last executing test programs: 2.908739901s ago: executing program 4 (id=1302): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x5, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/43}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000180)='./file2\x00', 0x80, &(0x7f00000001c0)=ANY=[@ANYBLOB="756e686964652c68696465006e6f726f636b2c73657373696f6e3d3078303030303030013030303030303030312c686964652c63007b6865636b3d7374726963f4416e6f636fd689c91ceb036442a5e8b65659212a2bbc4e30952aa22edafcc01c50d9545f6d70726573534d6e6f726f636b2c6368657f12106458668eb97fd25f742c696f636861727365743d69736f383835392d31332c63727566742c7065726d6928d7997c17d1c8704a54dc34229c72656374696f2c61756469742c004b32b19ac463afda9675ef356e50e2fb3d253ba1480f27afe645fded942f5957f2992896524e7731fa148037452b21c34c9918911ac37dff04099efbbf3c69c8fb9bdcda4683151bb24329a40b273da9bce1145213686d55a96caab752943c330423edc3876e0b859d57cd6d60dc5220aa1367c24de5e66343c128db17391d25b7aa35001e68df726f9ca1e0bfab6993329f0318602f3c51a28ed0858da3e3c47e95de50cbd34e68dd8517f1b4e1eeab0000000000e7b4ea43ef9e4d817aae8e0d2e71215bc0127620b046361adbde0b60bee63e91aa28d93cd8d79802966dbfacceffe6b1d302c5515d7323f7cca3f665a6964cba6cd16ae40bc68e94ac6b40bf96a55dcefd4024a5d7a848d08bdb5d8bb89b4c1968cf6ae0fd7858fa38b738c1ee6822f2cfdb30c3941199251d603d495ab6ce2ddb8e918e72b9171aaa287f2b19755bdc92109150850d5c14ec2ac32dee0122b28fcb3e88d5096d6352799c5f13f597695adfd21e644379e6a400000000000000000000000000fa41c3f14dca4ef03fed7e6466a4e2d4503979398731ee0fc7487e0b09466d841e2d8e64ed9e0d4333e6a79acee454fdb4fff932f123000000", @ANYRES8, @ANYRESOCT], 0x1, 0x67e, &(0x7f0000001600)="$eJzs3V1v29Ydx/Ef5SfFHYJiG4IgSJOTZAUcLFMouXFgZMCqUZTNTRIFUh5sYECRNXYRRE63JAMW3xS+2BPQvYHd9WK72IsYsOu9iu1uA4rtbsBuWPCQsiVbD1btJG3y/QStKPLPc/4kFf7BSDwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQ49Vct+yoEbQ2Ns1oXi0Km2OWZ63N6WY2cXNiv5KT/qdiURezWRe/fbj4Qvq/67qcvbusYvpS1N5bF96+963ZQm/9MQl9GZq2wafP9x7d73a3n5wgdkZTN/8qqXCCoDW/FcRh0Kyu+SaIQ7O6suLeXq/Hph40/Hgr7vhN40V+oRNGZsm7acqrq8vGL22FG621WrXh92be/V7FdVfMjxayAy2pFHvrQaMRtNZsTLo4jblrPv1pFuBXm8bsPOxuL09KMg0qnySoMimo4lYq5XKlUl65s3rnruvOHpvhphz3gI5FnPmHFl8zZ3fyBk6pkNb/fzpSQ0W1tKFNmaF/PNUUKVRzxPJcr/6/e9sf229//e9V+YvSD/LFl2Tr/5Xs3ZVR9X9ELkbGrjBsiTNi/nR/5vJWnuq59vRI99VVV9t6cgZtG5mrp23h12eSxz+SzOiINflqKVCsUIGaqto5Jp9jtKoVrcjVB1pXXbGM6grUkK9YW4rVkW8/UZ4i+aqqo1CRjJbk6aaMylrVqpZl5KukLYXaUEtrqqmq/yVJsqOHdr8vj9kK9YLKIwIW+oMqY1oaVf9/9kn2Oc3rv0v9f1Nln4OF/Cw2Lgb4Ckjy6/8pXX0x2QAAAAAAgBfBsf/67tjv7t+RlKgeNHz3VacFAAAAAADOkKNkQZflyP6kTe/I4fofAAAAAIDXjWPvsXMkLdof9TuHd0Kd5B8BZl5CigAAAAAA4JTsnf9X5qXEDlpxVc5U1/8AAAAAAOBr4Hd9Y+zP9sbYTXpf6xckxe0F56//WVA05+y3N7/j7FbTJdXdPObYLwA69UvO+XygXvsyL8m+8/zLTt5bPgjmwbiDn+9MGuvfiY4kMD/T38CIBJy055XZ/J0+1bVslWv5OPMP9gqyS7JeFutBwy95YeNeWdXq+ULH3+z88vHDX0nRwXbuPOxulz78uPvA5rKfztrfTRv9ZCCdwvCdcZjLMzvegr3nYtgWn1O91+XvW81Fx/br9rZ/RtXdQn9H4w7AYZ+/0fXsmF1fzGIX9w5G3E+3v5huf7lkD9nA1kdzzmEW5aNbPuxAjMiiaLO4kcXcWLqRvfTyS9spOMXvzkiV0vFjMJBFpT+LyfvC+e+xfTEui3xfLKdZ/C1taEQWy9NlceyIAMCrsnNYhewg5sfqbq889E5qX6ruTK7u7w9W92d/TBK7wow0m383MbaXotIz+pJj69C87Il19tKQM7qb15WiRpzR3VNUt7Svvxw+AylP+1gW/0+S5F7Z9vuHI1X1s3SFz0b2GzcqM+kuvP1s9+d2APzUR9sfbT+uVJZX3Pdc905Fc3Yz8pcZHc2U32wCAE7wjJ2JEc57upZFXHvw73ezqYGK982DnxSU9KE+VlcPdKv3CIGrw1td7PsZwq3sqlV9V63mwtv3zklHY8u6NfKqztbSvtjKQeyceqsMVurD2OUXfBQAAHi5rk+ow8Prf3Gg/t/SUhaxdGnodfdgLT/6hOBRseXJyb9/1nsDAIA3gx997ix2futEUdD+oLy6Wq521n0Thd6PTRTU1nwTtDp+5K1XW2u+aUdhJ/TChmlHWghqfmzijXY7jDqmHkamHcbBpn3yu8kf/R77zWqrE3hxu+FXY994YatTnZGpBbFn2hs/bATxuh/ZleO27wX1wKt2grBl4nAj8vySMbHv9wUGNb/VCepBOtky7ShoVqMt85OwsdH0Tc2PvShod8KsQduX1zFBqx5GTdtsScnUDzoEAOB19PT53qP73e72kzET+5ock0/MD2mQ75sBAPiKOSzXU6xUfIEJAQAAAAAAAAAAAAAAAAAAAACAY05y/99UE3PDbhaUDub84vyRtf6kYe04OuvEppkoTLtW75aIvUd/HxN87mBOb/f3x+y/tA381zekt+wcZXNmz76vc3ZvvLwD9/2dbI+OjEkXDl20cHAsZs/+r0M68fjPIxYlSZKMX31hcB/Oj9vAwYlZSU/mT3EIBk4TjJsBvIa+CAAA//9z/kFZ") r2 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) process_vm_writev(0xffffffffffffffff, &(0x7f0000000900)=[{&(0x7f0000000040)=""/147, 0x93}, {&(0x7f0000000480)=""/242, 0xf2}, {&(0x7f0000000100)=""/3, 0x3}, {&(0x7f0000000140)=""/62, 0x3e}, {&(0x7f0000000580)=""/169, 0xa9}, {&(0x7f0000000640)=""/115, 0x73}, {&(0x7f0000001c80)=""/4096, 0x1000}, {&(0x7f00000006c0)=""/252, 0xfc}, {&(0x7f00000007c0)=""/195, 0xc3}, {&(0x7f00000008c0)=""/13, 0xd}], 0xa, &(0x7f0000000c40)=[{&(0x7f00000009c0)=""/110, 0x6e}, {&(0x7f0000000b40)=""/197, 0xc5}], 0x2, 0x0) mmap(&(0x7f0000268000/0x4000)=nil, 0x4000, 0x1000002, 0x4016012, r2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9, 0x4008031, 0xffffffffffffffff, 0xbce0d000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x3, 0x0) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) 2.135221734s ago: executing program 4 (id=1308): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r2 = syz_open_pts(r1, 0x0) r3 = dup(r2) fsetxattr$security_selinux(r3, &(0x7f0000000000), &(0x7f0000000040)='system_u:object_r:mouse_device_t:s0\x00', 0x20, 0x0) 2.04623454s ago: executing program 3 (id=1310): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f00000001c0)={0x1}, 0x10) write(r2, &(0x7f0000000000)="1c0000001a005f0214f9944d000901001c23000004000003000000", 0x1b) prlimit64(0x0, 0xd, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) getpid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r4 = openat$cgroup_devices(r3, &(0x7f0000000680)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r4, &(0x7f0000000140)=ANY=[@ANYBLOB='b 75:*\tmr'], 0xa) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) recvmmsg(r5, &(0x7f0000000dc0)=[{{&(0x7f0000000240)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000000480)=[{&(0x7f00000003c0)=""/144, 0x90}, {&(0x7f00000002c0)=""/110, 0x6e}], 0x2, &(0x7f00000004c0)=""/87, 0x57}, 0x4}, {{&(0x7f0000000540)=@phonet, 0x80, &(0x7f0000000a00)=[{&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f00000006c0)=""/210, 0xd2}, {&(0x7f0000000900)=""/212, 0xd4}, {&(0x7f00000005c0)=""/174, 0xae}, {&(0x7f0000000e80)=""/103, 0x67}], 0x5}, 0x7}, {{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000a80)=""/203, 0xcb}, {&(0x7f0000000f00)=""/234, 0xea}, {&(0x7f0000000c80)=""/183, 0xb7}], 0x3}, 0x8}], 0x3, 0x0, 0x0) r6 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) preadv(r6, &(0x7f0000000340)=[{&(0x7f0000000080)=""/82, 0x52}], 0x1, 0x0, 0x0) r7 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r7, &(0x7f0000000040)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) write(r7, 0x0, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0bfc0000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0) writev(r1, &(0x7f0000000040), 0x2) r8 = socket$kcm(0x10, 0x2, 0x4) close(r8) socket$kcm(0x10, 0x2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.027831051s ago: executing program 4 (id=1311): r0 = socket$inet(0x2, 0x1, 0x6) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) prlimit64(0x0, 0xe, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) sched_setscheduler(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x8000000, 0x0, 0xfffffffffffffdc1, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x40000008, 0x0) recvmmsg(r3, 0x0, 0x0, 0x20103, 0x0) socket$rds(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) write$binfmt_elf64(r0, &(0x7f0000001340)=ANY=[], 0xa89) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000002c0)="e2b3b8c51d71eadd5df9dda251607cf2ac834ad26f541d5e9aa46cff60ba3d1ba4e90b24a30075ff6423ae78237d68331d7e125b57ef23912b3f43376608d71bd2be176d4f54c54f91176ff4e6ce2d6ad7c2eb", 0x53, 0x8c1, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000780b9ea5cb56e83f77e886019a8158abaa81bdd9993e2b10da5c31e510f0143542b1b7259f17782e2d2deeb69e610b94a9c774cbd4592f3691e7633bca2fecd166f5a1ff0e8ed73d76606939479b0e8179e0978644dae1065c145e97816550e88915c9b1a13886491dc95118ab5399e083f2e5", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18030f0000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000820000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='rxrpc_rx_rwind_change\x00', 0xffffffffffffffff, 0x0, 0xaa}, 0xfffffd24) r5 = getpid() process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x14) 1.600804001s ago: executing program 2 (id=1314): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(r3, &(0x7f0000001bc0)={0x0, 0x0, 0x0}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f0000fb1000)=[{&(0x7f0000000180)="480000001400197f09004b0101048c590288ffffff010001000000000028213ee20600d4ff5bffff00c7e5ed5e00000000000000000000eaf60d18125d4b18857a9eace3dbe8b12c", 0x48}], 0x1) recvmmsg(r4, &(0x7f0000000200)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 1.536584895s ago: executing program 2 (id=1315): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x16, 0x0, 0x4, 0x3, 0x550e, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x2, 0x9, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000008c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10) r6 = socket(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_RTHDR(r6, 0x29, 0x39, &(0x7f00000006c0)=ANY=[@ANYBLOB="3a00020f"], 0x8) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) r9 = io_uring_setup(0x734a, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r9, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mlockall(0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r6, 0x6, 