 512 [ 80.461525][ T5515] veth0_vlan: entered promiscuous mode [ 80.474029][ T5664] FAULT_INJECTION: forcing a failure. [ 80.474029][ T5664] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 80.478022][ T5515] veth1_vlan: entered promiscuous mode [ 80.487136][ T5664] CPU: 0 UID: 0 PID: 5664 Comm: syz.1.673 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 80.503247][ T5664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 80.513371][ T5664] Call Trace: [ 80.516672][ T5664] [ 80.516883][ T5515] veth0_macvtap: entered promiscuous mode [ 80.519600][ T5664] dump_stack_lvl+0xf2/0x150 [ 80.527730][ T5515] veth1_macvtap: entered promiscuous mode [ 80.529894][ T5664] dump_stack+0x15/0x20 [ 80.539812][ T5664] should_fail_ex+0x229/0x230 [ 80.544600][ T5664] should_fail+0xb/0x10 [ 80.545720][ T5515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.548837][ T5664] should_fail_usercopy+0x1a/0x20 [ 80.559403][ T5515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.564447][ T5664] _copy_from_user+0x1e/0xd0 [ 80.574373][ T5515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.578909][ T5664] sctp_getsockopt_scheduler_value+0x67/0x2e0 [ 80.589418][ T5515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.595457][ T5664] sctp_getsockopt+0x63f/0xab0 [ 80.605403][ T5515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.610087][ T5664] sock_common_getsockopt+0x5b/0x70 [ 80.620494][ T5515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.625652][ T5664] do_sock_getsockopt+0x121/0x1a0 [ 80.635485][ T5515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.640460][ T5664] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 80.650930][ T5515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.656851][ T5664] __sys_getsockopt+0x19a/0x210 [ 80.671862][ T5664] __x64_sys_getsockopt+0x66/0x80 [ 80.672165][ T5515] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.676962][ T5664] x64_sys_call+0x128f/0x2e00 [ 80.677026][ T5664] do_syscall_64+0xc9/0x1c0 [ 80.689788][ T5515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.693392][ T5664] ? clear_bhb_loop+0x55/0xb0 [ 80.703950][ T5515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.703964][ T5515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.708622][ T5664] ? clear_bhb_loop+0x55/0xb0 [ 80.708659][ T5664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.708691][ T5664] RIP: 0033:0x7f4eec5c7299 [ 80.708707][ T5664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.708728][ T5664] RSP: 002b:00007f4eeb247048 EFLAGS: 00000246 [ 80.718542][ T5515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.728896][ T5664] ORIG_RAX: 0000000000000037 [ 80.728907][ T5664] RAX: ffffffffffffffda RBX: 00007f4eec755f80 RCX: 00007f4eec5c7299 [ 80.728924][ T5664] RDX: 000000000000007c RSI: 0000000000000084 RDI: 0000000000000003 [ 80.733593][ T5515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.739463][ T5664] RBP: 00007f4eeb2470a0 R08: 0000000020001080 R09: 0000000000000000 [ 80.739482][ T5664] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 80.739497][ T5664] R13: 000000000000000b R14: 00007f4eec755f80 R15: 00007fff61c4f4c8 [ 80.739516][ T5664] [ 80.744102][ T5515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.744124][ T5515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.859237][ T5515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.892805][ T5515] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.911909][ T5515] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.920930][ T5515] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.929792][ T5515] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.934252][ T5670] loop4: detected capacity change from 0 to 512 [ 80.938591][ T5515] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.987802][ T5670] ext4 filesystem being mounted at /14/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 81.015825][ T5670] netlink: 8 bytes leftover after parsing attributes in process `syz.4.676'. [ 81.028292][ T29] audit: type=1400 audit(1721957989.603:430): avc: denied { connect } for pid=5669 comm="syz.4.676" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 81.108516][ T29] audit: type=1400 audit(1721957989.703:431): avc: denied { mount } for pid=5669 comm="syz.4.676" name="/" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 81.140367][ T5685] loop2: detected capacity change from 0 to 4096 [ 81.174326][ T5688] loop3: detected capacity change from 0 to 128 [ 81.207760][ T5688] msdos: Unknown parameter 'd' [ 81.284812][ T5691] loop1: detected capacity change from 0 to 4096 [ 81.303607][ T5194] EXT4-fs error (device loop4): ext4_readdir:260: inode #12: block 32: comm syz-executor: path /14/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 81.331875][ T29] audit: type=1400 audit(1721957989.893:432): avc: denied { unmount } for pid=5194 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 81.435502][ T5703] loop0: detected capacity change from 0 to 4096 [ 81.564967][ T5711] loop2: detected capacity change from 0 to 4096 [ 81.619505][ T5717] loop3: detected capacity change from 0 to 2048 [ 81.644070][ T5722] loop1: detected capacity change from 0 to 128 [ 81.673242][ T5717] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.691: bg 0: block 136: padding at end of block bitmap is not set [ 81.690086][ T5722] msdos: Unknown parameter 'd' [ 81.753835][ T5728] loop1: detected capacity change from 0 to 4096 [ 81.797525][ T29] audit: type=1400 audit(1721957990.393:433): avc: denied { setattr } for pid=5716 comm="syz.3.691" path="/188/file1/bus" dev="loop3" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 81.804997][ T5734] loop2: detected capacity change from 0 to 128 [ 81.822867][ T5732] loop1: detected capacity change from 0 to 4096 [ 81.874297][ T5730] loop2: detected capacity change from 0 to 128 [ 81.900411][ T5738] loop0: detected capacity change from 0 to 128 [ 81.926887][ T5737] loop1: detected capacity change from 0 to 4096 [ 81.960612][ T5738] ext4 filesystem being mounted at /47/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 82.198468][ T5747] nft_compat: unsupported protocol 1 [ 82.228494][ T5747] loop2: detected capacity change from 0 to 512 [ 82.245604][ T5747] EXT4-fs: Ignoring removed bh option [ 82.265799][ T5747] EXT4-fs error (device loop2): __ext4_iget:4985: inode #15: block 1803188595: comm syz.2.700: invalid block [ 82.312956][ T5747] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.700: couldn't read orphan inode 15 (err -117) [ 82.334397][ T5756] FAULT_INJECTION: forcing a failure. [ 82.334397][ T5756] name failslab, interval 1, probability 0, space 0, times 0 [ 82.347080][ T5756] CPU: 0 UID: 0 PID: 5756 Comm: syz.0.703 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 82.357350][ T5756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 82.367427][ T5756] Call Trace: [ 82.370748][ T5756] [ 82.373924][ T5756] dump_stack_lvl+0xf2/0x150 [ 82.378977][ T5756] dump_stack+0x15/0x20 [ 82.383254][ T5756] should_fail_ex+0x229/0x230 [ 82.387956][ T5756] ? __vmalloc_node_range_noprof+0x44b/0xef0 [ 82.393964][ T5756] should_failslab+0x8f/0xb0 [ 82.398609][ T5756] __kmalloc_node_noprof+0xa8/0x380 [ 82.403844][ T5756] __vmalloc_node_range_noprof+0x44b/0xef0 [ 82.409731][ T5756] ? _raw_spin_unlock+0x26/0x50 [ 82.414705][ T5756] ? class_find_device+0x258/0x290 [ 82.419845][ T5756] ? n_tty_open+0x1b/0xe0 [ 82.424386][ T5756] vzalloc_noprof+0x5e/0x70 [ 82.429087][ T5756] ? n_tty_open+0x1b/0xe0 [ 82.433511][ T5756] n_tty_open+0x1b/0xe0 [ 82.437699][ T5756] tty_ldisc_setup+0x83/0x230 [ 82.442418][ T5756] tty_init_dev+0x182/0x320 [ 82.446951][ T5756] tty_open+0x6cd/0xb00 [ 82.451144][ T5756] chrdev_open+0x323/0x3a0 [ 82.455673][ T5756] ? __pfx_chrdev_open+0x10/0x10 [ 82.460638][ T5756] do_dentry_open+0x647/0xa50 [ 82.465358][ T5756] vfs_open+0x3b/0x1f0 [ 82.469524][ T5756] path_openat+0x1a26/0x1f10 [ 82.474195][ T5756] do_filp_open+0xf7/0x200 [ 82.478825][ T5756] do_sys_openat2+0xab/0x120 [ 82.483446][ T5756] __x64_sys_openat+0xf3/0x120 [ 82.488298][ T5756] x64_sys_call+0x1ac/0x2e00 [ 82.493009][ T5756] do_syscall_64+0xc9/0x1c0 [ 82.497545][ T5756] ? clear_bhb_loop+0x55/0xb0 [ 82.502290][ T5756] ? clear_bhb_loop+0x55/0xb0 [ 82.507146][ T5756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.513102][ T5756] RIP: 0033:0x7fc585c27299 [ 82.517577][ T5756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.537318][ T5756] RSP: 002b:00007fc5848a7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 82.545888][ T5756] RAX: ffffffffffffffda RBX: 00007fc585db5f80 RCX: 00007fc585c27299 [ 82.553879][ T5756] RDX: 000000000006e002 RSI: 0000000020000100 RDI: ffffffffffffff9c [ 82.561872][ T5756] RBP: 00007fc5848a70a0 R08: 0000000000000000 R09: 0000000000000000 [ 82.569863][ T5756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 82.577865][ T5756] R13: 000000000000000b R14: 00007fc585db5f80 R15: 00007ffe40a67348 [ 82.585912][ T5756] [ 82.589205][ T5756] syz.0.703: vmalloc error: size 12288, failed to allocated page array size 24, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0 [ 82.606435][ T5756] CPU: 0 UID: 0 PID: 5756 Comm: syz.0.703 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 82.616705][ T5756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 82.626939][ T5756] Call Trace: [ 82.630242][ T5756] [ 82.633195][ T5756] dump_stack_lvl+0xf2/0x150 [ 82.637819][ T5756] dump_stack+0x15/0x20 [ 82.641993][ T5756] warn_alloc+0x145/0x1b0 [ 82.646344][ T5756] ? dump_stack+0x15/0x20 [ 82.650766][ T5756] ? should_fail_ex+0x198/0x230 [ 82.655690][ T5756] __vmalloc_node_range_noprof+0x4df/0xef0 [ 82.661622][ T5756] ? _raw_spin_unlock+0x26/0x50 [ 82.666802][ T5756] ? class_find_device+0x258/0x290 [ 82.671923][ T5756] ? n_tty_open+0x1b/0xe0 [ 82.676328][ T5756] vzalloc_noprof+0x5e/0x70 [ 82.680895][ T5756] ? n_tty_open+0x1b/0xe0 [ 82.685244][ T5756] n_tty_open+0x1b/0xe0 [ 82.689474][ T5756] tty_ldisc_setup+0x83/0x230 [ 82.694162][ T5756] tty_init_dev+0x182/0x320 [ 82.698675][ T5756] tty_open+0x6cd/0xb00 [ 82.702941][ T5756] chrdev_open+0x323/0x3a0 [ 82.707369][ T5756] ? __pfx_chrdev_open+0x10/0x10 [ 82.712386][ T5756] do_dentry_open+0x647/0xa50 [ 82.717178][ T5756] vfs_open+0x3b/0x1f0 [ 82.721266][ T5756] path_openat+0x1a26/0x1f10 [ 82.725912][ T5756] do_filp_open+0xf7/0x200 [ 82.730353][ T5756] do_sys_openat2+0xab/0x120 [ 82.735150][ T5756] __x64_sys_openat+0xf3/0x120 [ 82.739954][ T5756] x64_sys_call+0x1ac/0x2e00 [ 82.744598][ T5756] do_syscall_64+0xc9/0x1c0 [ 82.749138][ T5756] ? clear_bhb_loop+0x55/0xb0 [ 82.753833][ T5756] ? clear_bhb_loop+0x55/0xb0 [ 82.758605][ T5756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.764516][ T5756] RIP: 0033:0x7fc585c27299 [ 82.768978][ T5756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.788678][ T5756] RSP: 002b:00007fc5848a7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 82.797109][ T5756] RAX: ffffffffffffffda RBX: 00007fc585db5f80 RCX: 00007fc585c27299 [ 82.805154][ T5756] RDX: 000000000006e002 RSI: 0000000020000100 RDI: ffffffffffffff9c [ 82.813137][ T5756] RBP: 00007fc5848a70a0 R08: 0000000000000000 R09: 0000000000000000 [ 82.821115][ T5756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 82.829093][ T5756] R13: 000000000000000b R14: 00007fc585db5f80 R15: 00007ffe40a67348 [ 82.837154][ T5756] [ 82.840287][ T5756] Mem-Info: [ 82.843551][ T5756] active_anon:9845 inactive_anon:2 isolated_anon:0 [ 82.843551][ T5756] active_file:14536 inactive_file:2093 isolated_file:0 [ 82.843551][ T5756] unevictable:0 dirty:103 writeback:0 [ 82.843551][ T5756] slab_reclaimable:2769 slab_unreclaimable:14069 [ 82.843551][ T5756] mapped:20923 shmem:619 pagetables:827 [ 82.843551][ T5756] sec_pagetables:0 bounce:0 [ 82.843551][ T5756] kernel_misc_reclaimable:0 [ 82.843551][ T5756] free:1879452 free_pcp:34969 free_cma:0 [ 82.889137][ T5756] Node 0 active_anon:39380kB inactive_anon:8kB active_file:58144kB inactive_file:8372kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83692kB dirty:412kB writeback:0kB shmem:2476kB writeback_tmp:0kB kernel_stack:2976kB pagetables:3308kB sec_pagetables:0kB all_unreclaimable? no [ 82.916877][ T5756] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 82.943828][ T5756] lowmem_reserve[]: 0 2866 7844 0 [ 82.948938][ T5756] Node 0 DMA32 free:2950312kB boost:0kB min:4136kB low:7068kB high:10000kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953944kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:100kB free_cma:0kB [ 82.977574][ T5756] lowmem_reserve[]: 0 0 4978 0 [ 82.982427][ T5756] Node 0 Normal free:4552136kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB active_anon:39380kB inactive_anon:8kB active_file:58144kB inactive_file:8372kB unevictable:0kB writepending:412kB present:5242880kB managed:5098208kB mlocked:0kB bounce:0kB free_pcp:136244kB local_pcp:60916kB free_cma:0kB [ 83.012727][ T5756] lowmem_reserve[]: 0 0 0 0 [ 83.017309][ T5756] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 83.029967][ T5756] Node 0 DMA32: 2*4kB (M) 0*8kB 2*16kB (M) 2*32kB (M) 3*64kB (M) 3*128kB (M) 4*256kB (M) 3*512kB (M) 2*1024kB (M) 2*2048kB (M) 718*4096kB (M) = 2950312kB [ 83.045970][ T5756] Node 0 Normal: 244*4kB (UME) 89*8kB (UME) 34*16kB (UME) 44*32kB (UME) 37*64kB (UME) 19*128kB (UM) 15*256kB (UME) 15*512kB (UME) 10*1024kB (UME) 6*2048kB (UME) 1101*4096kB (UM) = 4552184kB [ 83.065231][ T5756] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 83.074616][ T5756] 17655 total pagecache pages [ 83.077716][ T5758] loop1: detected capacity change from 0 to 4096 [ 83.079310][ T5756] 2 pages in swap cache [ 83.089870][ T5756] Free swap = 124820kB [ 83.094112][ T5756] Total swap = 124996kB [ 83.098563][ T5756] 2097051 pages RAM [ 83.102374][ T5756] 0 pages HighMem/MovableOnly [ 83.107114][ T5756] 80173 pages reserved [ 83.119093][ T5756] ttyS ttyS3: ldisc open failed (-12), clearing slot 3 [ 83.156601][ T5762] loop2: detected capacity change from 0 to 128 [ 83.185251][ T5760] loop3: detected capacity change from 0 to 4096 [ 83.191438][ T5762] msdos: Unknown parameter 'd' [ 83.238326][ T5767] loop0: detected capacity change from 0 to 4096 [ 83.353998][ T29] audit: type=1400 audit(1721957991.943:434): avc: denied { connect } for pid=5782 comm="syz.1.712" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 83.373622][ T29] audit: type=1400 audit(1721957991.943:435): avc: denied { name_connect } for pid=5782 comm="syz.1.712" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 83.403747][ T29] audit: type=1400 audit(1721957991.963:436): avc: denied { listen } for pid=5779 comm="syz.3.711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 83.423053][ T29] audit: type=1400 audit(1721957991.963:437): avc: denied { read write } for pid=5779 comm="syz.3.711" name="rdma_cm" dev="devtmpfs" ino=226 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 83.446334][ T29] audit: type=1400 audit(1721957991.963:438): avc: denied { open } for pid=5779 comm="syz.3.711" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=226 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 83.470501][ T29] audit: type=1400 audit(1721957991.963:439): avc: denied { getopt } for pid=5779 comm="syz.3.711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 83.498147][ T5789] nft_compat: unsupported protocol 1 [ 83.516170][ T5789] loop3: detected capacity change from 0 to 512 [ 83.522865][ T5789] EXT4-fs: Ignoring removed bh option [ 83.549527][ T5789] EXT4-fs error (device loop3): __ext4_iget:4985: inode #15: block 1803188595: comm syz.3.715: invalid block [ 83.563454][ T5789] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.715: couldn't read orphan inode 15 (err -117) [ 83.626334][ T29] audit: type=1326 audit(1721957992.223:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5794 comm="syz.1.