0x3, &(0x7f0000000300), &(0x7f00000004c0)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r1}, &(0x7f0000000a00), &(0x7f0000000a40)=r0}, 0x20) 1.339985488s ago: executing program 0 (id=1317): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) syz_clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0], 0x1}, 0x58) 1.248762065s ago: executing program 0 (id=1319): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYRES32], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x35d, &(0x7f0000000f00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPNiDurJvyeatLzFpfr/2+4GSycw8u7OZSXk27WYv3/3yo0rJ0kp6Q6JJJRERkSuRrEQlEPEfo245IWGH8srMnz+/uL5ZTHoVaiW/8WpOKTU3/8PHn6X8bmfTcpF9//KP3O8Xz148f/nvxodlS5UtVa01lK62a7829G3TULtlq6IptWoaumWoctUy6l77d/52zNreXlPp1d3Z9F7dsCylV5uqYjRVo6Ya9abSP9DLVaVpmppNC25SPF5b0/NDBu+MeDAYk3o9r0+JSKqnpXg8kQEBAICJ6s7/o05KP0z+vyVzhcLymnI6t/P/k5fOGzPvnM75+f9Zol/+/9ov3rY68n/ndKKd/9e884PSzfn/13KH/L83I3pchs7/s2MYDIYzn+ipinQ8c/L/tP/+dR29d7LoFsj/AQAAAAAAAAAAAAAAAAAAAAB4GlzZdsa27UzwGPy0LyHwn+NBGjT/0yKSdGbfZv4fsvXNLUm6F+45c2x+sV/cL3qPfodzETHF+Mfu5qyN4Moj5cjKj+aBH3+wX5xyW/IlKTvxsiQZybrrKRRv2ytvFZaXlMePb12mlA7H5yQjz4Tjv3dXpxOf64z395+QlxdC8Zpk5KcdqYkpu25ke/+fLyn15tuFrviU209Efrv3SQEAAAAAYMQ01dL3/F3TBrV73zKSL7kfExmyKBn5u//5/WLf8/NY5oXYpI8eAAAAAIDHwWp+WtElatTdgmn2K6RkYNMICrGOmriI9O2c6KqJX7flqdAR3nY8CfHuYPJ/j+ub4FW9S1TwjxTOwFtN/h1VZLjxBMfv1kRiw09T5FDcBXAYborKLcJj3YOfdypU384LA7dz5B9Iqyb42Cgx4HWW1d7tRK9ZCfGeGjsy3AJ47qtv/xrdG+T1U38FfHJz5yPTsA/kNpPSVXB20dsUH/svHgAAAAD3rp30BzVvhJvDNxIJ3yyHv9wDAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBCY/lKv67CpI8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFL8FwAA//8GuPOT") creat(&(0x7f0000000040)='./bus\x00', 0x0) open(&(0x7f00000001c0)='./file2\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000800000000000000000001801000020bd342100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x7, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000001095"], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x6, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180200000000000000000000000000008500000017000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc0, &(0x7f0000002380)=""/192, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r5) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000840)={&(0x7f0000000400)="d18e933c028c31efbdafaad3a85893ee19d42b77c3177a487a8c55e45723c30633f13a2545dd06332f65ea812e777b152749d96a50d1acd29b1be3eb61de6425cddc195464761a8988b35cc7ec87ed7574b8280886b0c9b406c39c9d10166ae73ad2d032bdbb6dd91fd812a11141efbdeb5c1017038b9806d2857e41cc0238d9644a8174d385d4fcb1730f89ae29f3b2882bc04718bcc2008c5c753e1b09db86bec68e61c887f001bb5f4951de4f446559ac9cd57ed1319411db0e0bb5445e9abb926078fffa51c0812e83aec4f279e6837cae669dab2a677bc23034940cb29b74222b497bf436", &(0x7f0000000500), &(0x7f0000000600)="2b21bb4f2d69e35490f4dcaddc273415953adee4039f6815e0f33c1065a6", &(0x7f0000000740)="a03045aaadf3e33007f2c169d774cff172b66caf50e04e20367f2935b95a7755089bd690f3f2f3c497525e793d6e81163b62d8248f13f459e8e49d7cf66d845ed7ed68abbc8e3c8a5ee28a71b5b4c8ff598797bdc653ef7831ec180832621cb241a7aa4fa472176135607de28e658636eae4b4b2ec6fadb777353f50c5a3dbf4b6fbf90facb0fc5297ba78545df7c5c6489e95e3dc655e0021e55ce4b98b575d42c5673b38e8c6e2f840bbd7047707b533f2ca0f311ba190e868ce0658f155b751875d", 0xffffffff, r2, 0x4}, 0x38) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) 1.174144469s ago: executing program 3 (id=1321): socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="0200000004000000080000000c"], 0x50) r0 = add_key$keyring(&(0x7f0000000240), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000007c0)={&(0x7f0000000c80)=ANY=[@ANYBLOB="9feb010018000000000000002c0000002c00000002000000000000000100000d000000000500000004000000010000000000000a000000000300000000000008000000000000"], 0x0, 0x46, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$setperm(0x5, r1, 0x0) keyctl$describe(0x6, r1, 0x0, 0x0) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) keyctl$get_security(0x11, r0, &(0x7f00000008c0)=""/217, 0xd9) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1bc0000000000000000000000000800092535ed98c", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_clone3(&(0x7f00000004c0)={0x80, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, &(0x7f0000000600)=[0x0, 0x0], 0x2}, 0x58) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_mptcp_buf(r6, 0x11c, 0x3, &(0x7f0000000400)=""/113, &(0x7f0000000480)=0x71) bpf$MAP_CREATE(0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB="0500000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000e7b368f2597958e2c26a67a68722117b09fed210a016ab7e09e5059806150282010c88c66a08001fb55adcc65dd1dba53b46053850d83409a7244e82d7610c7528b8d2", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[], 0x18}}], 0x1, 0x0) sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="8119e3122e", @ANYRES32=r3, @ANYBLOB], 0x1c}}, 0x0) write$nci(r2, &(0x7f0000001000)=ANY=[@ANYBLOB="40018100070700003cfa4bed568829a40da7931c0a7572ca3957596c674897cb8b2fdd9730eae2efe3ca52f0854b1be22c639df9b51b19fce25d4d8f174d19e07e090003fcd63ba00800fea10400000047a2efc06cddc93709480e8676a18282efda3d6a9f789c1069afef50a09a27c5652569387eb61083b3af2f78630735a8c04626db415e9c956c073208e7cc8095bf7dd565f1fc3effba75e5d90010f08141db42d341ad1974af9505a401744ba1a852c97029fd1b2c3498f3c0ef85785d360f4e625606a8dd625373a56b76a8b4ba978f54baa3c0d11b29ffdd08c3f1f7985df0e1e7a166f68c768a7d689597ff9900f24b3876548611349062e071f7"], 0x50) 1.143319512s ago: executing program 0 (id=1322): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r2 = syz_open_pts(r1, 0x0) r3 = dup(r2) fsetxattr$security_selinux(r3, &(0x7f0000000000), &(0x7f0000000040)='system_u:object_r:mouse_device_t:s0\x00', 0x20, 0x0) 1.117852564s ago: executing program 0 (id=1323): perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x9, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x20081e, &(0x7f0000000040)={[{@nodelalloc}, {@orlov}, {@auto_da_alloc}]}, 0x1, 0x4ef, &(0x7f00000003c0)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOonbRlUXUFYIoUqILkFqQ+JGUew4ip3ShC7S/4BEJVaw5Aew7oo9GwQ7NmWBxEcEaiqxMLrXN6mb2k1oEjuKn0e6uvfcY/s9J849x36d+AQwsC5FxE5EjEbE/YiYys7nsi1ut7bkdi92Hy/u7T5ezEWzefefubQ+ORdt90m8lz1mISJ+9L2In+bejFvf2l5dqFTKG63i+Eyjuj5T39q+ulJdWC4vl9dKpfm5+dmb126UTq2vn1RHs6MvP//Dzrd+njRrMjvT3o/T1Or6yEGcxHBE/OAsgvXBUNaf0X43hHeSj4iPIuLT9PqfiqH02QQALrJmcyqaU+1lAOCiy6c5sFy+mOUCJiOfLxZbObyPYyJfqdUbVx7UNteWWrmy6RjJP1iplGezXOF0jOSS8lx6/KpcOlS+FhEfRsQvxsbTcnGxVlnq5wsfABhg7x2a//8z1pr/AYALrtDvBgAAPWf+B4DBY/4HgMFj/geAwWP+B4DBY/4HgMFj/geAgfLDO3eSrbmXff/10sOtzdXaw6tL5fpqsbq5WFysbawXl2u15fQ7e6pHPV6lVlufux6bj6a/vV5vzNS3tu9Va5trjXvp93rfK4/0pFcAwNt8+MmzP+ciYufWeLpF21oO5mq42PL9bgDQN0P9bgDQN1b7gsF1gvf40gNwQXRYovc1hYgYP3yy2Ww2z65JwBm7/AX5fxhUbfl/fwUMA0b+HwaX/D8MrmYzd9w1/+O4NwQAzjc5fqDL5/8fZfvfZh8O/GTp8C2enmWrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HzbX/+3mK0FPhn5fLEY8X5ETMdI7sFKpTwbER9ExJ/GRsaS8lyf2wwAnFT+b7ls/a/LU59NHq4dzb0cS/cR8bNf3f3lo4VGY+OPyfl/HZxvPM3Ol/rRfgDgKPvzdLpveyP/Yvfx4v7Wy/b8/bsRUWjF39sdjb2D+MMxnO4LMRIRE//OZeWWXFvu4iR2nkTE5zv1PxeTaQ6ktfLp4fhJ7Pd7Gj//Wvx8WtfaJz+Lz51CW2DQPEvGn9udrr98XEr3na//QjpCnVw2/iUPtbiXjoGv4u+Pf0Ndxr9Lx41x/fffbx2Nv1n3JOKLwxH7sffaxp/9+Lku8T87Zvy/fOkrn3ara/464nJ0jt8ea6ZRXZ+pb21fXakuLJeXy2ul0vzc/OzNazdKM2mOeqb7bPCPW1c+6FaX9H+iS/zCEf3/+jH7/5v/3v/xV98S/5tf6xQ/Hx+/JX4yJ37jmPEXJn5X6FaXxF/q0v+jnv8rx4z//K/bbywbDgD0T31re3WhUilv9PJg/4VET4M6uAAHyW/NOWhGx4Pv9CrWaPxf92o23ylWtxHjNLJuwHlwcNFHxMt+NwYAAAAAAAAAAAAAAOioF/+x1O8+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9LwAA//89fM7W") bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) connect$pppoe(r0, &(0x7f0000000500)={0x18, 0x0, {0x2, @empty, 'veth1_to_batadv\x00'}}, 0x1e) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x2, @local, 'team_slave_1\x00'}}, 0x1e) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x0, @local, 'bond_slave_0\x00'}}, 0x1e) 1.096650805s ago: executing program 2 (id=1325): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(r3, &(0x7f0000001bc0)={0x0, 0x0, 0x0}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f0000fb1000)=[{&(0x7f0000000180)="480000001400197f09004b0101048c590288ffffff010001000000000028213ee20600d4ff5bffff00c7e5ed5e00000000000000000000eaf60d18125d4b18857a9eace3dbe8b12c", 0x48}], 0x1) recvmmsg(r4, &(0x7f0000000200)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 1.039055289s ago: executing program 4 (id=1326): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) r0 = getpgid(0xffffffffffffffff) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000080)=0x7) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) pipe2$9p(0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000000)={0x11, @rand_addr, 0x0, 0x0, 'none\x00'}, 0x2c) getsockopt$IP_VS_SO_GET_SERVICE(r2, 0x0, 0x483, 0x0, &(0x7f0000000180)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000015c0)=ANY=[@ANYRES32, @ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x2000000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f0000000080), 0x0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x3f8, 0x1c0, 0x43, 0xa0, 0x0, 0x98, 0x360, 0x178, 0x178, 0x360, 0x178, 0x49, 0x0, {[{{@ip={@empty=0x5107, @multicast2, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1a0, 0x1c0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@connbytes={{0x38}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x168, 0x1a0, 0x0, {}, [@common=@unspec=@connbytes={{0x38}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@multicast1, [], @ipv6=@loopback, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, [], @ipv4=@multicast1}}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x468) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)) ioctl$TIOCL_GETMOUSEREPORTING(r3, 0x5412, 0x0) 1.038413629s ago: executing program 2 (id=1327): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = socket(0x840000000002, 0x3, 0xff) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@fallback=r0, 0x0, 0x0, 0x5, &(0x7f00000001c0)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) setsockopt$inet_int(r2, 0x0, 0x16, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) sendmmsg$inet(r2, 0x0, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, 0x0, 0x20004805) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000), 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0xffffffffffffffb1, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x55, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdf9, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETSTEERINGEBPF(r3, 0x800454e0, &(0x7f00000003c0)) ioctl$TUNSETIFF(r6, 0x400454da, &(0x7f0000000140)={'bond0\x00'}) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000100)={'nicvf0\x00', 0x1432}) getsockname$packet(r2, &(0x7f0000000080), &(0x7f0000000180)=0x14) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000100)=@ethtool_link_settings={0x2}}) 1.034705939s ago: executing program 3 (id=1328): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socket$inet6(0xa, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001a80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011"], 0xe4}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d00)={&(0x7f00000001c0)='fib6_table_lookup\x00', r0, 0x0, 0x5}, 0x18) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0500000004000000008000005c00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000ac0002db0000000000000000809500"/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000001c0), r3) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0xb, 0xffffffffffffffff, 0x1) getpid() syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) fallocate(r4, 0x0, 0x0, 0x10fff9) ftruncate(0xffffffffffffffff, 0x1) ioctl$EXT4_IOC_MOVE_EXT(r4, 0xc028660f, &(0x7f0000000040)={0xc}) 1.005145201s ago: executing program 0 (id=1329): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) syz_clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0], 0x1}, 0x58) 864.980761ms ago: executing program 0 (id=1331): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) getpgid(0xffffffffffffffff) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x11, @rand_addr, 0x0, 0x0, 'none\x00'}, 0x2c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x3f8, 0x1c0, 0x43, 0xa0, 0x0, 0x98, 0x360, 0x178, 0x178, 0x360, 0x178, 0x49, 0x0, {[{{@ip={@empty=0x5107, @multicast2, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1a0, 0x1c0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@connbytes={{0x38}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x168, 0x1a0, 0x0, {}, [@common=@unspec=@connbytes={{0x38}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@multicast1, [], @ipv6=@loopback, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, [], @ipv4=@multicast1}}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x468) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, 0x0) 863.975911ms ago: executing program 2 (id=1332): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000340)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4739}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@norecovery}, {@user_xattr}]}, 0xfd, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") sched_setscheduler(0x0, 0x1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xf8f, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x16, &(0x7f00000001c0)=@raw=[@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @map_idx={0x18, 0x6, 0x5, 0x0, 0xf}, @exit], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10) shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000080)=""/166) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) brk(0x55555ede6000) listxattr(&(0x7f0000000a00)='./file1\x00', 0x0, 0x0) 806.077965ms ago: executing program 3 (id=1334): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4) sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) write$nci(r0, &(0x7f00000007c0)=@NCI_OP_RF_INTF_ACTIVATED_NTF={0x1, 0x0, 0x3, 0x5, 0x1, @v={0x3, 0x3, 0x3, 0x6, 0x2, 0x4, 0x6b, {0x7f, 0x6, "beacfe46fd18176d"}, 0x6, 0x80, 0x1f, 0x1f, 0x1, "ad"}}, 0x1a) 805.041425ms ago: executing program 1 (id=1335): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) open(&(0x7f0000000080)='./bus\x00', 0x143c62, 0x0) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,') (fail_nth: 15) 649.740335ms ago: executing program 2 (id=1336): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x16, 0x0, 0x4, 0x3, 0x550e, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x2, 0x9, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000008c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10) r6 = socket(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_RTHDR(r6, 0x29, 0x39, &(0x7f00000006c0)=ANY=[@ANYBLOB="3a00020f"], 0x8) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) r9 = io_uring_setup(0x734a, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r9, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mlockall(0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r6, 0x6, 0x3, &(0x7f0000000300), &(0x7f00000004c0)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r1}, &(0x7f0000000a00), &(0x7f0000000a40)=r0}, 0x20) 568.170111ms ago: executing program 3 (id=1337): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) r0 = getpgid(0xffffffffffffffff) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000080)=0x7) pipe2$9p(0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x11, @rand_addr, 0x0, 0x0, 'none\x00'}, 0x2c) getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, 0x0, &(0x7f0000000180)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000015c0)=ANY=[@ANYRES32, @ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x2000000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f0000000080), 0x0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x3f8, 0x1c0, 0x43, 0xa0, 0x0, 0x98, 0x360, 0x178, 0x178, 0x360, 0x178, 0x49, 0x0, {[{{@ip={@empty=0x5107, @multicast2, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1a0, 0x1c0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@connbytes={{0x38}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x168, 0x1a0, 0x0, {}, [@common=@unspec=@connbytes={{0x38}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@multicast1, [], @ipv6=@loopback, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, [], @ipv4=@multicast1}}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x468) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000080)) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, 0x0) 372.366084ms ago: executing program 1 (id=1338): socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="0200000004000000080000000c"], 0x50) r0 = add_key$keyring(&(0x7f0000000240), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000007c0)={&(0x7f0000000c80)=ANY=[@ANYBLOB="9feb010018000000000000002c0000002c00000002000000000000000100000d000000000500000004000000010000000000000a000000000300000000000008000000000000"], 0x0, 0x46, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$setperm(0x5, r1, 0x0) keyctl$describe(0x6, r1, 0x0, 0x0) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) keyctl$get_security(0x11, r0, &(0x7f00000008c0)=""/217, 0xd9) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1bc0000000000000000000000000800092535ed98c", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_clone3(&(0x7f00000004c0)={0x80, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, &(0x7f0000000600)=[0x0, 0x0], 0x2}, 0x58) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_mptcp_buf(r6, 0x11c, 0x3, &(0x7f0000000400)=""/113, &(0x7f0000000480)=0x71) bpf$MAP_CREATE(0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB="0500000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000e7b368f2597958e2c26a67a68722117b09fed210a016ab7e09e5059806150282010c88c66a08001fb55adcc65dd1dba53b46053850d83409a7244e82d7610c7528b8d2", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[], 0x18}}], 0x1, 0x0) sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="8119e3122e", @ANYRES32=r3, @ANYBLOB], 0x1c}}, 0x0) write$nci(r2, &(0x7f0000001000)=ANY=[@ANYBLOB="40018100070700003cfa4bed568829a40da7931c0a7572ca3957596c674897cb8b2fdd9730eae2efe3ca52f0854b1be22c639df9b51b19fce25d4d8f174d19e07e090003fcd63ba00800fea10400000047a2efc06cddc93709480e8676a18282efda3d6a9f789c1069afef50a09a27c5652569387eb61083b3af2f78630735a8c04626db415e9c956c073208e7cc8095bf7dd565f1fc3effba75e5d90010f08141db42d341ad1974af9505a401744ba1a852c97029fd1b2c3498f3c0ef85785d360f4e625606a8dd625373a56b76a8b4ba978f54baa3c0d11b29ffdd08c3f1f7985df0e1e7a166f68c768a7d689597ff9900f24b3876548611349062e071f7"], 0x50) 343.713546ms ago: executing program 3 (id=1339): r0 = socket$inet(0x2, 0x1, 