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4eec5c7299 code=0x7ffc0000 [ 83.664109][ T5798] loop0: detected capacity change from 0 to 4096 [ 83.674829][ T5800] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 83.674829][ T5800] program syz.3.718 not setting count and/or reply_len properly [ 83.692319][ T29] audit: type=1326 audit(1721957992.223:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5794 comm="syz.1.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f4eec5c7299 code=0x7ffc0000 [ 83.715633][ T29] audit: type=1326 audit(1721957992.223:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5794 comm="syz.1.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4eec5c7299 code=0x7ffc0000 [ 83.739157][ T29] audit: type=1326 audit(1721957992.223:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5794 comm="syz.1.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7f4eec5c7299 code=0x7ffc0000 [ 83.809160][ T5803] loop3: detected capacity change from 0 to 128 [ 83.818019][ T5803] msdos: Unknown parameter 'd' [ 83.818433][ C1] eth0: bad gso: type: 1, size: 1408 [ 83.906305][ T5812] FAULT_INJECTION: forcing a failure. [ 83.906305][ T5812] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 83.907775][ T5805] loop0: detected capacity change from 0 to 4096 [ 83.919493][ T5812] CPU: 1 UID: 0 PID: 5812 Comm: syz.1.722 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 83.919524][ T5812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 83.919537][ T5812] Call Trace: [ 83.919547][ T5812] [ 83.952527][ T5812] dump_stack_lvl+0xf2/0x150 [ 83.957151][ T5812] dump_stack+0x15/0x20 [ 83.961333][ T5812] should_fail_ex+0x229/0x230 [ 83.966037][ T5812] should_fail+0xb/0x10 [ 83.970295][ T5812] should_fail_usercopy+0x1a/0x20 [ 83.975463][ T5812] _copy_to_iter+0x246/0xaf0 [ 83.980113][ T5812] ? __virt_addr_valid+0x1ed/0x250 [ 83.985278][ T5812] ? __check_object_size+0x35b/0x510 [ 83.990597][ T5812] seq_read_iter+0x7a2/0x940 [ 83.995292][ T5812] seq_read+0x1eb/0x230 [ 83.999647][ T5812] ? __pfx_seq_read+0x10/0x10 [ 84.004442][ T5812] proc_reg_read+0x145/0x1e0 [ 84.009084][ T5812] vfs_readv+0x3f1/0x660 [ 84.013341][ T5812] ? __pfx_proc_reg_read+0x10/0x10 [ 84.018506][ T5812] __x64_sys_preadv+0x100/0x1c0 [ 84.023419][ T5812] x64_sys_call+0x140b/0x2e00 [ 84.028147][ T5812] do_syscall_64+0xc9/0x1c0 [ 84.032750][ T5812] ? clear_bhb_loop+0x55/0xb0 [ 84.037450][ T5812] ? clear_bhb_loop+0x55/0xb0 [ 84.042230][ T5812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.048141][ T5812] RIP: 0033:0x7f4eec5c7299 [ 84.052599][ T5812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.072220][ T5812] RSP: 002b:00007f4eeb247048 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 84.080783][ T5812] RAX: ffffffffffffffda RBX: 00007f4eec755f80 RCX: 00007f4eec5c7299 [ 84.088873][ T5812] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000003 [ 84.096854][ T5812] RBP: 00007f4eeb2470a0 R08: 0000000000000000 R09: 0000000000000000 [ 84.104839][ T5812] R10: 000000000000001a R11: 0000000000000246 R12: 0000000000000001 [ 84.112819][ T5812] R13: 000000000000000b R14: 00007f4eec755f80 R15: 00007fff61c4f4c8 [ 84.120812][ T5812] [ 84.226079][ T5817] FAULT_INJECTION: forcing a failure. [ 84.226079][ T5817] name failslab, interval 1, probability 0, space 0, times 0 [ 84.239014][ T5817] CPU: 1 UID: 0 PID: 5817 Comm: syz.2.724 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 84.249274][ T5817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 84.259345][ T5817] Call Trace: [ 84.262637][ T5817] [ 84.265629][ T5817] dump_stack_lvl+0xf2/0x150 [ 84.270368][ T5817] dump_stack+0x15/0x20 [ 84.274549][ T5817] should_fail_ex+0x229/0x230 [ 84.279253][ T5817] ? __alloc_skb+0x10b/0x310 [ 84.283880][ T5817] should_failslab+0x8f/0xb0 [ 84.288576][ T5817] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 84.294440][ T5817] __alloc_skb+0x10b/0x310 [ 84.298913][ T5817] audit_log_start+0x368/0x6b0 [ 84.303906][ T5817] ? __bpf_prog_run32+0x74/0xa0 [ 84.308777][ T5817] audit_seccomp+0x4b/0x130 [ 84.313385][ T5817] __seccomp_filter+0x6fa/0x1180 [ 84.318401][ T5817] ? security_ptrace_access_check+0x55/0x70 [ 84.324350][ T5817] ? __ptrace_may_access+0x2cb/0x350 [ 84.329722][ T5817] __secure_computing+0x9f/0x1c0 [ 84.334747][ T5817] syscall_trace_enter+0xd1/0x1f0 [ 84.339866][ T5817] ? fpregs_assert_state_consistent+0x83/0xa0 [ 84.345969][ T5817] do_syscall_64+0xaa/0x1c0 [ 84.350514][ T5817] ? clear_bhb_loop+0x55/0xb0 [ 84.355209][ T5817] ? clear_bhb_loop+0x55/0xb0 [ 84.359902][ T5817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.365849][ T5817] RIP: 0033:0x7ffa4b6a5d7c [ 84.370268][ T5817] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 84.389930][ T5817] RSP: 002b:00007ffa4a327040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 84.398441][ T5817] RAX: ffffffffffffffda RBX: 00007ffa4b835f80 RCX: 00007ffa4b6a5d7c [ 84.406472][ T5817] RDX: 000000000000000f RSI: 00007ffa4a3270b0 RDI: 0000000000000008 [ 84.414454][ T5817] RBP: 00007ffa4a3270a0 R08: 0000000000000000 R09: 0000000000000000 [ 84.422432][ T5817] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 84.430429][ T5817] R13: 000000000000000b R14: 00007ffa4b835f80 R15: 00007ffeba828fe8 [ 84.438453][ T5817] [ 84.469002][ T5827] loop3: detected capacity change from 0 to 256 [ 84.487646][ T5827] msdos: Bad value for 'umask' [ 84.511174][ T5833] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 84.511174][ T5833] program syz.0.729 not setting count and/or reply_len properly [ 84.547422][ T5835] loop0: detected capacity change from 0 to 128 [ 84.559747][ T5835] msdos: Unknown parameter 'd' [ 84.651840][ T5836] loop1: detected capacity change from 0 to 4096 [ 84.680836][ T5838] loop3: detected capacity change from 0 to 4096 [ 84.729700][ T5847] loop2: detected capacity change from 0 to 4096 [ 84.777119][ C1] eth0: bad gso: type: 1, size: 1408 [ 84.851159][ T5862] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 84.851159][ T5862] program syz.3.741 not setting count and/or reply_len properly [ 84.878702][ T5864] loop1: detected capacity change from 0 to 512 [ 84.910735][ T5864] EXT4-fs: Ignoring removed i_version option [ 84.916876][ T5864] EXT4-fs: Ignoring removed nobh option [ 85.004802][ T5871] loop3: detected capacity change from 0 to 128 [ 85.020615][ T5871] msdos: Unknown parameter 'd' [ 85.053471][ T5878] loop1: detected capacity change from 0 to 128 [ 85.105207][ T5878] loop1: detected capacity change from 0 to 128 [ 85.122259][ T5882] loop3: detected capacity change from 0 to 4096 [ 85.156500][ T5884] loop2: detected capacity change from 0 to 4096 [ 85.296968][ T5888] loop1: detected capacity change from 0 to 4096 [ 85.370427][ T5892] loop2: detected capacity change from 0 to 4096 [ 85.378690][ T5894] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 85.378690][ T5894] program syz.3.754 not setting count and/or reply_len properly [ 85.447378][ T5898] loop1: detected capacity change from 0 to 256 [ 85.482128][ T5900] netlink: 36 bytes leftover after parsing attributes in process `syz.3.757'. [ 85.501648][ T5898] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 85.544623][ T5904] loop2: detected capacity change from 0 to 512 [ 85.565319][ T5906] loop3: detected capacity change from 0 to 128 [ 85.568506][ T5904] EXT4-fs: Ignoring removed i_version option [ 85.571919][ T5906] msdos: Unknown parameter 'd' [ 85.577809][ T5904] EXT4-fs: Ignoring removed nobh option [ 85.635250][ T5904] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 85.671131][ T5904] EXT4-fs (loop2): 1 truncate cleaned up [ 85.686954][ T5915] loop1: detected capacity change from 0 to 128 [ 85.787129][ T5918] loop0: detected capacity change from 0 to 4096 [ 85.874242][ T5926] loop0: detected capacity change from 0 to 512 [ 85.889763][ T5928] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 85.889763][ T5928] program syz.1.767 not setting count and/or reply_len properly [ 85.935963][ T5926] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.766: casefold flag without casefold feature [ 85.972738][ T5926] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.766: couldn't read orphan inode 15 (err -117) [ 86.013560][ T5933] loop1: detected capacity change from 0 to 4096 [ 86.095532][ T5939] loop1: detected capacity change from 0 to 128 [ 86.103259][ T5939] msdos: Unknown parameter 'd' [ 86.219853][ T5946] FAULT_INJECTION: forcing a failure. [ 86.219853][ T5946] name failslab, interval 1, probability 0, space 0, times 0 [ 86.232565][ T5946] CPU: 1 UID: 0 PID: 5946 Comm: syz.1.774 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 86.242875][ T5946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 86.252958][ T5946] Call Trace: [ 86.256270][ T5946] [ 86.259216][ T5946] dump_stack_lvl+0xf2/0x150 [ 86.263837][ T5946] dump_stack+0x15/0x20 [ 86.268098][ T5946] should_fail_ex+0x229/0x230 [ 86.272812][ T5946] ? dup_task_struct+0x6c/0x710 [ 86.277689][ T5946] should_failslab+0x8f/0xb0 [ 86.282314][ T5946] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 86.288142][ T5946] dup_task_struct+0x6c/0x710 [ 86.292830][ T5946] ? _parse_integer+0x27/0x30 [ 86.297576][ T5946] copy_process+0x3a9/0x1f90 [ 86.302173][ T5946] ? kstrtouint+0x77/0xc0 [ 86.306595][ T5946] ? kstrtouint_from_user+0xb0/0xe0 [ 86.311899][ T5946] kernel_clone+0x167/0x5e0 [ 86.316412][ T5946] ? vfs_write+0x5a5/0x900 [ 86.320920][ T5946] __x64_sys_clone+0xe8/0x120 [ 86.325612][ T5946] x64_sys_call+0x2dc4/0x2e00 [ 86.330359][ T5946] do_syscall_64+0xc9/0x1c0 [ 86.335058][ T5946] ? clear_bhb_loop+0x55/0xb0 [ 86.339861][ T5946] ? clear_bhb_loop+0x55/0xb0 [ 86.344576][ T5946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.350485][ T5946] RIP: 0033:0x7f4eec5c7299 [ 86.354913][ T5946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.374594][ T5946] RSP: 002b:00007f4eeb246ff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 86.383168][ T5946] RAX: ffffffffffffffda RBX: 00007f4eec755f80 RCX: 00007f4eec5c7299 [ 86.391422][ T5946] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 86.399452][ T5946] RBP: 00007f4eeb2470a0 R08: 0000000000000000 R09: 0000000000000000 [ 86.407520][ T5946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 86.415539][ T5946] R13: 000000000000000b R14: 00007f4eec755f80 R15: 00007fff61c4f4c8 [ 86.423575][ T5946] [ 86.536383][ T5948] netlink: 44 bytes leftover after parsing attributes in process `syz.0.770'. [ 86.656889][ T5955] loop3: detected capacity change from 0 to 4096 [ 86.793606][ T5960] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 86.793606][ T5960] program syz.3.778 not setting count and/or reply_len properly [ 86.987500][ T5964] xt_hashlimit: max too large, truncated to 1048576 [ 87.127440][ T5973] loop1: detected capacity change from 0 to 128 [ 87.144204][ T5973] msdos: Unknown parameter 'd' [ 87.227333][ T5977] loop1: detected capacity change from 0 to 128 [ 87.278998][ T5977] loop1: detected capacity change from 0 to 512 [ 87.318855][ T5977] No source specified [ 87.494228][ T5990] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 87.494228][ T5990] program syz.0.789 not setting count and/or reply_len properly [ 87.689430][ T6001] loop0: detected capacity change from 0 to 512 [ 87.712936][ T6001] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.792: corrupted in-inode xattr: invalid ea_ino [ 87.758576][ T6001] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.792: couldn't read orphan inode 15 (err -117) [ 87.863488][ T6001] EXT4-fs error (device loop0): ext4_lookup:1815: inode #2: comm syz.0.792: deleted inode referenced: 15 [ 87.889561][ T6001] EXT4-fs error (device loop0): ext4_lookup:1815: inode #2: comm syz.0.792: deleted inode referenced: 15 [ 87.904385][ T6008] loop3: detected capacity change from 0 to 128 [ 87.960157][ T6008] loop3: detected capacity change from 0 to 128 [ 87.978997][ T6011] loop0: detected capacity change from 0 to 128 [ 87.989187][ T6011] msdos: Unknown parameter 'd' [ 88.079642][ T6013] loop3: detected capacity change from 0 to 4096 [ 88.163286][ T6022] loop3: detected capacity change from 0 to 256 [ 88.177862][ T6022] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 88.370900][ T6039] loop2: detected capacity change from 0 to 736 [ 88.388310][ T6037] loop3: detected capacity change from 0 to 4096 [ 88.391805][ T6039] iso9660: Bad value for 'mode' [ 88.429887][ T6044] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 88.429887][ T6044] program syz.1.804 not setting count and/or reply_len properly [ 88.485910][ T29] kauditd_printk_skb: 78 callbacks suppressed [ 88.485925][ T29] audit: type=1400 audit(1721957997.073:520): avc: denied { write } for pid=6047 comm="syz.2.805" name="ppp" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 88.515412][ T5198] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.558370][ T6050] loop2: detected capacity change from 0 to 128 [ 88.579495][ T6052] loop1: detected capacity change from 0 to 128 [ 88.586596][ T6050] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (39871!