0x6) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) prlimit64(0x0, 0xe, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) sched_setscheduler(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x8000000, 0x0, 0xfffffffffffffdc1, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x40000008, 0x0) recvmmsg(r3, 0x0, 0x0, 0x20103, 0x0) socket$rds(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) write$binfmt_elf64(r0, &(0x7f0000001340)=ANY=[], 0xa89) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000002c0)="e2b3b8c51d71eadd5df9dda251607cf2ac834ad26f541d5e9aa46cff60ba3d1ba4e90b24a30075ff6423ae78237d68331d7e125b57ef23912b3f43376608d71bd2be176d4f54c54f91176ff4e6ce2d6ad7c2eb", 0x53, 0x8c1, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000780b9ea5cb56e83f77e886019a8158abaa81bdd9993e2b10da5c31e510f0143542b1b7259f17782e2d2deeb69e610b94a9c774cbd4592f3691e7633bca2fecd166f5a1ff0e8ed73d76606939479b0e8179e0978644dae1065c145e97816550e88915c9b1a13886491dc95118ab5399e083f2e5", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18030f0000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000820000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='rxrpc_rx_rwind_change\x00', 0xffffffffffffffff, 0x0, 0xaa}, 0xfffffd24) r5 = getpid() process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x14) 206.250266ms ago: executing program 1 (id=1340): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000001e00100000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000fcffffffb702000004000000b7030000000000de85000000040000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000280)={@local, @link_local, @val, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 181.668607ms ago: executing program 4 (id=1341): perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x9, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x20081e, &(0x7f0000000040)={[{@nodelalloc}, {@orlov}, {@auto_da_alloc}]}, 0x1, 0x4ef, &(0x7f00000003c0)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOonbRlUXUFYIoUqILkFqQ+JGUew4ip3ShC7S/4BEJVaw5Aew7oo9GwQ7NmWBxEcEaiqxMLrXN6mb2k1oEjuKn0e6uvfcY/s9J849x36d+AQwsC5FxE5EjEbE/YiYys7nsi1ut7bkdi92Hy/u7T5ezEWzefefubQ+ORdt90m8lz1mISJ+9L2In+bejFvf2l5dqFTKG63i+Eyjuj5T39q+ulJdWC4vl9dKpfm5+dmb126UTq2vn1RHs6MvP//Dzrd+njRrMjvT3o/T1Or6yEGcxHBE/OAsgvXBUNaf0X43hHeSj4iPIuLT9PqfiqH02QQALrJmcyqaU+1lAOCiy6c5sFy+mOUCJiOfLxZbObyPYyJfqdUbVx7UNteWWrmy6RjJP1iplGezXOF0jOSS8lx6/KpcOlS+FhEfRsQvxsbTcnGxVlnq5wsfABhg7x2a//8z1pr/AYALrtDvBgAAPWf+B4DBY/4HgMFj/geAwWP+B4DBY/4HgMFj/geAgfLDO3eSrbmXff/10sOtzdXaw6tL5fpqsbq5WFysbawXl2u15fQ7e6pHPV6lVlufux6bj6a/vV5vzNS3tu9Va5trjXvp93rfK4/0pFcAwNt8+MmzP+ciYufWeLpF21oO5mq42PL9bgDQN0P9bgDQN1b7gsF1gvf40gNwQXRYovc1hYgYP3yy2Ww2z65JwBm7/AX5fxhUbfl/fwUMA0b+HwaX/D8MrmYzd9w1/+O4NwQAzjc5fqDL5/8fZfvfZh8O/GTp8C2enmWrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HzbX/+3mK0FPhn5fLEY8X5ETMdI7sFKpTwbER9ExJ/GRsaS8lyf2wwAnFT+b7ls/a/LU59NHq4dzb0cS/cR8bNf3f3lo4VGY+OPyfl/HZxvPM3Ol/rRfgDgKPvzdLpveyP/Yvfx4v7Wy/b8/bsRUWjF39sdjb2D+MMxnO4LMRIRE//OZeWWXFvu4iR2nkTE5zv1PxeTaQ6ktfLp4fhJ7Pd7Gj//Wvx8WtfaJz+Lz51CW2DQPEvGn9udrr98XEr3na//QjpCnVw2/iUPtbiXjoGv4u+Pf0Ndxr9Lx41x/fffbx2Nv1n3JOKLwxH7sffaxp/9+Lku8T87Zvy/fOkrn3ara/464nJ0jt8ea6ZRXZ+pb21fXakuLJeXy2ul0vzc/OzNazdKM2mOeqb7bPCPW1c+6FaX9H+iS/zCEf3/+jH7/5v/3v/xV98S/5tf6xQ/Hx+/JX4yJ37jmPEXJn5X6FaXxF/q0v+jnv8rx4z//K/bbywbDgD0T31re3WhUilv9PJg/4VET4M6uAAHyW/NOWhGx4Pv9CrWaPxf92o23ylWtxHjNLJuwHlwcNFHxMt+NwYAAAAAAAAAAAAAAOioF/+x1O8+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9LwAA//89fM7W") bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) connect$pppoe(r0, &(0x7f0000000500)={0x18, 0x0, {0x2, @empty, 'veth1_to_batadv\x00'}}, 0x1e) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x2, @local, 'team_slave_1\x00'}}, 0x1e) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x0, @local, 'bond_slave_0\x00'}}, 0x1e) 126.042781ms ago: executing program 1 (id=1342): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000800000000000000000001801000020bd342100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x74}}, 0x0) 70.741075ms ago: executing program 1 (id=1343): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(r3, &(0x7f0000001bc0)={0x0, 0x0, 0x0}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f0000fb1000)=[{&(0x7f0000000180)="480000001400197f09004b0101048c590288ffffff010001000000000028213ee20600d4ff5bffff00c7e5ed5e00000000000000000000eaf60d18125d4b18857a9eace3dbe8b12c", 0x48}], 0x1) recvmmsg(r4, &(0x7f0000000200)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 27.044908ms ago: executing program 1 (id=1344): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = socket(0x840000000002, 0x3, 0xff) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@fallback=r0, 0x0, 0x0, 0x5, &(0x7f00000001c0)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) setsockopt$inet_int(r2, 0x0, 0x16, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) sendmmsg$inet(r2, 0x0, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, 0x0, 0x20004805) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000), 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0xffffffffffffffb1, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x55, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdf9, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, &(0x7f00000001c0)={'bond_slave_0\x00'}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETSTEERINGEBPF(r3, 0x800454e0, &(0x7f00000003c0)) ioctl$TUNSETIFF(r6, 0x400454da, &(0x7f0000000140)={'bond0\x00'}) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000100)={'nicvf0\x00', 0x1432}) getsockname$packet(r2, &(0x7f0000000080), &(0x7f0000000180)=0x14) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000100)=@ethtool_link_settings={0x2}}) 0s ago: executing program 4 (id=1345): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r2 = syz_open_pts(r1, 0x0) r3 = dup(r2) fsetxattr$security_selinux(r3, &(0x7f0000000000), &(0x7f0000000040)='system_u:object_r:mouse_device_t:s0\x00', 0x20, 0x0) kernel console output (not intermixed with test programs): 71.365263][ T8315] loop2: detected capacity change from 0 to 512 [ 71.371843][ T8315] EXT4-fs: Invalid want_extra_isize 1 [ 71.417570][ T8346] loop2: detected capacity change from 0 to 512 [ 71.422812][ T8343] 9pnet: Could not find request transport: 0xffffffffffffffff [ 71.424504][ T8346] ext4: Unknown parameter 'dont_hash' [ 71.518271][ T8366] syz.0.698[8366] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 71.518406][ T8366] syz.0.698[8366] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 71.834158][ T8425] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 71.851994][ T8425] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 71.859441][ T8425] vhci_hcd vhci_hcd.0: Device attached [ 72.063817][ T3336] vhci_hcd: vhci_device speed not set [ 72.133851][ T3336] usb 7-1: new full-speed USB device number 2 using vhci_hcd [ 72.206839][ T8438] Cannot find add_set index 0 as target [ 72.372801][ T8455] loop2: detected capacity change from 0 to 512 [ 72.377313][ T8457] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 72.411372][ T8455] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.425234][ T8455] ext4 filesystem being mounted at /140/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 72.436037][ T29] kauditd_printk_skb: 291 callbacks suppressed [ 72.436050][ T29] audit: type=1326 audit(1726282603.474:2999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8454 comm="syz.2.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fca6f17c890 code=0x7ffc0000 [ 72.465709][ T29] audit: type=1326 audit(1726282603.474:3000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8454 comm="syz.2.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7fca6f17cc77 code=0x7ffc0000 [ 72.474393][ T3262] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.489204][ T29] audit: type=1326 audit(1726282603.474:3001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8454 comm="syz.2.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fca6f17c890 code=0x7ffc0000 [ 72.521954][ T29] audit: type=1326 audit(1726282603.474:3002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8454 comm="syz.2.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca6f17def9 code=0x7ffc0000 [ 72.545570][ T29] audit: type=1326 audit(1726282603.474:3003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8454 comm="syz.2.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca6f17def9 code=0x7ffc0000 [ 72.568986][ T29] audit: type=1326 audit(1726282603.474:3004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8454 comm="syz.2.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7fca6f17def9 code=0x7ffc0000 [ 72.574521][ T8468] loop2: detected capacity change from 0 to 512 [ 72.592382][ T29] audit: type=1326 audit(1726282603.474:3005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8454 comm="syz.2.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca6f17def9 code=0x7ffc0000 [ 72.592417][ T29] audit: type=1326 audit(1726282603.474:3006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8454 comm="syz.2.710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca6f17def9 code=0x7ffc0000 [ 72.603455][ T8468] EXT4-fs: Ignoring removed orlov option [ 72.657070][ T8468] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.670501][ T8468] ext4 filesystem being mounted at /141/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 72.680861][ T8430] vhci_hcd: connection reset by peer [ 72.686307][ T3972] vhci_hcd: stop threads [ 72.690617][ T3972] vhci_hcd: release socket [ 72.690631][ T3972] vhci_hcd: disconnect device [ 72.728776][ T3262] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.817530][ T8484] 9pnet: Could not find request transport: 0xffffffffffffffff [ 72.851044][ T8487] Cannot find add_set index 0 as target [ 73.347667][ T8500] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 73.393028][ T29] audit: type=1326 audit(1726282604.414:3007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8507 comm="syz.0.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c2d28def9 code=0x7ffc0000 [ 73.416571][ T29] audit: type=1326 audit(1726282604.414:3008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8507 comm="syz.0.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c2d28def9 code=0x7ffc0000 [ 73.467292][ T8521] loop4: detected capacity change from 0 to 512 [ 73.496226][ T8521] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.509287][ T8521] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 73.509320][ T50] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 73.550540][ T3264] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.585136][ T8553] Â: renamed from wg0 (while UP) [ 73.587479][ T8552] loop4: detected capacity change from 0 to 512 [ 73.597670][ T8552] EXT4-fs: Ignoring removed orlov option [ 73.620530][ T8561] syz.3.729[8561] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.620633][ T8561] syz.3.729[8561] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.638902][ T8552] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.664146][ T8552] ext4 filesystem being mounted at /126/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 73.669392][ T8567] netlink: 20 bytes leftover after parsing attributes in process `+}[@'. [ 73.707063][ T8571] Cannot find add_set index 0 as target [ 73.783874][ T3264] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.843364][ T8585] loop3: detected capacity change from 0 to 512 [ 73.847879][ T8587] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 73.875607][ T8585] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.735: corrupted in-inode xattr: invalid ea_ino [ 73.896913][ T8585] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.735: couldn't read orphan inode 15 (err -117) [ 73.910246][ T8584] FAULT_INJECTION: forcing a failure. [ 73.910246][ T8584] name failslab, interval 1, probability 0, space 0, times 0 [ 73.923088][ T8584] CPU: 0 UID: 0 PID: 8584 Comm: syz.0.736 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 73.933743][ T8584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 73.943897][ T8584] Call Trace: [ 73.947191][ T8584] [ 73.950113][ T8584] dump_stack_lvl+0xf2/0x150 [ 73.954706][ T8584] dump_stack+0x15/0x20 [ 73.958929][ T8584] should_fail_ex+0x229/0x230 [ 73.963643][ T8584] ? sidtab_sid2str_get+0xb8/0x140 [ 73.968806][ T8584] should_failslab+0x8f/0xb0 [ 73.973569][ T8584] __kmalloc_node_track_caller_noprof+0xa6/0x380 [ 73.977264][ T8585] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.979891][ T8584] kmemdup_noprof+0x2a/0x60 [ 73.996788][ T8584] sidtab_sid2str_get+0xb8/0x140 [ 74.001814][ T8584] security_sid_to_context_core+0x1eb/0x2f0 [ 74.007771][ T8584] security_sid_to_context+0x27/0x30 [ 74.013054][ T8584] avc_audit_post_callback+0x9d/0x530 [ 74.018586][ T8584] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 74.024563][ T8584] common_lsm_audit+0x7d3/0xfc0 [ 74.029401][ T8584] ? avc_denied+0xf1/0x110 [ 74.033840][ T8584] slow_avc_audit+0xf9/0x140 [ 74.038496][ T8584] avc_has_perm+0x129/0x160 [ 74.043045][ T8584] file_has_perm+0x347/0x390 [ 74.047804][ T8584] file_map_prot_check+0x18e/0x210 [ 74.052905][ T8584] selinux_mmap_file+0x1a0/0x1e0 [ 74.057847][ T8584] ? __pfx_selinux_mmap_file+0x10/0x10 [ 74.063464][ T8584] security_mmap_file+0x113/0x150 [ 74.068575][ T8584] vm_mmap_pgoff+0x90/0x290 [ 74.073169][ T8584] ksys_mmap_pgoff+0x2ea/0x340 [ 74.078064][ T8584] x64_sys_call+0x1884/0x2d60 [ 74.082799][ T8584] do_syscall_64+0xc9/0x1c0 [ 74.087332][ T8584] ? clear_bhb_loop+0x55/0xb0 [ 74.092063][ T8584] ? clear_bhb_loop+0x55/0xb0 [ 74.096727][ T8584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.102737][ T8584] RIP: 0033:0x7f5c2d28def9 [ 74.107159][ T8584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.126820][ T8584] RSP: 002b:00007f5c2bf01038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 74.135225][ T8584] RAX: ffffffffffffffda RBX: 00007f5c2d445f80 RCX: 00007f5c2d28def9 [ 74.143182][ T8584] RDX: 0000000003000006 RSI: 0000000000800000 RDI: 0000000020800000 [ 74.151142][ T8584] RBP: 00007f5c2bf01090 R08: ffffffffffffffff R09: 0000000180000000 [ 74.159139][ T8584] R10: 0000000000042031 R11: 0000000000000246 R12: 0000000000000002 [ 74.167096][ T8584] R13: 0000000000000000 R14: 00007f5c2d445f80 R15: 00007ffd2d9a9c98 [ 74.175122][ T8584] [ 74.185513][ T8592] 9pnet_fd: Insufficient options for proto=fd [ 74.278182][ T8604] netlink: 48 bytes leftover after parsing attributes in process `syz.0.739'. [ 74.366748][ T8614] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 74.421859][ T8625] loop2: detected capacity change from 0 to 128 [ 74.463135][ T8625] netlink: 4 bytes leftover after parsing attributes in process `syz.2.745'. [ 74.483294][ T8625] netlink: 4 bytes leftover after parsing attributes in process `syz.2.745'. [ 74.519962][ T8635] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 74.643229][ T3974] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 74.686373][ T8664] loop1: detected capacity change from 0 to 128 [ 74.703057][ T8661] netlink: 132 bytes leftover after parsing attributes in process `syz.2.751'. [ 74.705461][ T8664] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 74.726082][ T8668] FAULT_INJECTION: forcing a failure. [ 74.726082][ T8668] name failslab, interval 1, probability 0, space 0, times 0 [ 74.732005][ T8664] ext4 filesystem being mounted at /42/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 74.739229][ T8668] CPU: 0 UID: 0 PID: 8668 Comm: syz.2.753 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 74.739256][ T8668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 74.739267][ T8668] Call Trace: [ 74.739274][ T8668] [ 74.739282][ T8668] dump_stack_lvl+0xf2/0x150 [ 74.790527][ T7447] EXT4-fs error (device loop3): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 74.792216][ T8668] dump_stack+0x15/0x20 [ 74.796119][ T7447] EXT4-fs error (device loop3): ext4_lookup:1815: inode #2: comm syz-executor: deleted inode referenced: 15 [ 74.798388][ T8668] should_fail_ex+0x229/0x230 [ 74.803186][ T7447] EXT4-fs error (device loop3): ext4_lookup:1815: inode #2: comm syz-executor: deleted inode referenced: 15 [ 74.823056][ T8668] ? skb_clone+0x154/0x1f0 [ 74.823083][ T8668] should_failslab+0x8f/0xb0 [ 74.863726][ T8668] kmem_cache_alloc_noprof+0x4c/0x290 [ 74.869153][ T8668] skb_clone+0x154/0x1f0 [ 74.873442][ T8668] dev_queue_xmit_nit+0x149/0x620 [ 74.878463][ T8668] dev_hard_start_xmit+0xcc/0x3f0 [ 74.883469][ T8668] ? validate_xmit_skb+0x658/0x8d0 [ 74.888580][ T8668] __dev_queue_xmit+0xfd4/0x1fe0 [ 74.893602][ T8668] ? __dev_queue_xmit+0x161/0x1fe0 [ 74.898708][ T8668] ? should_fail_ex+0xd7/0x230 [ 74.903456][ T8668] ? __skb_clone+0x2d0/0x2f0 [ 74.908104][ T8668] __netlink_deliver_tap+0x39f/0x4c0 [ 74.913381][ T8668] netlink_unicast+0x64a/0x670 [ 74.918350][ T8668] netlink_sendmsg+0x5cc/0x6e0 [ 74.923157][ T8668] ? __pfx_netlink_sendmsg+0x10/0x10 [ 74.928449][ T8668] __sock_sendmsg+0x140/0x180 [ 74.933267][ T8668] ____sys_sendmsg+0x312/0x410 [ 74.938023][ T8668] __sys_sendmsg+0x1e9/0x280 [ 74.942607][ T8668] __x64_sys_sendmsg+0x46/0x50 [ 74.947437][ T8668] x64_sys_call+0x2689/0x2d60 [ 74.952276][ T8668] do_syscall_64+0xc9/0x1c0 [ 74.956881][ T8668] ? clear_bhb_loop+0x55/0xb0 [ 74.961539][ T8668] ? clear_bhb_loop+0x55/0xb0 [ 74.966223][ T8668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.972278][ T8668] RIP: 0033:0x7fca6f17def9 [ 74.976680][ T8668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.996296][ T8668] RSP: 002b:00007fca6ddf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 75.004761][ T8668] RAX: ffffffffffffffda RBX: 00007fca6f335f80 RCX: 00007fca6f17def9 [ 75.012715][ T8668] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 75.020667][ T8668] RBP: 00007fca6ddf7090 R08: 0000000000000000 R09: 0000000000000000 [ 75.028708][ T8668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 75.036832][ T8668] R13: 0000000000000000 R14: 00007fca6f335f80 R15: 00007ffc14c01108 [ 75.044811][ T8668] [ 75.076717][ T6145] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 75.105374][ T8676] loop1: detected capacity change from 0 to 512 [ 75.112365][ T8676] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 75.127177][ T8676] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.139815][ T8676] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 75.165593][ T8676] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #17: comm syz.1.756: corrupted inode contents [ 75.183151][ T8676] EXT4-fs error (device loop1): ext4_dirty_inode:6014: inode #17: comm syz.1.756: mark_inode_dirty error [ 75.196244][ T8676] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #17: comm syz.1.756: corrupted inode contents [ 75.230174][ T8688] loop2: detected capacity change from 0 to 512 [ 75.238136][ T8676] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3007: inode #17: comm syz.1.756: mark_inode_dirty error [ 75.250439][ T8676] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3010: inode #17: comm syz.1.756: mark inode dirty (error -117) [ 75.256499][ T8688] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.263561][ T8676] EXT4-fs warning (device loop1): ext4_evict_inode:271: xattr delete (err -117) [ 75.277467][ T8688] ext4 filesystem being mounted at /156/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 75.306485][ T6145] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.374549][ T3262] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.605309][ T8732] netlink: 20 bytes leftover after parsing attributes in process `+}[@'. [ 75.613575][ T8734] loop1: detected capacity change from 0 to 128 [ 75.629366][ T8734] netlink: 4 bytes leftover after parsing attributes in process `syz.1.766'. [ 75.638869][ T8734] netlink: 4 bytes leftover after parsing attributes in process `syz.1.766'. [ 75.699726][ T8750] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 75.732471][ T8755] netlink: 'syz.4.771': attribute type 14 has an invalid length. [ 75.745290][ T3984] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 75.899252][ T8782] netlink: 160 bytes leftover after parsing attributes in process `syz.1.777'. [ 75.913420][ T8782] rdma_rxe: rxe_newlink: failed to add gre0 [ 76.121307][ T8794] netlink: 4 bytes leftover after parsing attributes in process `syz.0.781'. [ 76.149327][ T8796] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 76.269130][ T3984] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 76.311991][ T8819] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=30768 sclass=netlink_route_socket pid=8819 comm=syz.2.789 [ 76.338305][ T7447] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.355389][ T3974] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.397302][ T3974] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.415938][ T8826] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 76.461751][ T3974] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.517074][ T3974] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.610149][ T3974] bridge_slave_1: left allmulticast mode [ 76.616158][ T3974] bridge_slave_1: left promiscuous mode [ 76.622288][ T3974] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.632531][ T3974] bridge_slave_0: left allmulticast mode [ 76.638523][ T3974] bridge_slave_0: left promiscuous mode [ 76.644661][ T3974] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.947285][ T3974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 76.957074][ T8903] FAULT_INJECTION: forcing a failure. [ 76.957074][ T8903] name failslab, interval 1, probability 0, space 0, times 0 [ 76.969857][ T8903] CPU: 0 UID: 0 PID: 8903 Comm: syz.4.804 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 76.980564][ T8903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 76.990750][ T8903] Call Trace: [ 76.994027][ T8903] [ 76.996962][ T8903] dump_stack_lvl+0xf2/0x150 [ 77.001722][ T8903] dump_stack+0x15/0x20 [ 77.005905][ T8903] should_fail_ex+0x229/0x230 [ 77.010583][ T8903] ? asymmetric_lookup_restriction+0x7c/0x370 [ 77.016677][ T8903] should_failslab+0x8f/0xb0 [ 77.021339][ T8903] __kmalloc_node_track_caller_noprof+0xa6/0x380 [ 77.027704][ T8903] kstrndup+0x3f/0x90 [ 77.031742][ T8903] asymmetric_lookup_restriction+0x7c/0x370 [ 77.037620][ T8903] ? __pfx_asymmetric_lookup_restriction+0x10/0x10 [ 77.044175][ T8903] keyring_restrict+0xf7/0x280 [ 77.048926][ T8903] keyctl_restrict_keyring+0x103/0x1b0 [ 77.054373][ T8903] ? proc_fail_nth_write+0x130/0x160 [ 77.059659][ T8903] __se_sys_keyctl+0x20f/0xbb0 [ 77.064483][ T8903] ? __secure_computing+0x9f/0x1c0 [ 77.069671][ T8903] __x64_sys_keyctl+0x67/0x80 [ 77.074357][ T8903] x64_sys_call+0x971/0x2d60 [ 77.079031][ T8903] do_syscall_64+0xc9/0x1c0 [ 77.083532][ T8903] ? clear_bhb_loop+0x55/0xb0 [ 77.088260][ T8903] ? clear_bhb_loop+0x55/0xb0 [ 77.093017][ T8903] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.099011][ T8903] RIP: 0033:0x7f628f94def9 [ 77.103424][ T8903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.123059][ T8903] RSP: 002b:00007f628e5c1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 77.131532][ T8903] RAX: ffffffffffffffda RBX: 00007f628fb05f80 RCX: 00007f628f94def9 [ 77.139486][ T8903] RDX: 0000000020000440 RSI: 000000001dfcbea4 RDI: 000000000000001d [ 77.147493][ T8903] RBP: 00007f628e5c1090 R08: 0000000000000000 R09: 0000000000000000 [ 77.155746][ T8903] R10: 0000000020000100 R11: 0000000000000246 R12: 0000000000000001 [ 77.163716][ T8903] R13: 0000000000000000 R14: 00007f628fb05f80 R15: 00007ffc0f53f9b8 [ 77.171682][ T8903] [ 77.176163][ T3974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 77.185061][ T3336] usb 7-1: enqueue for inactive port 0 [ 77.190591][ T3336] usb 7-1: enqueue for inactive port 0 [ 77.197553][ T3974] bond0 (unregistering): Released all slaves [ 77.206986][ T3974] bond1 (unregistering): Released all slaves [ 77.217553][ T8900] FAULT_INJECTION: forcing a failure. [ 77.217553][ T8900] name failslab, interval 1, probability 0, space 0, times 0 [ 77.231005][ T8900] CPU: 0 UID: 0 PID: 8900 Comm: syz.0.803 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 77.241616][ T8900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 77.251761][ T8900] Call Trace: [ 77.255059][ T8900] [ 77.257981][ T8900] dump_stack_lvl+0xf2/0x150 [ 77.262613][ T8900] dump_stack+0x15/0x20 [ 77.266764][ T8900] should_fail_ex+0x229/0x230 [ 77.271434][ T8900] ? __kvmalloc_node_noprof+0x72/0x170 [ 77.276885][ T8900] should_failslab+0x8f/0xb0 [ 77.281471][ T8900] __kmalloc_node_noprof+0xa8/0x380 [ 77.286673][ T8900] __kvmalloc_node_noprof+0x72/0x170 [ 77.291983][ T8900] alloc_netdev_mqs+0x6b6/0x8d0 [ 77.296910][ T8900] ieee802154_if_add+0xa7/0x810 [ 77.301815][ T8900] ? __list_del_entry_valid_or_report+0x5f/0xf0 [ 77.308067][ T8900] ? _raw_spin_unlock+0x26/0x50 [ 77.312962][ T8900] ? __mutex_lock+0x221/0x8e0 [ 77.317758][ T8900] ieee802154_add_iface_deprecated+0x44/0x70 [ 77.323729][ T8900] ieee802154_add_iface+0x271/0x470 [ 77.328957][ T8900] ? genl_rcv_msg+0x561/0x6c0 [ 77.333704][ T8900] genl_rcv_msg+0x61b/0x6c0 [ 77.338209][ T8900] ? __pfx_ieee802154_add_iface+0x10/0x10 [ 77.343985][ T8900] ? __rcu_read_unlock+0x4e/0x70 [ 77.348927][ T8900] netlink_rcv_skb+0x12c/0x230 [ 77.353709][ T8900] ? __pfx_genl_rcv_msg+0x10/0x10 [ 77.358732][ T8900] genl_rcv+0x28/0x40 [ 77.362714][ T8900] netlink_unicast+0x599/0x670 [ 77.367465][ T8900] netlink_sendmsg+0x5cc/0x6e0 [ 77.372238][ T8900] ? __pfx_netlink_sendmsg+0x10/0x10 [ 77.377701][ T8900] __sock_sendmsg+0x140/0x180 [ 77.382458][ T8900] ____sys_sendmsg+0x312/0x410 [ 77.387257][ T8900] __sys_sendmsg+0x1e9/0x280 [ 77.391965][ T8900] __x64_sys_sendmsg+0x46/0x50 [ 77.396771][ T8900] x64_sys_call+0x2689/0x2d60 [ 77.401492][ T8900] do_syscall_64+0xc9/0x1c0 [ 77.405986][ T8900] ? clear_bhb_loop+0x55/0xb0 [ 77.410650][ T8900] ? clear_bhb_loop+0x55/0xb0 [ 77.415328][ T8900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.421348][ T8900] RIP: 0033:0x7f5c2d28def9 [ 77.425751][ T8900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.445346][ T8900] RSP: 002b:00007f5c2bf01038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 77.453759][ T8900] RAX: ffffffffffffffda RBX: 00007f5c2d445f80 RCX: 00007f5c2d28def9 [ 77.461717][ T8900] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 000000000000000b [ 77.469886][ T8900] RBP: 00007f5c2bf01090 R08: 0000000000000000 R09: 0000000000000000 [ 77.477931][ T8900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 77.485917][ T8900] R13: 0000000000000000 R14: 00007f5c2d445f80 R15: 00007ffd2d9a9c98 [ 77.493888][ T8900] [ 77.497610][ T3336] vhci_hcd: vhci_device speed not set [ 77.511282][ T29] kauditd_printk_skb: 323 callbacks suppressed [ 77.511296][ T29] audit: type=1400 audit(1726282608.274:3332): avc: denied { create } for pid=8910 comm="syz.1.807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 77.537455][ T29] audit: type=1400 audit(1726282608.274:3333): avc: denied { write } for pid=8910 comm="syz.1.807" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 77.579444][ T8831] chnl_net:caif_netlink_parms(): no params data found [ 77.590858][ T29] audit: type=1400 audit(1726282608.574:3334): avc: denied { bind } for pid=8920 comm="syz.4.810" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 77.639494][ T9029] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 77.664616][ T9044] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 77.674602][ T29] audit: type=1326 audit(1726282608.694:3335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9023 comm="syz.1.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 77.698519][ T29] audit: type=1326 audit(1726282608.694:3336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9023 comm="syz.1.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 77.722143][ T29] audit: type=1326 audit(1726282608.694:3337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9023 comm="syz.1.