=39978) [ 88.596829][ T6052] msdos: Unknown parameter 'd' [ 88.628398][ T5198] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.668717][ T6050] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=6050 comm=syz.2.807 [ 88.679820][ T6024] chnl_net:caif_netlink_parms(): no params data found [ 88.713628][ T5198] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.731555][ T6056] loop3: detected capacity change from 0 to 4096 [ 88.739855][ T6050] EXT4-fs error (device loop2): __ext4_find_entry:1652: inode #2: comm syz.2.807: checksumming directory block 0 [ 88.783038][ T6050] EXT4-fs error (device loop2): __ext4_find_entry:1652: inode #2: comm syz.2.807: checksumming directory block 0 [ 88.807096][ T6024] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.814203][ T6024] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.832608][ T29] audit: type=1400 audit(1721957997.423:521): avc: denied { connect } for pid=6049 comm="syz.2.807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 88.845260][ T6024] bridge_slave_0: entered allmulticast mode [ 88.881225][ T6024] bridge_slave_0: entered promiscuous mode [ 88.908625][ T5198] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.934867][ T6024] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.942012][ T6024] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.950067][ T6024] bridge_slave_1: entered allmulticast mode [ 88.957105][ T6024] bridge_slave_1: entered promiscuous mode [ 89.009812][ T6024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.021905][ T6024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.031047][ T6073] netlink: 'syz.2.812': attribute type 4 has an invalid length. [ 89.055488][ T6075] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 89.055488][ T6075] program syz.3.813 not setting count and/or reply_len properly [ 89.112516][ T29] audit: type=1400 audit(1721957997.703:522): avc: denied { ioctl } for pid=6072 comm="syz.2.812" path="socket:[15430]" dev="sockfs" ino=15430 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 89.138232][ T5198] bridge_slave_1: left allmulticast mode [ 89.143913][ T5198] bridge_slave_1: left promiscuous mode [ 89.149806][ T5198] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.161478][ T29] audit: type=1400 audit(1721957997.753:523): avc: denied { append } for pid=2941 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 89.185500][ T29] audit: type=1400 audit(1721957997.773:524): avc: denied { read write } for pid=3262 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 89.209786][ T29] audit: type=1400 audit(1721957997.773:525): avc: denied { open } for pid=3262 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 89.233879][ T29] audit: type=1400 audit(1721957997.773:526): avc: denied { ioctl } for pid=3262 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 89.261379][ T5198] bridge_slave_0: left allmulticast mode [ 89.267130][ T5198] bridge_slave_0: left promiscuous mode [ 89.268840][ T29] audit: type=1400 audit(1721957997.783:527): avc: denied { recv } for pid=36 comm="kworker/u8:2" saddr=10.128.0.163 src=30030 daddr=10.128.1.9 dest=53032 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 89.272800][ T5198] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.318347][ T6078] loop3: detected capacity change from 0 to 736 [ 89.327590][ T6078] iso9660: Bad value for 'mode' [ 89.359441][ T29] audit: type=1400 audit(1721957997.903:528): avc: denied { name_bind } for pid=6077 comm="syz.3.814" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 89.381146][ T29] audit: type=1400 audit(1721957997.903:529): avc: denied { node_bind } for pid=6077 comm="syz.3.814" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 89.548444][ T5198] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 89.560245][ T5198] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 89.569059][ T6085] loop3: detected capacity change from 0 to 4096 [ 89.588473][ T5198] bond0 (unregistering): Released all slaves [ 89.634693][ T6024] team0: Port device team_slave_0 added [ 89.644491][ T6092] loop3: detected capacity change from 0 to 128 [ 89.654096][ T6092] msdos: Unknown parameter 'd' [ 89.656375][ T6024] team0: Port device team_slave_1 added [ 89.799276][ T5198] hsr_slave_0: left promiscuous mode [ 89.813364][ T5198] hsr_slave_1: left promiscuous mode [ 89.826506][ T5198] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 89.833960][ T5198] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 89.850739][ T6101] loop3: detected capacity change from 0 to 4096 [ 89.859556][ T5198] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 89.861580][ T6101] EXT4-fs: Ignoring removed nobh option [ 89.867059][ T5198] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 89.886069][ T5198] veth1_macvtap: left promiscuous mode [ 89.891752][ T5198] veth0_macvtap: left promiscuous mode [ 89.897425][ T5198] veth1_vlan: left promiscuous mode [ 89.902659][ T5198] veth0_vlan: left promiscuous mode [ 90.039585][ T5198] team0 (unregistering): Port device team_slave_1 removed [ 90.077646][ T5198] team0 (unregistering): Port device team_slave_0 removed [ 90.132629][ T6024] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.139708][ T6024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.165746][ T6024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.178967][ T6024] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.185973][ T6024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.212204][ T6024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.252701][ T6024] hsr_slave_0: entered promiscuous mode [ 90.260166][ T6024] hsr_slave_1: entered promiscuous mode [ 90.266605][ T6024] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.274280][ T6024] Cannot create hsr debugfs directory [ 90.371280][ T6080] chnl_net:caif_netlink_parms(): no params data found [ 90.444869][ T6117] netlink: 44 bytes leftover after parsing attributes in process `syz.1.822'. [ 90.463747][ T6117] loop1: detected capacity change from 0 to 128 [ 90.480794][ T6080] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.488022][ T6080] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.495336][ T6080] bridge_slave_0: entered allmulticast mode [ 90.501925][ T6080] bridge_slave_0: entered promiscuous mode [ 90.504973][ T6117] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (39871!=39978) [ 90.510646][ T6080] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.524476][ T6080] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.542844][ T6080] bridge_slave_1: entered allmulticast mode [ 90.549670][ T6080] bridge_slave_1: entered promiscuous mode [ 90.580067][ T6080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.591381][ T6080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.612740][ T6080] team0: Port device team_slave_0 added [ 90.624408][ T5198] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.638475][ T6080] team0: Port device team_slave_1 added [ 90.669831][ T6080] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.676886][ T6080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.702893][ T6080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.745589][ T5198] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.757382][ T6080] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.764372][ T6080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.790497][ T6080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.843491][ T5198] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.880643][ T6080] hsr_slave_0: entered promiscuous mode [ 90.889158][ T6080] hsr_slave_1: entered promiscuous mode [ 90.903426][ T6080] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.916235][ T6080] Cannot create hsr debugfs directory [ 90.927953][ T5198] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.998164][ T6024] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.012039][ T6127] loop3: detected capacity change from 0 to 736 [ 91.027533][ T6127] iso9660: Bad value for 'mode' [ 91.039158][ T6024] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.053990][ T6024] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.096591][ T6024] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.152731][ T5198] bridge_slave_1: left allmulticast mode [ 91.158593][ T5198] bridge_slave_1: left promiscuous mode [ 91.164362][ T5198] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.191244][ T5198] bridge_slave_0: left allmulticast mode [ 91.197034][ T5198] bridge_slave_0: left promiscuous mode [ 91.202706][ T5198] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.392423][ T6133] loop1: detected capacity change from 0 to 4096 [ 91.410027][ T5198] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 91.439425][ T5198] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 91.450201][ T5198] bond0 (unregistering): Released all slaves [ 91.526308][ T6143] netlink: 24 bytes leftover after parsing attributes in process `syz.1.829'. [ 91.543459][ T6024] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.557862][ T5198] hsr_slave_0: left promiscuous mode [ 91.567587][ T5198] hsr_slave_1: left promiscuous mode [ 91.573374][ T5198] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 91.580857][ T5198] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 91.590439][ T5198] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 91.597954][ T5198] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 91.607772][ T5198] veth1_macvtap: left promiscuous mode [ 91.613306][ T5198] veth0_macvtap: left promiscuous mode [ 91.618844][ T5198] veth1_vlan: left promiscuous mode [ 91.624182][ T5198] veth0_vlan: left promiscuous mode [ 91.709969][ T5198] team0 (unregistering): Port device team_slave_1 removed [ 91.720870][ T5198] team0 (unregistering): Port device team_slave_0 removed [ 91.765098][ T6024] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.791243][ T1049] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.798438][ T1049] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.816447][ T1049] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.823640][ T1049] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.868575][ T6024] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.886047][ T6135] chnl_net:caif_netlink_parms(): no params data found [ 91.929367][ T6135] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.936607][ T6135] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.943842][ T6135] bridge_slave_0: entered allmulticast mode [ 91.950231][ T6135] bridge_slave_0: entered promiscuous mode [ 91.957371][ T6135] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.964498][ T6135] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.972266][ T6135] bridge_slave_1: entered allmulticast mode [ 91.978872][ T6135] bridge_slave_1: entered promiscuous mode [ 92.007357][ T6165] FAULT_INJECTION: forcing a failure. [ 92.007357][ T6165] name failslab, interval 1, probability 0, space 0, times 0 [ 92.007936][ T6135] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.020047][ T6165] CPU: 1 UID: 0 PID: 6165 Comm: syz.3.831 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 92.039570][ T6165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 92.049654][ T6165] Call Trace: [ 92.053015][ T6165] [ 92.055948][ T6165] dump_stack_lvl+0xf2/0x150 [ 92.060554][ T6165] dump_stack+0x15/0x20 [ 92.064717][ T6165] should_fail_ex+0x229/0x230 [ 92.069412][ T6165] ? p9_client_create+0x1a7/0xa80 [ 92.074434][ T6165] should_failslab+0x8f/0xb0 [ 92.079036][ T6165] __kmalloc_node_track_caller_noprof+0xa6/0x380 [ 92.085438][ T6165] kstrdup+0x3a/0x80 [ 92.089403][ T6165] p9_client_create+0x1a7/0xa80 [ 92.094271][ T6165] v9fs_session_init+0xf9/0xda0 [ 92.099170][ T6165] ? __rcu_read_unlock+0x4e/0x70 [ 92.104219][ T6165] ? v9fs_mount+0x53/0x560 [ 92.108633][ T6165] ? should_failslab+0x8f/0xb0 [ 92.113418][ T6165] v9fs_mount+0x69/0x560 [ 92.117751][ T6165] ? __pfx_v9fs_mount+0x10/0x10 [ 92.122603][ T6165] legacy_get_tree+0x77/0xd0 [ 92.127217][ T6165] vfs_get_tree+0x56/0x1d0 [ 92.131643][ T6165] do_new_mount+0x227/0x690 [ 92.136157][ T6165] path_mount+0x49b/0xb30 [ 92.140560][ T6165] __se_sys_mount+0x27c/0x2d0 [ 92.145322][ T6165] __x64_sys_mount+0x67/0x80 [ 92.149921][ T6165] x64_sys_call+0xd11/0x2e00 [ 92.154524][ T6165] do_syscall_64+0xc9/0x1c0 [ 92.159034][ T6165] ? clear_bhb_loop+0x55/0xb0 [ 92.163775][ T6165] ? clear_bhb_loop+0x55/0xb0 [ 92.168495][ T6165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.174444][ T6165] RIP: 0033:0x7fe0b18c7299 [ 92.178902][ T6165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.198517][ T6165] RSP: 002b:00007fe0b0547048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 92.207109][ T6165] RAX: ffffffffffffffda RBX: 00007fe0b1a55f80 RCX: 00007fe0b18c7299 [ 92.215139][ T6165] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000000000000 [ 92.223130][ T6165] RBP: 00007fe0b05470a0 R08: 0000000020000400 R09: 0000000000000000 [ 92.231105][ T6165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 92.239182][ T6165] R13: 000000000000000b R14: 00007fe0b1a55f80 R15: 00007ffcfe957988 [ 92.247219][ T6165] [ 92.259361][ T6024] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.269114][ T6135] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.276410][ T6168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.286805][ T6168] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.313317][ T6135] team0: Port device team_slave_0 added [ 92.320165][ T6135] team0: Port device team_slave_1 added [ 92.326019][ T6080] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.334873][ T6080] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.357099][ T6135] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.364077][ T6135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.390067][ T6135] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.401065][ T6080] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.411555][ T6080] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.420802][ T6135] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.427782][ T6135] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.427816][ T6135] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.474643][ T6135] hsr_slave_0: entered promiscuous mode [ 92.480842][ T6135] hsr_slave_1: entered promiscuous mode [ 92.488185][ T6135] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.499824][ T6135] Cannot create hsr debugfs directory [ 92.525782][ T6170] loop1: detected capacity change from 0 to 4096 [ 92.600631][ T6177] loop1: detected capacity change from 0 to 736 [ 92.615776][ T6177] iso9660: Bad value for 'mode' [ 92.637862][ T36] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.678945][ T36] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.699080][ T6181] loop1: detected capacity change from 0 to 4096 [ 92.711314][ T6024] veth0_vlan: entered promiscuous mode [ 92.724974][ T6080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.734965][ T6024] veth1_vlan: entered promiscuous mode [ 92.745871][ T36] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.769197][ T6183] netlink: 'syz.1.836': attribute type 1 has an invalid length. [ 92.776481][ T6080] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.798695][ T6024] veth0_macvtap: entered promiscuous mode [ 92.813334][ T36] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.833262][ T6186] netlink: 48 bytes leftover after parsing attributes in process `syz.1.837'. [ 92.835666][ T3337] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.844230][ T6186] netlink: 8 bytes leftover after parsing attributes in process `syz.1.837'. [ 92.849410][ T3337] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.867918][ T3337] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.875007][ T3337] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.885699][ T6187] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 92.894723][ T6024] veth1_macvtap: entered promiscuous mode [ 92.917471][ T6190] loop1: detected capacity change from 0 to 736 [ 92.943582][ T6190] iso9660: Bad value for 'mode' [ 92.955856][ T6024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.966466][ T6024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.976407][ T6024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.986999][ T6024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.996881][ T6024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.007637][ T6024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.020616][ T6024] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.040563][ T36] bridge_slave_1: left allmulticast mode [ 93.046268][ T36] bridge_slave_1: left promiscuous mode [ 93.051948][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.063791][ T36] bridge_slave_0: left allmulticast mode [ 93.069518][ T36] bridge_slave_0: left promiscuous mode [ 93.075238][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.198917][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 93.209822][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 93.219835][ T36] bond0 (unregistering): Released all slaves [ 93.228478][ T6024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.238998][ T6024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.249018][ T6024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.259626][ T6024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.269600][ T6024] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.280155][ T6024] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.291063][ T6024] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.308025][ T6024] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.316848][ T6024] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.325652][ T6024] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.334542][ T6024] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.355490][ T6205] loop1: detected capacity change from 0 to 736 [ 93.363915][ T6205] iso9660: Bad value for 'mode' [ 93.409536][ T36] hsr_slave_0: left promiscuous mode [ 93.419881][ T36] hsr_slave_1: left promiscuous mode [ 93.427102][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.434629][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.450353][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 93.458023][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.468351][ T36] veth1_macvtap: left promiscuous mode [ 93.471705][ T6214] loop1: detected capacity change from 0 to 4096 [ 93.473860][ T36] veth0_macvtap: left promiscuous mode [ 93.485774][ T36] veth1_vlan: left promiscuous mode [ 93.491049][ T36] veth0_vlan: left promiscuous mode [ 93.533681][ T29] kauditd_printk_skb: 92 callbacks suppressed [ 93.533712][ T29] audit: type=1400 audit(1721958002.123:622): avc: denied { ioctl } for pid=6216 comm="syz.1.844" path="socket:[17055]" dev="sockfs" ino=17055 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 93.582451][ T6220] netlink: 'syz.1.845': attribute type 1 has an invalid length. [ 93.624930][ T6222] loop1: detected capacity change from 0 to 4096 [ 93.659830][ T36] team0 (unregistering): Port device team_slave_1 removed [ 93.661896][ T29] audit: type=1400 audit(1721958002.253:623): avc: denied { lock } for pid=6223 comm="syz.1.847" path="socket:[17079]" dev="sockfs" ino=17079 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 93.692045][ T36] team0 (unregistering): Port device team_slave_0 removed [ 93.699032][ T6224] loop1: detected capacity change from 0 to 512 [ 93.733124][ T6226] loop1: detected capacity change from 0 to 128 [ 93.774412][ T6080] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.798488][ T29] audit: type=1400 audit(1721958002.393:624): avc: denied { create } for pid=6225 comm="syz.1.848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 93.818722][ T29] audit: type=1400 audit(1721958002.393:625): avc: denied { create } for pid=6225 comm="syz.1.848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 93.840949][ T29] audit: type=1400 audit(1721958002.413:626): avc: denied { create } for pid=6230 comm="syz.0.850" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 93.844377][ T6226] loop1: detected capacity change from 0 to 128 [ 93.860433][ T29] audit: type=1400 audit(1721958002.413:627): avc: denied { setopt } for pid=6230 comm="syz.0.850" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 93.886041][ T29] audit: type=1400 audit(1721958002.413:628): avc: denied { write } for pid=6230 comm="syz.0.850" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 93.905317][ T29] audit: type=1400 audit(1721958002.413:629): avc: denied { setopt } for pid=6230 comm="syz.0.850" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 93.925413][ T29] audit: type=1400 audit(1721958002.413:630): avc: denied { create } for pid=6230 comm="syz.0.850" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 93.944826][ T29] audit: type=1400 audit(1721958002.413:631): avc: denied { ioctl } for pid=6230 comm="syz.0.850" path="socket:[16161]" dev="sockfs" ino=16161 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 94.020376][ T6238] loop3: detected capacity change from 0 to 4096 [ 94.067868][ T6080] veth0_vlan: entered promiscuous mode [ 94.091143][ T6135] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.104521][ T6244] loop3: detected capacity change from 0 to 4096 [ 94.114947][ T6080] veth1_vlan: entered promiscuous mode [ 94.119871][ T6246] loop1: detected capacity change from 0 to 736 [ 94.129484][ T6135] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.137138][ T6246] iso9660: Bad value for 'mode' [ 94.147211][ T6135] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.158718][ T6135] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.199865][ T6249] netlink: 'syz.3.854': attribute type 1 has an invalid length. [ 94.212069][ T6080] veth0_macvtap: entered promiscuous mode [ 94.222617][ T6080] veth1_macvtap: entered promiscuous mode [ 94.269577][ T6251] loop1: detected capacity change from 0 to 4096 [ 94.276433][ T6080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.286998][ T6080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.296922][ T6080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.304408][ T6253] loop3: detected capacity change from 0 to 512 [ 94.307558][ T6080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.323694][ T6080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.334194][ T6080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.344178][ T6253] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 94.349277][ T6080] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.385514][ T6080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.388960][ T6253] EXT4-fs (loop3): 1 orphan inode deleted [ 94.396142][ T6080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.401836][ T6253] EXT4-fs (loop3): 1 truncate cleaned up [ 94.411655][ T6080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.427865][ T6080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.437809][ T6080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.448334][ T6080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.460514][ T6080] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.471355][ T6135] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.480682][ T6080] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.489577][ T6080] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.498317][ T6080] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.507236][ T6080] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.531604][ T6258] loop3: detected capacity change from 0 to 736 [ 94.538388][ T6258] iso9660: Bad value for 'mode' [ 94.540899][ T6135] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.566873][ T3337] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.574128][ T3337] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.593421][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.600858][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.642303][ T6135] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.650069][ T6263] loop3: detected capacity change from 0 to 1024 [ 94.689025][ T6265] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 94.689025][ T6265] program syz.2.815 not setting count and/or reply_len properly [ 94.697986][ T6266] loop1: detected capacity change from 0 to 4096 [ 94.799800][ T6281] netlink: 'syz.2.864': attribute type 1 has an invalid length. [ 94.812197][ T6135] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.823935][ T6284] loop1: detected capacity change from 0 to 512 [ 94.833956][ T6285] loop0: detected capacity change from 0 to 128 [ 94.911123][ T6293] loop1: detected capacity change from 0 to 736 [ 94.922519][ T6292] bond_slave_0: entered promiscuous mode [ 94.928291][ T6292] bond_slave_1: entered promiscuous mode [ 94.944129][ T6293] iso9660: Bad value for 'mode' [ 94.959405][ T6292] bond_slave_0: left promiscuous mode [ 94.964887][ T6292] bond_slave_1: left promiscuous mode [ 94.970563][ T6278] loop0: detected capacity change from 0 to 128 [ 95.006952][ T6292] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 95.027957][ T6292] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 95.040951][ T6292] bond0 (unregistering): Released all slaves [ 95.117337][ T6309] IPv6: sit1: Disabled Multicast RS [ 95.157686][ T6312] loop3: detected capacity change from 0 to 736 [ 95.164728][ T6135] veth0_vlan: entered promiscuous mode [ 95.184185][ T6312] iso9660: Bad value for 'mode' [ 95.187112][ T6135] veth1_vlan: entered promiscuous mode [ 95.206896][ T6317] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 95.206896][ T6317] program syz.1.873 not setting count and/or reply_len properly [ 95.218136][ T6135] veth0_macvtap: entered promiscuous mode [ 95.236107][ T6135] veth1_macvtap: entered promiscuous mode [ 95.248174][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.258872][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.268794][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.279365][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.289239][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.299712][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.309567][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.320105][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.331963][ T6135] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.340529][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.340779][ T6325] netlink: 'syz.1.875': attribute type 1 has an invalid length. [ 95.351001][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.351022][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.351039][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.351055][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.351115][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.351130][ T6135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.351145][ T6135] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.352048][ T6135] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.462003][ T6330] loop1: detected capacity change from 0 to 736 [ 95.470475][ T6135] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.479364][ T6135] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.488281][ T6135] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.489443][ T6332] loop3: detected capacity change from 0 to 1024 [ 95.497045][ T6135] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.498395][ T6330] iso9660: Bad value for 'mode' [ 95.622099][ T6334] loop0: detected capacity change from 0 to 4096 [ 95.724606][ T6349] loop3: detected capacity change from 0 to 128 [ 95.753827][ T6359] netlink: 'syz.4.885': attribute type 1 has an invalid length. [ 95.769909][ T6349] loop3: detected capacity change from 0 to 128 [ 95.873105][ T6372] loop0: detected capacity change from 0 to 1024 [ 95.985500][ T6385] loop0: detected capacity change from 0 to 512 [ 95.992484][ T6385] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 96.020256][ T6385] EXT4-fs (loop0): 1 orphan inode deleted [ 96.026219][ T6385] EXT4-fs (loop0): 1 truncate cleaned up [ 96.054091][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 96.074740][ T6397] netlink: 'syz.0.898': attribute type 1 has an invalid length. [ 96.209674][ T6415] loop3: detected capacity change from 0 to 1024 [ 96.239162][ T6417] 9pnet_fd: Insufficient options for proto=fd [ 96.293705][ T6428] loop1: detected capacity change from 0 to 512 [ 96.326766][ T6415] ucma_write: process 607 (syz.3.904) changed security contexts after opening file descriptor, this is not allowed. [ 96.358361][ T6433] netlink: 'syz.4.911': attribute type 1 has an invalid length. [ 96.489915][ T6453] netlink: 36 bytes leftover after parsing attributes in process `syz.4.918'. [ 96.578900][ T6460] loop3: detected capacity change from 0 to 512 [ 96.594129][ T6460] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 96.625181][ T6462] loop1: detected capacity change from 0 to 4096 [ 96.627495][ T6460] EXT4-fs (loop3): 1 orphan inode deleted [ 96.637389][ T6460] EXT4-fs (loop3): 1 truncate cleaned up [ 96.673511][ T6465] loop1: detected capacity change from 0 to 1024 [ 96.692285][ T6467] netlink: 'syz.4.923': attribute type 1 has an invalid length. [ 96.776922][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 96.788739][ T6477] netlink: 'syz.1.926': attribute type 1 has an invalid length. [ 96.821850][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 96.829177][ T6483] loop3: detected capacity change from 0 to 736 [ 96.850312][ T6483] iso9660: Bad value for 'mode' [ 96.935078][ T6493] loop3: detected capacity change from 0 to 4096 [ 96.949819][ T6496] loop1: detected capacity change from 0 to 128 [ 96.969649][ T6496] loop1: detected capacity change from 0 to 128 [ 97.022046][ T6503] loop3: detected capacity change from 0 to 512 [ 97.029104][ T6503] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 97.055870][ T6503] EXT4-fs (loop3): 1 orphan inode deleted [ 97.060843][ T6507] loop1: detected capacity change from 0 to 736 [ 97.061661][ T6503] EXT4-fs (loop3): 1 truncate cleaned up [ 97.068449][ T6507] iso9660: Bad value for 'mode' [ 97.191475][ T6515] loop3: detected capacity change from 0 to 4096 [ 97.211619][ T6519] netlink: 'syz.0.941': attribute type 1 has an invalid length. [ 97.307331][ T6532] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 97.319816][ T6531] loop0: detected capacity change from 0 to 512 [ 97.340106][ T6536] netlink: 844 bytes leftover after parsing attributes in process `syz.3.949'. [ 97.354913][ T6536] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 97.381325][ T6531] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.410172][ T6531] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 97.443415][ T6549] loop1: detected capacity change from 0 to 4096 [ 97.513521][ T6561] loop1: detected capacity change from 0 to 736 [ 97.520370][ T6561] iso9660: Bad value for 'mode' [ 97.551824][ T6564] netlink: 'syz.3.958': attribute type 1 has an invalid length. [ 97.580703][ T6566] loop1: detected capacity change from 0 to 4096 [ 97.613964][ T6568] loop3: detected capacity change from 0 to 2048 [ 97.628419][ T6570] netlink: 8 bytes leftover after parsing attributes in process `syz.1.961'. [ 97.631867][ T6568] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 97.698727][ T6577] loop1: detected capacity change from 0 to 764 [ 97.714370][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 97.779267][ T6590] loop0: detected capacity change from 0 to 512 [ 97.791996][ T6585] loop3: detected capacity change from 0 to 4096 [ 97.808523][ T6590] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.967: casefold flag without casefold feature [ 97.814563][ T6594] loop1: detected capacity change from 0 to 128 [ 97.829718][ T6590] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.967: couldn't read orphan inode 15 (err -117) [ 97.850021][ T6585] EXT4-fs mount: 90 callbacks suppressed [ 97.850040][ T6585] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.855111][ T6590] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.905678][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.934051][ T6024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.962899][ T6598] loop2: detected capacity change from 0 to 4096 [ 97.991500][ T6602] loop3: detected capacity change from 0 to 736 [ 98.001997][ T6598] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.007120][ T6602] iso9660: Bad value for 'mode' [ 98.069343][ T6080] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.104657][ T6607] FAULT_INJECTION: forcing a failure. [ 98.104657][ T6607] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 98.117951][ T6607] CPU: 1 UID: 0 PID: 6607 Comm: syz.0.973 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 98.128374][ T6607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 98.138455][ T6607] Call Trace: [ 98.141751][ T6607] [ 98.144698][ T6607] dump_stack_lvl+0xf2/0x150 [ 98.149396][ T6607] dump_stack+0x15/0x20 [ 98.153656][ T6607] should_fail_ex+0x229/0x230 [ 98.158412][ T6607] should_fail+0xb/0x10 [ 98.162690][ T6607] should_fail_usercopy+0x1a/0x20 [ 98.167759][ T6607] _copy_to_user+0x1e/0xa0 [ 98.172320][ T6607] simple_read_from_buffer+0xa0/0x110 [ 98.177749][ T6607] proc_fail_nth_read+0xfc/0x140 [ 98.182767][ T6607] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 98.188397][ T6607] vfs_read+0x1a2/0x6e0 [ 98.192605][ T6607] ? __rcu_read_unlock+0x4e/0x70 [ 98.197579][ T6607] ? __fget_files+0x1da/0x210 [ 98.202295][ T6607] ksys_read+0xeb/0x1b0 [ 98.206549][ T6607] __x64_sys_read+0x42/0x50 [ 98.211252][ T6607] x64_sys_call+0x2a36/0x2e00 [ 98.216045][ T6607] do_syscall_64+0xc9/0x1c0 [ 98.220723][ T6607] ? clear_bhb_loop+0x55/0xb0 [ 98.225449][ T6607] ? clear_bhb_loop+0x55/0xb0 [ 98.230189][ T6607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.236121][ T6607] RIP: 0033:0x7f725d0a5d7c [ 98.240601][ T6607] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 98.260247][ T6607] RSP: 002b:00007f725bd27040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 98.268798][ T6607] RAX: ffffffffffffffda RBX: 00007f725d235f80 RCX: 00007f725d0a5d7c [ 98.276802][ T6607] RDX: 000000000000000f RSI: 00007f725bd270b0 RDI: 0000000000000005 [ 98.284791][ T6607] RBP: 00007f725bd270a0 R08: 0000000000000000 R09: 0000000000000000 [ 98.292810][ T6607] R10: 0000000020000980 R11: 0000000000000246 R12: 0000000000000001 [ 98.300874][ T6607] R13: 000000000000000b R14: 00007f725d235f80 R15: 00007ffc7d120dc8 [ 98.309019][ T6607] [ 98.361318][ T6618] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 98.379301][ T6615] loop4: detected capacity change from 0 to 512 [ 98.389887][ T6623] loop0: detected capacity change from 0 to 1024 [ 98.419051][ T6615] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.435674][ T6609] loop2: detected capacity change from 0 to 128 [ 98.441534][ T6615] ext4 filesystem being mounted at /23/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.488835][ T6615] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 98.593287][ T6644] netlink: 36 bytes leftover after parsing attributes in process `syz.0.982'. [ 98.596200][ T6643] loop2: detected capacity change from 0 to 736 [ 98.617973][ T6639] loop3: detected capacity change from 0 to 4096 [ 98.624843][ T6643] iso9660: Bad value for 'mode' [ 98.647557][ T6639] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.701902][ T29] kauditd_printk_skb: 63 callbacks suppressed [ 98.701917][ T29] audit: type=1400 audit(1721958007.293:695): avc: denied { bind } for pid=6647 comm="syz.0.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 98.729808][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.739690][ T29] audit: type=1400 audit(1721958007.333:696): avc: denied { listen } for pid=6647 comm="syz.0.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 98.785562][ T6135] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.800096][ T6652] loop1: detected capacity change from 0 to 736 [ 98.809491][ T6656] netlink: 68 bytes leftover after parsing attributes in process `syz.0.987'. [ 98.816001][ T6654] loop3: detected capacity change from 0 to 4096 [ 98.826260][ T6652] iso9660: Bad value for 'mode' [ 98.847905][ T6654] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.902584][ T6662] loop1: detected capacity change from 0 to 4096 [ 98.917099][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.929503][ T6656] loop0: detected capacity change from 0 to 1024 [ 98.936360][ T6656] EXT4-fs: Ignoring removed nomblk_io_submit option [ 98.959931][ T6664] FAULT_INJECTION: forcing a failure. [ 98.959931][ T6664] name failslab, interval 1, probability 0, space 0, times 0 [ 98.972642][ T6664] CPU: 0 UID: 0 PID: 6664 Comm: syz.4.990 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 98.982949][ T6664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 98.993019][ T6664] Call Trace: [ 98.996305][ T6664] [ 98.999269][ T6664] dump_stack_lvl+0xf2/0x150 [ 99.003881][ T6664] dump_stack+0x15/0x20 [ 99.008095][ T6664] should_fail_ex+0x229/0x230 [ 99.012878][ T6664] ? prepare_creds+0x37/0x480 [ 99.017574][ T6664] should_failslab+0x8f/0xb0 [ 99.022277][ T6664] kmem_cache_alloc_noprof+0x4c/0x290 [ 99.027677][ T6664] prepare_creds+0x37/0x480 [ 99.032255][ T6664] copy_creds+0x90/0x3f0 [ 99.036536][ T6664] copy_process+0x64b/0x1f90 [ 99.041143][ T6664] ? kstrtouint_from_user+0xb0/0xe0 [ 99.046419][ T6664] kernel_clone+0x167/0x5e0 [ 99.050945][ T6664] ? vfs_write+0x5a5/0x900 [ 99.055386][ T6664] __x64_sys_clone+0xe8/0x120 [ 99.060168][ T6664] x64_sys_call+0x2dc4/0x2e00 [ 99.064857][ T6664] do_syscall_64+0xc9/0x1c0 [ 99.069391][ T6664] ? clear_bhb_loop+0x55/0xb0 [ 99.074130][ T6664] ? clear_bhb_loop+0x55/0xb0 [ 99.078930][ T6664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.084897][ T6664] RIP: 0033:0x7fc176ed7299 [ 99.089339][ T6664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.109142][ T6664] RSP: 002b:00007fc175b56ff8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 99.117561][ T6664] RAX: ffffffffffffffda RBX: 00007fc177065f80 RCX: 00007fc176ed7299 [ 99.125570][ T6664] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000080001280 [ 99.133582][ T6664] RBP: 00007fc175b570a0 R08: 0000000000000000 R09: 0000000000000000 [ 99.141570][ T6664] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 99.149631][ T6664] R13: 000000000000000b R14: 00007fc177065f80 R15: 00007ffc88bb4828 [ 99.157616][ T6664] [ 99.179991][ T6656] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.215951][ T6675] netlink: 36 bytes leftover after parsing attributes in process `syz.3.993'. [ 99.224958][ T29] audit: type=1400 audit(1721958007.813:697): avc: denied { setattr } for pid=6655 comm="syz.0.987" path="/25/file1/memory.events" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 99.264427][ T6677] loop1: detected capacity change from 0 to 736 [ 99.279001][ T6677] iso9660: Bad value for 'mode' [ 99.314111][ T6024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.358056][ T6685] loop1: detected capacity change from 0 to 512 [ 99.366070][ T6688] loop0: detected capacity change from 0 to 128 [ 99.373061][ T6687] loop4: detected capacity change from 0 to 736 [ 99.417681][ T6687] iso9660: Bad value for 'mode' [ 99.427761][ T6691] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 99.500824][ T29] audit: type=1400 audit(1721958008.093:698): avc: denied { mount } for pid=6692 comm="syz.3.1001" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 99.522786][ T29] audit: type=1400 audit(1721958008.093:699): avc: denied { mounton } for pid=6692 comm="syz.3.1001" path="/278/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 99.601044][ T29] audit: type=1400 audit(1721958008.183:700): avc: denied { unmount } for pid=3262 