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 77.745636][ T29] audit: type=1326 audit(1726282608.694:3338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9023 comm="syz.1.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 77.756072][ T1759] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 77.769031][ T29] audit: type=1326 audit(1726282608.694:3339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9023 comm="syz.1.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 77.802404][ T29] audit: type=1326 audit(1726282608.694:3340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9023 comm="syz.1.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 77.825835][ T29] audit: type=1326 audit(1726282608.694:3341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9023 comm="syz.1.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 77.924097][ T3974] hsr_slave_0: left promiscuous mode [ 77.932136][ T3974] hsr_slave_1: left promiscuous mode [ 77.949048][ T3974] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 77.956605][ T3974] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.985398][ T3974] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 77.992857][ T3974] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 78.012768][ T3974] veth1_macvtap: left promiscuous mode [ 78.018879][ T3974] veth0_macvtap: left promiscuous mode [ 78.024587][ T3974] veth1_vlan: left promiscuous mode [ 78.030125][ T3974] veth0_vlan: left promiscuous mode [ 78.220159][ T9088] Cannot find add_set index 0 as target [ 78.221656][ T3974] team0 (unregistering): Port device team_slave_1 removed [ 78.239909][ T9090] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 78.240043][ T3974] team0 (unregistering): Port device team_slave_0 removed [ 78.303156][ T8831] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.310329][ T8831] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.318035][ T8831] bridge_slave_0: entered allmulticast mode [ 78.325296][ T8831] bridge_slave_0: entered promiscuous mode [ 78.332478][ T8831] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.339738][ T8831] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.347260][ T8831] bridge_slave_1: entered allmulticast mode [ 78.354628][ T8831] bridge_slave_1: entered promiscuous mode [ 78.367313][ T50] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 78.408920][ T8831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.442481][ T8831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.516986][ T8831] team0: Port device team_slave_0 added [ 78.539044][ T8831] team0: Port device team_slave_1 added [ 78.627805][ T8831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.634802][ T8831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.661120][ T8831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.664569][ T9214] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 78.697234][ T8831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.704923][ T8831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.731541][ T8831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.792939][ T8831] hsr_slave_0: entered promiscuous mode [ 78.799339][ T8831] hsr_slave_1: entered promiscuous mode [ 78.805514][ T8831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.813101][ T8831] Cannot create hsr debugfs directory [ 78.830189][ T3972] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 78.918148][ T9293] Cannot find add_set index 0 as target [ 79.189384][ T9350] loop2: detected capacity change from 0 to 512 [ 79.213080][ T9350] EXT4-fs: Ignoring removed orlov option [ 79.268578][ T8831] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 79.281239][ T9350] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.321321][ T9350] ext4 filesystem being mounted at /173/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 79.332306][ T8831] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 79.347420][ T8831] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 79.367172][ T8831] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 79.389070][ T3262] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.412164][ T8831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.423364][ T8831] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.437084][ T3974] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.444239][ T3974] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.460824][ T1759] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.467941][ T1759] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.562015][ T8831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.600636][ T9407] loop2: detected capacity change from 0 to 1024 [ 79.628989][ T9407] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 79.640076][ T9407] JBD2: no valid journal superblock found [ 79.646066][ T9407] EXT4-fs (loop2): Could not load journal inode [ 79.666759][ T9407] loop2: detected capacity change from 0 to 1024 [ 79.669796][ T8831] veth0_vlan: entered promiscuous mode [ 79.679161][ T9407] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 79.683609][ T8831] veth1_vlan: entered promiscuous mode [ 79.688930][ T9407] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 79.704123][ T8831] veth0_macvtap: entered promiscuous mode [ 79.710039][ T9407] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 79.721351][ T9407] EXT4-fs error (device loop2): ext4_get_journal_inode:5740: inode #5: comm syz.2.854: unexpected bad inode w/o EXT4_IGET_BAD [ 79.735310][ T9407] EXT4-fs (loop2): no journal found [ 79.740562][ T9407] EXT4-fs (loop2): can't get journal size [ 79.747724][ T9407] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 79.770152][ T8831] veth1_macvtap: entered promiscuous mode [ 79.799897][ T8831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.810534][ T8831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.820483][ T8831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.831818][ T8831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.841938][ T8831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.852394][ T8831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.863446][ T8831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.873492][ T8831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.883982][ T8831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.894079][ T8831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.904990][ T8831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.915044][ T8831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.925876][ T8831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.937562][ T8831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.947083][ T8831] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.956413][ T8831] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.965520][ T8831] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.974252][ T8831] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.021844][ T9442] Invalid ELF header magic: != ELF [ 80.028834][ T9442] __nla_validate_parse: 3 callbacks suppressed [ 80.028856][ T9442] netlink: 12 bytes leftover after parsing attributes in process `syz.4.861'. [ 80.040507][ T9445] 9pnet: Could not find request transport: 0xffffffffffffffff [ 80.059638][ T9442] netlink: 8 bytes leftover after parsing attributes in process `syz.4.861'. [ 80.068476][ T9442] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 80.205408][ T3336] IPVS: starting estimator thread 0... [ 80.211907][ T9455] xt_connbytes: Forcing CT accounting to be enabled [ 80.219819][ T9455] Cannot find add_set index 0 as target [ 80.305883][ T9456] IPVS: using max 2976 ests per chain, 148800 per kthread [ 80.454247][ T9462] Cannot find add_set index 0 as target [ 80.799382][ T9479] loop4: detected capacity change from 0 to 512 [ 80.825408][ T9479] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.839177][ T9479] ext4 filesystem being mounted at /171/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 80.862234][ T9496] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 80.935453][ T3264] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.975610][ T3262] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.994704][ T9507] SELinux: policydb version -570608695 does not match my version range 15-33 [ 81.003850][ T9507] SELinux: failed to load policy [ 81.024072][ T9512] netlink: 4 bytes leftover after parsing attributes in process `syz.4.877'. [ 81.085600][ T9533] netlink: 36 bytes leftover after parsing attributes in process `syz.4.885'. [ 81.111846][ T9529] 9pnet: Could not find request transport: 0xffffffffffffffff [ 81.258795][ T9547] loop1: detected capacity change from 0 to 512 [ 81.307414][ T9547] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.365137][ T9547] ext4 filesystem being mounted at /68/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 81.441857][ T9572] tipc: Started in network mode [ 81.446822][ T9572] tipc: Node identity 16f7e3fe8d5f, cluster identity 4711 [ 81.456074][ T9572] tipc: Enabled bearer , priority 0 [ 81.464102][ T9572] ªªªªªª: renamed from syzkaller0 [ 81.470552][ T9572] tipc: Disabling bearer [ 81.476659][ T9547] netlink: 8 bytes leftover after parsing attributes in process `syz.1.887'. [ 81.514492][ T6145] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.696753][ T9626] smc: net device lo applied user