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 99.635962][ T6707] nft_compat: unsupported protocol 1 [ 99.653886][ T6707] loop4: detected capacity change from 0 to 512 [ 99.661380][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 99.683765][ T6707] EXT4-fs: Ignoring removed bh option [ 99.694505][ T6707] EXT4-fs error (device loop4): __ext4_iget:4985: inode #15: block 1803188595: comm syz.4.1005: invalid block [ 99.706975][ T6707] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.1005: couldn't read orphan inode 15 (err -117) [ 99.729475][ T6707] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.784718][ T6135] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.813310][ T29] audit: type=1400 audit(1721958008.403:701): avc: denied { ioctl } for pid=6716 comm="syz.2.1009" path="socket:[19171]" dev="sockfs" ino=19171 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 99.813458][ T6718] loop1: detected capacity change from 0 to 512 [ 99.843238][ T29] audit: type=1400 audit(1721958008.433:702): avc: denied { mount } for pid=6716 comm="syz.2.1009" name="/" dev="gadgetfs" ino=19174 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 99.888375][ T6720] loop3: detected capacity change from 0 to 512 [ 99.903339][ T6723] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 99.903339][ T6723] program syz.4.1010 not setting count and/or reply_len properly [ 99.923202][ T6720] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 99.940306][ T6728] FAULT_INJECTION: forcing a failure. [ 99.940306][ T6728] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.953454][ T6728] CPU: 0 UID: 0 PID: 6728 Comm: syz.4.1013 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 99.963895][ T6728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 99.973981][ T6728] Call Trace: [ 99.977391][ T6728] [ 99.980334][ T6728] dump_stack_lvl+0xf2/0x150 [ 99.985040][ T6728] dump_stack+0x15/0x20 [ 99.989373][ T6728] should_fail_ex+0x229/0x230 [ 99.994098][ T6728] should_fail+0xb/0x10 [ 99.998394][ T6728] should_fail_usercopy+0x1a/0x20 [ 100.003593][ T6728] _copy_from_user+0x1e/0xd0 [ 100.008222][ T6728] kstrtouint_from_user+0x76/0xe0 [ 100.013295][ T6728] proc_fail_nth_write+0x4f/0x160 [ 100.018369][ T6728] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 100.024086][ T6728] vfs_write+0x28b/0x900 [ 100.028433][ T6728] ? __fget_files+0x1da/0x210 [ 100.033159][ T6728] ksys_write+0xeb/0x1b0 [ 100.037441][ T6728] __x64_sys_write+0x42/0x50 [ 100.042130][ T6728] x64_sys_call+0x2a40/0x2e00 [ 100.046885][ T6728] do_syscall_64+0xc9/0x1c0 [ 100.051432][ T6728] ? clear_bhb_loop+0x55/0xb0 [ 100.056147][ T6728] ? clear_bhb_loop+0x55/0xb0 [ 100.060974][ T6728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.066911][ T6728] RIP: 0033:0x7fc176ed5e1f [ 100.071399][ T6728] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 100.091083][ T6728] RSP: 002b:00007fc175b57040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 100.099594][ T6728] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc176ed5e1f [ 100.107585][ T6728] RDX: 0000000000000001 RSI: 00007fc175b570b0 RDI: 0000000000000007 [ 100.115612][ T6728] RBP: 00007fc175b570a0 R08: 0000000000000000 R09: 0000000000000000 [ 100.123604][ T6728] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 100.131599][ T6728] R13: 000000000000000b R14: 00007fc177065f80 R15: 00007ffc88bb4828 [ 100.139654][ T6728] [ 100.146377][ T6720] EXT4-fs (loop3): 1 orphan inode deleted [ 100.152173][ T6720] EXT4-fs (loop3): 1 truncate cleaned up [ 100.159337][ T6726] loop1: detected capacity change from 0 to 736 [ 100.173284][ T6720] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.189684][ T6726] iso9660: Bad value for 'mode' [ 100.204261][ T6731] loop4: detected capacity change from 0 to 128 [ 100.207402][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.221855][ T6731] loop4: detected capacity change from 0 to 128 [ 100.292843][ T29] audit: type=1400 audit(1721958008.883:703): avc: denied { bind } for pid=6736 comm="syz.1.1017" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 100.338195][ T29] audit: type=1400 audit(1721958008.933:704): avc: denied { read } for pid=6738 comm="syz.0.1018" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 100.356117][ T6740] loop3: detected capacity change from 0 to 4096 [ 100.386780][ T6740] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.413928][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.459311][ T6752] loop4: detected capacity change from 0 to 736 [ 100.467375][ T6752] iso9660: Bad value for 'mode' [ 100.509248][ T6754] nft_compat: unsupported protocol 1 [ 100.522870][ T6760] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 100.522870][ T6760] program syz.4.1023 not setting count and/or reply_len properly [ 100.538065][ T6754] loop3: detected capacity change from 0 to 512 [ 100.546663][ T6754] EXT4-fs: Ignoring removed bh option [ 100.554625][ T6754] EXT4-fs error (device loop3): __ext4_iget:4985: inode #15: block 1803188595: comm syz.3.1020: invalid block [ 100.571123][ T6766] loop4: detected capacity change from 0 to 128 [ 100.575284][ T6754] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1020: couldn't read orphan inode 15 (err -117) [ 100.593476][ T6754] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.670099][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.709502][ T6774] loop1: detected capacity change from 0 to 4096 [ 100.735024][ T6777] loop3: detected capacity change from 0 to 736 [ 100.741805][ T6777] iso9660: Bad value for 'mode' [ 100.806642][ T6780] loop1: detected capacity change from 0 to 128 [ 100.814307][ T6781] loop3: detected capacity change from 0 to 512 [ 100.820660][ T6784] Invalid ELF header magic: != ELF [ 100.860279][ T6781] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.884030][ T6780] loop1: detected capacity change from 0 to 128 [ 100.890519][ T6781] ext4 filesystem being mounted at /286/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.907016][ T6788] loop2: detected capacity change from 0 to 736 [ 100.914021][ T6788] iso9660: Bad value for 'mode' [ 100.949980][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.000579][ T6792] loop3: detected capacity change from 0 to 512 [ 101.026776][ T6792] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.053139][ T6798] loop1: detected capacity change from 0 to 4096 [ 101.059793][ T6792] ext4 filesystem being mounted at /287/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 101.127025][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.149016][ T6802] nft_compat: unsupported protocol 1 [ 101.161622][ T6802] loop2: detected capacity change from 0 to 512 [ 101.201882][ T6804] loop1: detected capacity change from 0 to 4096 [ 101.203392][ T6806] loop3: detected capacity change from 0 to 512 [ 101.213321][ T6808] loop0: detected capacity change from 0 to 736 [ 101.222777][ T6802] EXT4-fs: Ignoring removed bh option [ 101.229441][ T6808] iso9660: Bad value for 'mode' [ 101.230019][ T6802] EXT4-fs error (device loop2): __ext4_iget:4985: inode #15: block 1803188595: comm syz.2.1038: invalid block [ 101.257103][ T6802] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1038: couldn't read orphan inode 15 (err -117) [ 101.272313][ T6806] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.1039: corrupted in-inode xattr: e_value size too large [ 101.312837][ T6806] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1039: couldn't read orphan inode 15 (err -117) [ 101.316708][ T6802] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.340240][ T6806] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.386103][ T6819] loop0: detected capacity change from 0 to 736 [ 101.397050][ T6806] EXT4-fs error (device loop3): ext4_add_entry:2435: inode #2: comm syz.3.1039: Directory hole found for htree leaf block 0 [ 101.401026][ T6080] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.420248][ T6819] iso9660: Bad value for 'mode' [ 101.444910][ T6821] loop1: detected capacity change from 0 to 128 [ 101.477971][ T6821] loop1: detected capacity change from 0 to 128 [ 101.623438][ T6841] loop1: detected capacity change from 0 to 4096 [ 101.771865][ T6859] loop1: detected capacity change from 0 to 4096 [ 101.846731][ T6864] nft_compat: unsupported protocol 1 [ 101.858811][ T6864] loop1: detected capacity change from 0 to 512 [ 101.866084][ T6864] EXT4-fs: Ignoring removed bh option [ 101.931358][ T6876] loop0: detected capacity change from 0 to 128 [ 101.987638][ T6876] loop0: detected capacity change from 0 to 128 [ 102.016560][ T6887] loop2: detected capacity change from 0 to 512 [ 102.042856][ T6887] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.062978][ T6887] ext4 filesystem being mounted at /24/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 102.063538][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.085332][ T6885] loop1: detected capacity change from 0 to 4096 [ 102.096877][ T6889] loop0: detected capacity change from 0 to 4096 [ 102.106882][ T6080] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.141460][ T6889] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.189629][ T6896] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 102.192001][ T6897] loop2: detected capacity change from 0 to 8192 [ 102.214861][ T6897] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 102.223525][ T6897] FAT-fs (loop2): Filesystem has been set read-only [ 102.238682][ T6900] nft_compat: unsupported protocol 1 [ 102.249661][ T6024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.253366][ T6900] loop1: detected capacity change from 0 to 512 [ 102.273424][ T6900] EXT4-fs: Ignoring removed bh option [ 102.391329][ T6914] loop2: detected capacity change from 0 to 4096 [ 102.424140][ T6920] loop4: detected capacity change from 0 to 128 [ 102.429123][ T6919] loop3: detected capacity change from 0 to 512 [ 102.442747][ T6916] loop1: detected capacity change from 0 to 1024 [ 102.457565][ T6914] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.465173][ T6916] SELinux: Context #! ./file0 is not valid (left unmapped). [ 102.485744][ T6919] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.1078: corrupted in-inode xattr: e_value size too large [ 102.503496][ T6929] loop4: detected capacity change from 0 to 128 [ 102.513122][ T6919] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1078: couldn't read orphan inode 15 (err -117) [ 102.567029][ T6919] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.605332][ T6919] EXT4-fs error (device loop3): ext4_add_entry:2435: inode #2: comm syz.3.1078: Directory hole found for htree leaf block 0 [ 102.619497][ T6080] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.785557][ T6953] syz.0.1089[6953] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 102.785697][ T6953] syz.0.1089[6953] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 102.913961][ T6962] loop1: detected capacity change from 0 to 4096 [ 102.932076][ T6967] loop0: detected capacity change from 0 to 512 [ 102.945539][ T6967] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 103.055211][ T6969] loop2: detected capacity change from 0 to 4096 [ 103.119003][ T6969] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.348017][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.349296][ T6080] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.375193][ T6967] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 103.417253][ T6967] tipc: Started in network mode [ 103.422176][ T6967] tipc: Node identity b88, cluster identity 5 [ 103.428449][ T6967] tipc: Node number set to 2952 [ 103.443167][ T6967] tipc: Cannot configure node identity twice [ 103.459590][ T6967] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1095'. [ 103.471468][ T6967] syzkaller1: entered promiscuous mode [ 103.477024][ T6967] syzkaller1: entered allmulticast mode [ 103.631699][ T6997] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1107'. [ 103.722336][ T7004] FAULT_INJECTION: forcing a failure. [ 103.722336][ T7004] name failslab, interval 1, probability 0, space 0, times 0 [ 103.735086][ T7004] CPU: 1 UID: 0 PID: 7004 Comm: syz.2.1110 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 103.745551][ T7004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 103.755628][ T7004] Call Trace: [ 103.759007][ T7004] [ 103.761964][ T7004] dump_stack_lvl+0xf2/0x150 [ 103.766599][ T7004] dump_stack+0x15/0x20 [ 103.770845][ T7004] should_fail_ex+0x229/0x230 [ 103.775674][ T7004] ? xfrm_state_alloc+0x2c/0x180 [ 103.780663][ T7004] should_failslab+0x8f/0xb0 [ 103.785303][ T7004] kmem_cache_alloc_noprof+0x4c/0x290 [ 103.790721][ T7004] xfrm_state_alloc+0x2c/0x180 [ 103.795549][ T7004] xfrm_add_sa+0xd7c/0x2010 [ 103.800188][ T7004] xfrm_user_rcv_msg+0x4a3/0x5c0 [ 103.805170][ T7004] ? __kfree_skb+0x102/0x150 [ 103.809867][ T7004] ? consume_skb+0x57/0x180 [ 103.814413][ T7004] netlink_rcv_skb+0x12c/0x230 [ 103.819209][ T7004] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 103.824766][ T7004] xfrm_netlink_rcv+0x47/0x60 [ 103.829496][ T7004] netlink_unicast+0x593/0x670 [ 103.834376][ T7004] netlink_sendmsg+0x5cc/0x6e0 [ 103.839201][ T7004] ? __pfx_netlink_sendmsg+0x10/0x10 [ 103.844543][ T7004] __sock_sendmsg+0x140/0x180 [ 103.849343][ T7004] ____sys_sendmsg+0x312/0x410 [ 103.854207][ T7004] __sys_sendmsg+0x1e9/0x280 [ 103.858933][ T7004] __x64_sys_sendmsg+0x46/0x50 [ 103.863741][ T7004] x64_sys_call+0x26f8/0x2e00 [ 103.868433][ T7004] do_syscall_64+0xc9/0x1c0 [ 103.872964][ T7004] ? clear_bhb_loop+0x55/0xb0 [ 103.877675][ T7004] ? clear_bhb_loop+0x55/0xb0 [ 103.882364][ T7004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.888376][ T7004] RIP: 0033:0x7f19f5e27299 [ 103.892878][ T7004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.912644][ T7004] RSP: 002b:00007f19f4aa7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 103.921188][ T7004] RAX: ffffffffffffffda RBX: 00007f19f5fb5f80 RCX: 00007f19f5e27299 [ 103.929177][ T7004] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 103.937184][ T7004] RBP: 00007f19f4aa70a0 R08: 0000000000000000 R09: 0000000000000000 [ 103.945248][ T7004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.953220][ T7004] R13: 000000000000000b R14: 00007f19f5fb5f80 R15: 00007ffe249d2ea8 [ 103.961241][ T7004] [ 103.972265][ T7009] FAULT_INJECTION: forcing a failure. [ 103.972265][ T7009] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 103.985441][ T7009] CPU: 0 UID: 0 PID: 7009 Comm: syz.3.1112 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 103.990588][ T7021] netlink: 'syz.4.1116': attribute type 1 has an invalid length. [ 103.995880][ T7009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 103.995899][ T7009] Call Trace: [ 103.995908][ T7009] [ 103.995916][ T7009] dump_stack_lvl+0xf2/0x150 [ 104.020013][ T7018] sctp: [Deprecated]: syz.3.1112 (pid 7018) Use of int in max_burst socket option deprecated. [ 104.020013][ T7018] Use struct sctp_assoc_value instead [ 104.024599][ T7009] dump_stack+0x15/0x20 [ 104.044300][ T7009] should_fail_ex+0x229/0x230 [ 104.049002][ T7009] should_fail+0xb/0x10 [ 104.053173][ T7009] should_fail_usercopy+0x1a/0x20 [ 104.058221][ T7009] _copy_to_user+0x1e/0xa0 [ 104.062661][ T7009] rng_dev_read+0x3aa/0x6c0 [ 104.067179][ T7009] vfs_readv+0x3f1/0x660 [ 104.071468][ T7009] ? __pfx_rng_dev_read+0x10/0x10 [ 104.076616][ T7009] __x64_sys_preadv+0x100/0x1c0 [ 104.081481][ T7009] x64_sys_call+0x140b/0x2e00 [ 104.086225][ T7009] do_syscall_64+0xc9/0x1c0 [ 104.090819][ T7009] ? clear_bhb_loop+0x55/0xb0 [ 104.095524][ T7009] ? clear_bhb_loop+0x55/0xb0 [ 104.100254][ T7009] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.106163][ T7009] RIP: 0033:0x7fe0b18c7299 [ 104.110582][ T7009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.130220][ T7009] RSP: 002b:00007fe0b0547048 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 104.138637][ T7009] RAX: ffffffffffffffda RBX: 00007fe0b1a55f80 RCX: 00007fe0b18c7299 [ 104.146654][ T7009] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000003 [ 104.154635][ T7009] RBP: 00007fe0b05470a0 R08: 0000000000000000 R09: 0000000000000000 [ 104.162629][ T7009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 104.170647][ T7009] R13: 000000000000000b R14: 00007fe0b1a55f80 R15: 00007ffcfe957988 [ 104.178627][ T7009] [ 104.190720][ T29] kauditd_printk_skb: 26 callbacks suppressed [ 104.190736][ T29] audit: type=1400 audit(1721958012.770:731): avc: denied { getopt } for pid=7025 comm="syz.0.1117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 104.262815][ T29] audit: type=1400 audit(1721958012.850:732): avc: denied { create } for pid=7033 comm="syz.2.1121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 104.307691][ T29] audit: type=1400 audit(1721958012.900:733): avc: denied { listen } for pid=7038 comm="syz.3.1123" laddr=::ffff:172.30.0.4 lport=55987 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 104.329269][ T7036] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1122'. [ 104.333517][ T29] audit: type=1400 audit(1721958012.900:734): avc: denied { accept } for pid=7038 comm="syz.3.1123" laddr=::ffff:172.30.0.4 lport=55987 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 104.366646][ T29] audit: type=1400 audit(1721958012.900:735): avc: denied { read } for pid=7038 comm="syz.3.1123" laddr=::ffff:172.30.0.4 lport=55987 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 104.393559][ T29] audit: type=1400 audit(1721958012.990:736): avc: denied { setopt } for pid=7038 comm="syz.3.1123" laddr=::ffff:172.30.0.4 lport=55987 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 104.500370][ T7056] loop3: detected capacity change from 0 to 512 [ 104.529411][ T7056] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.544098][ T7056] ext4 filesystem being mounted at /299/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 104.574069][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.629935][ T29] audit: type=1326 audit(1721958013.220:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7068 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f725d0a7299 code=0x7ffc0000 [ 104.653390][ T29] audit: type=1326 audit(1721958013.220:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7068 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f725d0a7299 code=0x7ffc0000 [ 104.676795][ T29] audit: type=1326 audit(1721958013.220:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7068 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f725d0a7299 code=0x7ffc0000 [ 104.700156][ T29] audit: type=1326 audit(1721958013.220:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7068 comm="syz.0.1132" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f725d0a7299 code=0x7ffc0000 [ 104.735995][ T7073] loop4: detected capacity change from 0 to 512 [ 104.742999][ T7073] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 104.754772][ T7073] EXT4-fs (loop4): 1 orphan inode deleted [ 104.760645][ T7073] EXT4-fs (loop4): 1 truncate cleaned up [ 104.772477][ T7073] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.796781][ T7078] loop0: detected capacity change from 0 to 164 [ 104.815415][ T7080] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1136'. [ 104.826411][ T6135] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.858998][ T7078] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 104.867909][ T7078] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 104.876758][ T7078] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 104.885533][ T7078] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 104.896015][ T7078] vxlan0: entered promiscuous mode [ 104.897269][ T7087] netlink: 'syz.3.1139': attribute type 1 has an invalid length. [ 104.901184][ T7078] vxlan0: entered allmulticast mode [ 104.920345][ T7078] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 104.929319][ T7078] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 104.938250][ T7078] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 104.947243][ T7078] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 104.959829][ T7092] loop3: detected capacity change from 0 to 1024 [ 104.974401][ T7092] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 104.988881][ T7092] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 104.999846][ T7092] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 not in group (block 2)! [ 105.010119][ T7092] EXT4-fs (loop3): group descriptors corrupted! [ 105.020753][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 105.100329][ T7100] FAULT_INJECTION: forcing a failure. [ 105.100329][ T7100] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 105.113577][ T7100] CPU: 1 UID: 0 PID: 7100 Comm: syz.4.1146 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 105.124086][ T7100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 105.134176][ T7100] Call Trace: [ 105.136547][ T7109] loop2: detected capacity change from 0 to 4096 [ 105.137455][ T7100] [ 105.146719][ T7100] dump_stack_lvl+0xf2/0x150 [ 105.151334][ T7100] dump_stack+0x15/0x20 [ 105.155585][ T7100] should_fail_ex+0x229/0x230 [ 105.160284][ T7100] should_fail+0xb/0x10 [ 105.164460][ T7100] should_fail_usercopy+0x1a/0x20 [ 105.169560][ T7100] _copy_from_user+0x1e/0xd0 [ 105.174219][ T7100] inet6_ioctl+0xf2/0x190 [ 105.178628][ T7100] sock_do_ioctl+0x81/0x260 [ 105.183210][ T7100] sock_ioctl+0x470/0x640 [ 105.187665][ T7100] ? __pfx_sock_ioctl+0x10/0x10 [ 105.192532][ T7100] __se_sys_ioctl+0xd3/0x150 [ 105.197191][ T7100] __x64_sys_ioctl+0x43/0x50 [ 105.201815][ T7100] x64_sys_call+0x1688/0x2e00 [ 105.206593][ T7100] do_syscall_64+0xc9/0x1c0 [ 105.211123][ T7100] ? clear_bhb_loop+0x55/0xb0 [ 105.215878][ T7100] ? clear_bhb_loop+0x55/0xb0 [ 105.220690][ T7100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.226595][ T7100] RIP: 0033:0x7fc176ed7299 [ 105.231061][ T7100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.250731][ T7100] RSP: 002b:00007fc175b57048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 105.259190][ T7100] RAX: ffffffffffffffda RBX: 00007fc177065f80 RCX: 00007fc176ed7299 [ 105.267173][ T7100] RDX: 0000000020000640 RSI: 000000000000890b RDI: 0000000000000004 [ 105.275235][ T7100] RBP: 00007fc175b570a0 R08: 0000000000000000 R09: 0000000000000000 [ 105.283227][ T7100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.291228][ T7100] R13: 000000000000000b R14: 00007fc177065f80 R15: 00007ffc88bb4828 [ 105.299208][ T7100] [ 105.336271][ T7109] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.416255][ T6080] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.424523][ T7118] loop0: detected capacity change from 0 to 4096 [ 105.472243][ T7118] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.521392][ T7130] IPVS: Error connecting to the multicast addr [ 105.563694][ T6024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.604759][ T7136] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1155'. [ 105.648577][ T7138] loop3: detected capacity change from 0 to 4096 [ 105.661631][ T7140] loop2: detected capacity change from 0 to 128 [ 105.678344][ T7138] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.710481][ T7145] loop0: detected capacity change from 0 to 128 [ 105.754732][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.850743][ T7154] loop1: detected capacity change from 0 to 1024 [ 105.866136][ T7156] netlink: 'syz.3.1165': attribute type 1 has an invalid length. [ 105.875647][ T7154] EXT4-fs: Ignoring removed orlov option [ 105.881358][ T7154] EXT4-fs: Ignoring removed nomblk_io_submit option [ 106.048969][ T7170] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1170'. [ 106.275256][ T7175] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1171'. [ 106.288032][ T7177] loop2: detected capacity change from 0 to 128 [ 106.425768][ T7185] loop2: detected capacity change from 0 to 512 [ 106.434759][ T7185] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 106.451496][ T7185] EXT4-fs (loop2): 1 orphan inode deleted [ 106.457347][ T7185] EXT4-fs (loop2): 1 truncate cleaned up [ 106.463686][ T7185] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.489932][ T6080] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.489940][ T7191] loop4: detected capacity change from 0 to 512 [ 106.514960][ T7191] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 106.560112][ T7199] loop2: detected capacity change from 0 to 164 [ 106.570671][ T7191] xt_CT: You must specify a L4 protocol and not use inversions on it [ 106.587273][ T7199] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 106.596228][ T7199] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 106.605285][ T7199] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 106.614292][ T7199] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 106.628739][ T7199] vxlan0: entered promiscuous mode [ 106.633937][ T7199] vxlan0: entered allmulticast mode [ 106.641645][ T7199] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 106.650790][ T7199] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 106.659829][ T7199] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 106.668766][ T7199] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 106.706898][ T7201] loop4: detected capacity change from 0 to 128 [ 106.873211][ T7204] loop0: detected capacity change from 0 to 4096 [ 106.916448][ T7204] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.929865][ T7210] loop1: detected capacity change from 0 to 4096 [ 106.990815][ T7214] IPVS: Error connecting to the multicast addr [ 107.013177][ T6024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.109702][ T7228] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1187'. [ 107.142376][ T7228] netlink: 172 bytes leftover after parsing attributes in process `syz.0.1187'. [ 107.158253][ T7230] loop1: detected capacity change from 0 to 128 [ 107.248194][ T7235] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1193'. [ 107.326134][ T7237] loop3: detected capacity change from 0 to 2048 [ 107.341652][ T7237] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.378194][ T7237] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1194: bg 0: block 234: padding at end of block bitmap is not set [ 107.408995][ T7237] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 17 with max blocks 1 with error 117 [ 107.421653][ T7237] EXT4-fs (loop3): This should not happen!! Data will be lost [ 107.421653][ T7237] [ 107.453323][ T7237] syz.3.1194 (7237) used greatest stack depth: 9520 bytes left [ 107.491859][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.559200][ T7252] xt_connbytes: Forcing CT accounting to be enabled [ 107.566599][ T7255] loop4: detected capacity change from 0 to 4096 [ 107.592591][ T7252] Cannot find add_set index 0 as target [ 107.594943][ T7255] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.648319][ T6135] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.753107][ T7264] loop4: detected capacity change from 0 to 4096 [ 107.784117][ T7264] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.894745][ T6135] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.995107][ T7277] netlink: 'syz.3.1207': attribute type 1 has an invalid length. [ 108.119348][ T7291] loop0: detected capacity change from 0 to 4096 [ 108.135556][ T7291] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.170064][ T7293] loop2: detected capacity change from 0 to 128 [ 108.176039][ T7303] loop1: detected capacity change from 0 to 4096 [ 108.232101][ T7307] loop1: detected capacity change from 0 to 4096 [ 108.262345][ T7309] netlink: 'syz.1.1220': attribute type 1 has an invalid length. [ 108.311639][ T6024] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.346170][ T7314] FAULT_INJECTION: forcing a failure. [ 108.346170][ T7314] name failslab, interval 1, probability 0, space 0, times 0 [ 108.358882][ T7314] CPU: 1 UID: 0 PID: 7314 Comm: syz.1.1222 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 108.369456][ T7314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 108.379610][ T7314] Call Trace: [ 108.382896][ T7314] [ 108.385842][ T7314] dump_stack_lvl+0xf2/0x150 [ 108.390471][ T7314] dump_stack+0x15/0x20 [ 108.394781][ T7314] should_fail_ex+0x229/0x230 [ 108.399622][ T7314] ? __alloc_skb+0x10b/0x310 [ 108.404286][ T7314] should_failslab+0x8f/0xb0 [ 108.408898][ T7314] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 108.414719][ T7314] ? __rtnl_unlock+0x99/0xb0 [ 108.419328][ T7314] __alloc_skb+0x10b/0x310 [ 108.423754][ T7314] netlink_ack+0xef/0x4f0 [ 108.428091][ T7314] ? __dev_queue_xmit+0x161/0x1fe0 [ 108.433344][ T7314] netlink_rcv_skb+0x19c/0x230 [ 108.438120][ T7314] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 108.443720][ T7314] rtnetlink_rcv+0x1c/0x30 [ 108.448186][ T7314] netlink_unicast+0x593/0x670 [ 108.452961][ T7314] netlink_sendmsg+0x5cc/0x6e0 [ 108.457758][ T7314] ? __pfx_netlink_sendmsg+0x10/0x10 [ 108.463103][ T7314] __sock_sendmsg+0x140/0x180 [ 108.467869][ T7314] ____sys_sendmsg+0x312/0x410 [ 108.472649][ T7314] __sys_sendmsg+0x1e9/0x280 [ 108.477264][ T7314] __x64_sys_sendmsg+0x46/0x50 [ 108.482040][ T7314] x64_sys_call+0x26f8/0x2e00 [ 108.486892][ T7314] do_syscall_64+0xc9/0x1c0 [ 108.491457][ T7314] ? clear_bhb_loop+0x55/0xb0 [ 108.496243][ T7314] ? clear_bhb_loop+0x55/0xb0 [ 108.500933][ T7314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.506842][ T7314] RIP: 0033:0x7f4eec5c7299 [ 108.511256][ T7314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.530875][ T7314] RSP: 002b:00007f4eeb247048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 108.539463][ T7314] RAX: ffffffffffffffda RBX: 00007f4eec755f80 RCX: 00007f4eec5c7299 [ 108.547444][ T7314] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004 [ 108.555504][ T7314] RBP: 00007f4eeb2470a0 R08: 0000000000000000 R09: 0000000000000000 [ 108.563572][ T7314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.571562][ T7314] R13: 000000000000000b R14: 00007f4eec755f80 R15: 00007fff61c4f4c8 [ 108.579555][ T7314] [ 108.599680][ T7322] loop2: detected capacity change from 0 to 128 [ 108.660667][ T7321] loop0: detected capacity change from 0 to 128 [ 108.725203][ T7321] __nla_validate_parse: 1 callbacks suppressed [ 108.725220][ T7321] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1221'. [ 108.740180][ T7335] loop1: detected capacity change from 0 to 4096 [ 108.744497][ T7329] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1228'. [ 108.830743][ T7338] loop3: detected capacity change from 0 to 4096 [ 108.853218][ T7340] netlink: 'syz.4.1232': attribute type 1 has an invalid length. [ 108.861546][ T7338] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.879689][ T7343] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7343 comm=syz.1.1233 [ 108.937101][ T7343] loop1: detected capacity change from 0 to 512 [ 108.951641][ T3262] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.171323][ T7361] loop4: detected capacity change from 0 to 2048 [ 109.237735][ T7361] loop4: p4 < > [ 109.266093][ T2959] loop4: p4 < > [ 109.405833][ T7373] loop2: detected capacity change from 0 to 4096 [ 109.419494][ T7376] loop1: detected capacity change from 0 to 512 [ 109.451736][ T3706] udevd[3706]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 109.480737][ T29] kauditd_printk_skb: 73 callbacks suppressed [ 109.480760][ T29] audit: type=1400 audit(1721958018.070:814): avc: denied { connect } for pid=7375 comm="syz.1.1246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 109.532796][ T7382] netlink: 'syz.4.1249': attribute type 4 has an invalid length. [ 109.536157][ T29] audit: type=1400 audit(1721958018.100:815): avc: denied { write } for pid=7375 comm="syz.1.1246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 109.559948][ T29] audit: type=1400 audit(1721958018.110:816): avc: denied { read } for pid=7375 comm="syz.1.1246" path="socket:[21399]" dev="sockfs" ino=21399 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 109.584526][ T29] audit: type=1326 audit(1721958018.110:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7375 comm="syz.1.1246" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4eec5c7299 code=0x0 [ 109.609857][ T29] audit: type=1400 audit(1721958018.200:818): avc: denied { write } for pid=2941 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 109.631359][ T29] audit: type=1400 audit(1721958018.200:819): avc: denied { remove_name } for pid=2941 comm="syslogd" name="messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 109.654044][ T29] audit: type=1400 audit(1721958018.200:820): avc: denied { rename } for pid=2941 comm="syslogd" name="messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 109.676320][ T29] audit: type=1400 audit(1721958018.200:821): avc: denied { add_name } for pid=2941 comm="syslogd" name="messages.0" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 109.698933][ T29] audit: type=1400 audit(1721958018.200:822): avc: denied { unlink } for pid=2941 comm="syslogd" name="messages.0" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 109.721342][ T29] audit: type=1400 audit(1721958018.200:823): avc: denied { create } for pid=2941 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 109.785962][ T7393] loop4: detected capacity change from 0 to 1024 [ 109.786846][ T7392] IPv6: sit1: Disabled Multicast RS [ 109.792724][ T7393] EXT4-fs: Ignoring removed orlov option [ 109.803338][ T7393] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.920687][ T7412] loop2: detected capacity change from 0 to 4096 [ 109.934866][ T7414] loop0: detected capacity change from 0 to 128 [ 110.007158][ T7418] netlink: 'syz.2.1259': attribute type 1 has an invalid length. [ 110.040800][ T7423] loop4: detected capacity change from 0 to 128 [ 110.055315][ T7425] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 110.055315][ T7425] program syz.2.1262 not setting count and/or reply_len properly [ 110.104003][ T7429] loop2: detected capacity change from 0 to 512 [ 110.113674][ T7429] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 110.125189][ T7429] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c019, mo2=0002] [ 110.133207][ T7429] System zones: 1-12 [ 110.138957][ T7429] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2862: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 110.152257][ T7429] EXT4-fs (loop2): 1 truncate cleaned up [ 110.222714][ T7436] IPv6: sit1: Disabled Multicast RS [ 110.433529][ T7448] loop2: detected capacity change from 0 to 4096 [ 110.454759][ T7446] loop1: detected capacity change from 0 to 4096 [ 110.590287][ T7455] netlink: 'syz.1.1273': attribute type 1 has an invalid length. [ 110.820259][ T7473] loop1: detected capacity change from 0 to 4096 [ 110.841658][ T7475] loop2: detected capacity change from 0 to 4096 [ 110.861388][ T7477] loop0: detected capacity change from 0 to 4096 [ 110.991122][ T7489] netlink: 'syz.4.1287': attribute type 1 has an invalid length. [ 111.012773][ T7487] loop0: detected capacity change from 0 to 4096 [ 111.090419][ T7495] loop2: detected capacity change from 0 to 512 [ 111.127156][ T7504] syzkaller0: entered promiscuous mode [ 111.132855][ T7504] syzkaller0: entered allmulticast mode [ 111.172605][ T7506] loop0: detected capacity change from 0 to 4096 [ 111.279732][ T7509] loop0: detected capacity change from 0 to 4096 [ 111.306666][ T7511] loop1: detected capacity change from 0 to 4096 [ 111.356479][ T7514] loop4: detected capacity change from 0 to 4096 [ 111.398198][ T7520] netlink: 'syz.0.1298': attribute type 1 has an invalid length. [ 111.452904][ T7527] loop1: detected capacity change from 0 to 128 [ 111.535113][ T7533] loop3: detected capacity change from 0 to 128 [ 111.544594][ T7531] loop0: detected capacity change from 0 to 4096 [ 112.111961][ T7546] FAULT_INJECTION: forcing a failure. [ 112.111961][ T7546] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 112.125206][ T7546] CPU: 0 UID: 0 PID: 7546 Comm: syz.2.1309 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 112.135548][ T7546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 112.145620][ T7546] Call Trace: [ 112.148909][ T7546] [ 112.151897][ T7546] dump_stack_lvl+0xf2/0x150 [ 112.156531][ T7546] dump_stack+0x15/0x20 [ 112.160831][ T7546] should_fail_ex+0x229/0x230 [ 112.165623][ T7546] should_fail+0xb/0x10 [ 112.169811][ T7546] should_fail_usercopy+0x1a/0x20 [ 112.174895][ T7546] _copy_from_user+0x1e/0xd0 [ 112.179518][ T7546] sctp_setsockopt+0xbe/0xea0 [ 112.184294][ T7546] sock_common_setsockopt+0x64/0x80 [ 112.189615][ T7546] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 112.195632][ T7546] __sys_setsockopt+0x1d8/0x250 [ 112.200687][ T7546] __x64_sys_setsockopt+0x66/0x80 [ 112.205830][ T7546] x64_sys_call+0x2a0e/0x2e00 [ 112.210599][ T7546] do_syscall_64+0xc9/0x1c0 [ 112.215130][ T7546] ? clear_bhb_loop+0x55/0xb0 [ 112.219889][ T7546] ? clear_bhb_loop+0x55/0xb0 [ 112.224748][ T7546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.230963][ T7546] RIP: 0033:0x7f19f5e27299 [ 112.235392][ T7546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.255191][ T7546] RSP: 002b:00007f19f4aa7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 112.263738][ T7546] RAX: ffffffffffffffda RBX: 00007f19f5fb5f80 RCX: 00007f19f5e27299 [ 112.271726][ T7546] RDX: 0000000000000072 RSI: 0000000000000084 RDI: 0000000000000003 [ 112.279719][ T7546] RBP: 00007f19f4aa70a0 R08: 000000000000000c R09: 0000000000000000 [ 112.287849][ T7546] R10: 00000000200005c0 R11: 0000000000000246 R12: 0000000000000001 [ 112.295840][ T7546] R13: 000000000000000b R14: 00007f19f5fb5f80 R15: 00007ffe249d2ea8 [ 112.303839][ T7546] [ 112.490239][ T7549] netlink: 'syz.4.1311': attribute type 1 has an invalid length. [ 112.563731][ T7550] loop0: detected capacity change from 0 to 4096 [ 112.590584][ T7557] loop2: detected capacity change from 0 to 4096 [ 112.592596][ T7560] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 112.592596][ T7560] program syz.3.1316 not setting count and/or reply_len properly [ 112.696839][ T7568] loop1: detected capacity change from 0 to 4096 [ 112.727736][ T7576] loop4: detected capacity change from 0 to 128 [ 112.736208][ T7578] loop3: detected capacity change from 0 to 128 [ 112.756244][ T7583] loop1: detected capacity change from 0 to 256 [ 112.771210][ T7584] loop0: detected capacity change from 0 to 128 [ 112.810931][ T7588] netlink: 'syz.2.1326': attribute type 1 has an invalid length. [ 112.908618][ T7600] sg_write: data in/out 185/70 bytes for SCSI command 0x0-- guessing data in; [ 112.908618][ T7600] program syz.1.1330 not setting count and/or reply_len properly [ 113.003240][ T7605] loop2: detected capacity change from 0 to 4096 [ 113.131057][ T7612] loop2: detected capacity change from 0 to 4096 [ 113.151550][ T7614] loop1: detected capacity change from 0 to 4096 [ 113.289215][ T7617] loop1: detected capacity change from 0 to 4096 [ 113.395995][ T7622] netlink: 'syz.2.1339': attribute type 1 has an invalid length. [ 113.459485][ T7591] ================================================================== [ 113.467627][ T7591] BUG: KCSAN: data-race in __mark_inode_dirty / writeback_single_inode [ 113.475923][ T7591] [ 113.478259][ T7591] write to 0xffff8881064e2b28 of 8 bytes by task 7578 on cpu 0: [ 113.485910][ T7591] writeback_single_inode+0x10e/0x4a0 [ 113.491308][ T7591] sync_inode_metadata+0x5c/0x90 [ 113.496264][ T7591] __generic_file_fsync+0xf9/0x140 [ 113.501416][ T7591] fat_file_fsync+0x4c/0x100 [ 113.506126][ T7591] vfs_fsync_range+0x122/0x140 [ 113.510934][ T7591] generic_file_write_iter+0x191/0x1d0 [ 113.516510][ T7591] iter_file_splice_write+0x5e6/0x970 [ 113.521918][ T7591] direct_splice_actor+0x16c/0x2c0 [ 113.527066][ T7591] splice_direct_to_actor+0x305/0x670 [ 113.532489][ T7591] do_splice_direct+0xd7/0x150 [ 113.537286][ T7591] do_sendfile+0x3ab/0x950 [ 113.541730][ T7591] __x64_sys_sendfile64+0x110/0x150 [ 113.546951][ T7591] x64_sys_call+0xfc3/0x2e00 [ 113.551579][ T7591] do_syscall_64+0xc9/0x1c0 [ 113.556141][ T7591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.562066][ T7591] [ 113.564402][ T7591] read to 0xffff8881064e2b28 of 8 bytes by task 7591 on cpu 1: [ 113.571951][ T7591] __mark_inode_dirty+0x19f/0x7e0 [ 113.576999][ T7591] fat_update_time+0x1f5/0x210 [ 113.581776][ T7591] touch_atime+0x14f/0x350 [ 113.586202][ T7591] filemap_splice_read+0x8b0/0x920 [ 113.591330][ T7591] splice_direct_to_actor+0x26c/0x670 [ 113.596711][ T7591] do_splice_direct+0xd7/0x150 [ 113.601487][ T7591] do_sendfile+0x3ab/0x950 [ 113.605913][ T7591] __x64_sys_sendfile64+0x110/0x150 [ 113.611123][ T7591] x64_sys_call+0xfc3/0x2e00 [ 113.615728][ T7591] do_syscall_64+0xc9/0x1c0 [ 113.620856][ T7591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.626761][ T7591] [ 113.629106][ T7591] value changed: 0x0000000000000007 -> 0x0000000000000080 [ 113.636648][ T7591] [ 113.638979][ T7591] Reported by Kernel Concurrency Sanitizer on: [ 113.645122][ T7591] CPU: 1 UID: 0 PID: 7591 Comm: syz.3.1324 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 [ 113.655453][ T7591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 113.665517][ T7591] ==================================================================