defined pnetid SYZ1 [ 81.705894][ T9626] smc: net device lo erased user defined pnetid SYZ1 [ 81.720836][ T9631] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 81.772763][ T9630] syzkaller0: entered promiscuous mode [ 81.778469][ T9630] syzkaller0: entered allmulticast mode [ 81.840642][ T9649] tipc: Started in network mode [ 81.845631][ T9649] tipc: Node identity ac1414aa, cluster identity 4711 [ 81.853229][ T9649] tipc: Enabled bearer , priority 10 [ 81.871531][ T9651] FAULT_INJECTION: forcing a failure. [ 81.871531][ T9651] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 81.884671][ T9651] CPU: 0 UID: 0 PID: 9651 Comm: syz.1.914 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 81.895334][ T9651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 81.905485][ T9651] Call Trace: [ 81.908807][ T9651] [ 81.911795][ T9651] dump_stack_lvl+0xf2/0x150 [ 81.916392][ T9651] dump_stack+0x15/0x20 [ 81.920643][ T9651] should_fail_ex+0x229/0x230 [ 81.925311][ T9651] should_fail+0xb/0x10 [ 81.929469][ T9651] should_fail_usercopy+0x1a/0x20 [ 81.934558][ T9651] _copy_to_user+0x1e/0xa0 [ 81.938977][ T9651] ethtool_get_one_feature+0x194/0x1e0 [ 81.944442][ T9651] dev_ethtool+0x10e7/0x14c0 [ 81.949039][ T9651] ? __rcu_read_unlock+0x4e/0x70 [ 81.954019][ T9651] dev_ioctl+0x854/0xab0 [ 81.958323][ T9651] sock_do_ioctl+0x11c/0x260 [ 81.962980][ T9651] sock_ioctl+0x470/0x640 [ 81.967379][ T9651] ? __pfx_sock_ioctl+0x10/0x10 [ 81.972225][ T9651] __se_sys_ioctl+0xd3/0x150 [ 81.976880][ T9651] __x64_sys_ioctl+0x43/0x50 [ 81.981461][ T9651] x64_sys_call+0x15cc/0x2d60 [ 81.986129][ T9651] do_syscall_64+0xc9/0x1c0 [ 81.990622][ T9651] ? clear_bhb_loop+0x55/0xb0 [ 81.995353][ T9651] ? clear_bhb_loop+0x55/0xb0 [ 82.000054][ T9651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.005975][ T9651] RIP: 0033:0x7fa71837def9 [ 82.010428][ T9651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.030083][ T9651] RSP: 002b:00007fa716ff7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 82.038483][ T9651] RAX: ffffffffffffffda RBX: 00007fa718535f80 RCX: 00007fa71837def9 [ 82.046497][ T9651] RDX: 0000000020000900 RSI: 0000000000008946 RDI: 0000000000000013 [ 82.054456][ T9651] RBP: 00007fa716ff7090 R08: 0000000000000000 R09: 0000000000000000 [ 82.062437][ T9651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 82.070396][ T9651] R13: 0000000000000000 R14: 00007fa718535f80 R15: 00007ffdfe8f8f18 [ 82.078407][ T9651] [ 82.146067][ T9668] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 82.171770][ T9675] FAULT_INJECTION: forcing a failure. [ 82.171770][ T9675] name failslab, interval 1, probability 0, space 0, times 0 [ 82.184474][ T9675] CPU: 1 UID: 0 PID: 9675 Comm: syz.2.923 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 82.195120][ T9675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 82.205162][ T9675] Call Trace: [ 82.208424][ T9675] [ 82.211349][ T9675] dump_stack_lvl+0xf2/0x150 [ 82.215931][ T9675] dump_stack+0x15/0x20 [ 82.220086][ T9675] should_fail_ex+0x229/0x230 [ 82.224756][ T9675] ? audit_log_start+0x34c/0x6b0 [ 82.229687][ T9675] should_failslab+0x8f/0xb0 [ 82.234272][ T9675] kmem_cache_alloc_noprof+0x4c/0x290 [ 82.239745][ T9675] audit_log_start+0x34c/0x6b0 [ 82.244500][ T9675] ? kmem_cache_free+0xd8/0x280 [ 82.249399][ T9675] audit_seccomp+0x4b/0x130 [ 82.253962][ T9675] __seccomp_filter+0x6fa/0x1180 [ 82.258911][ T9675] ? proc_fail_nth_write+0x130/0x160 [ 82.264203][ T9675] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 82.269855][ T9675] ? vfs_write+0x5a5/0x900 [ 82.274271][ T9675] ? __fget_files+0x1da/0x210 [ 82.278964][ T9675] __secure_computing+0x9f/0x1c0 [ 82.283963][ T9675] syscall_trace_enter+0xd1/0x1f0 [ 82.289034][ T9675] ? fpregs_assert_state_consistent+0x83/0xa0 [ 82.295145][ T9675] do_syscall_64+0xaa/0x1c0 [ 82.299678][ T9675] ? clear_bhb_loop+0x55/0xb0 [ 82.304342][ T9675] ? clear_bhb_loop+0x55/0xb0 [ 82.309110][ T9675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.315003][ T9675] RIP: 0033:0x7fca6f17c93c [ 82.319407][ T9675] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 82.339001][ T9675] RSP: 002b:00007fca6ddf7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 82.347399][ T9675] RAX: ffffffffffffffda RBX: 00007fca6f335f80 RCX: 00007fca6f17c93c [ 82.355524][ T9675] RDX: 000000000000000f RSI: 00007fca6ddf70a0 RDI: 0000000000000003 [ 82.363481][ T9675] RBP: 00007fca6ddf7090 R08: 0000000000000000 R09: 0000000000000000 [ 82.371442][ T9675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 82.379487][ T9675] R13: 0000000000000000 R14: 00007fca6f335f80 R15: 00007ffc14c01108 [ 82.387448][ T9675] [ 82.443234][ T9688] IPVS: sed: SCTP 127.0.0.1:0 - no destination available [ 82.499412][ T9698] loop2: detected capacity change from 0 to 512 [ 82.510773][ T9698] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.932: iget: bad extended attribute block 1 [ 82.523771][ T9698] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.932: couldn't read orphan inode 15 (err -117) [ 82.538218][ T9698] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.555563][ T29] kauditd_printk_skb: 141 callbacks suppressed [ 82.555577][ T29] audit: type=1400 audit(1726282613.584:3481): avc: denied { connect } for pid=9697 comm="syz.2.932" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 82.603813][ T29] audit: type=1400 audit(1726282613.614:3482): avc: denied { read } for pid=9697 comm="syz.2.932" path="socket:[15212]" dev="sockfs" ino=15212 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 82.688901][ T3262] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.769316][ T9726] netlink: 20 bytes leftover after parsing attributes in process `+}[@'. [ 82.861605][ T29] audit: type=1400 audit(1726282613.864:3483): avc: denied { ioctl } for pid=9735 comm="syz.0.940" path="socket:[15256]" dev="sockfs" ino=15256 ioctlcmd=0x662c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 82.944440][ T8082] tipc: Node number set to 2886997162 [ 82.992317][ T9758] loop1: detected capacity change from 0 to 512 [ 83.005342][ T9758] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 83.033811][ T9758] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.945: iget: bad i_size value: -67835469387268086 [ 83.034489][ T9760] Cannot find add_set index 0 as target [ 83.059887][ T29] audit: type=1400 audit(1726282614.084:3484): avc: denied { mount } for pid=9759 comm="syz.0.947" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 83.084813][ T9762] devtmpfs: Unknown parameter 'ÿÿnr_ize' [ 83.085227][ T9758] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.945: couldn't read orphan inode 15 (err -117) [ 83.092274][ T9763] loop2: detected capacity change from 0 to 512 [ 83.114941][ T9758] EXT4-fs (loop1): mounted filesystem f7ff0000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.115393][ T9763] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 83.127124][ T9758] ext2 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.143884][ T29] audit: type=1400 audit(1726282614.114:3485): avc: denied { remount } for pid=9759 comm="syz.0.947" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 83.165888][ T29] audit: type=1400 audit(1726282614.114:3486): avc: denied { mounton } for pid=9759 comm="syz.0.947" path="/217/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 83.182098][ T29] audit: type=1400 audit(1726282614.204:3487): avc: denied { map } for pid=9757 comm="syz.1.945" path="pipe:[9392]" dev="pipefs" ino=9392 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 83.227833][ T9763] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.240849][ T9763] ext4 filesystem being mounted at /189/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.252700][ T6145] EXT4-fs (loop1): unmounting filesystem f7ff0000-0000-0000-0000-000000000000. [ 83.315567][ T29] audit: type=1400 audit(1726282614.344:3488): avc: denied { setopt } for pid=9772 comm="syz.1.949" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 83.335651][ T29] audit: type=1400 audit(1726282614.374:3489): avc: denied { unmount } for pid=3263 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 83.356684][ T29] audit: type=1400 audit(1726282614.394:3490): avc: denied { unmount } for pid=3263 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 83.357612][ T9763] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #17: comm syz.2.948: corrupted inode contents [ 83.388791][ T9763] EXT4-fs error (device loop2): ext4_dirty_inode:6014: inode #17: comm syz.2.948: mark_inode_dirty error [ 83.410001][ T9763] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #17: comm syz.2.948: corrupted inode contents [ 83.423620][ T9763] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3007: inode #17: comm syz.2.948: mark_inode_dirty error [ 83.454172][ T9763] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3010: inode #17: comm syz.2.948: mark inode dirty (error -117) [ 83.474949][ T9783] netlink: 20 bytes leftover after parsing attributes in process `+}[@'. [ 83.484273][ T9763] EXT4-fs warning (device loop2): ext4_evict_inode:271: xattr delete (err -117) [ 83.562393][ T3262] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.599313][ T11] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 83.614747][ T9802] netlink: 20 bytes leftover after parsing attributes in process `+}[@'. [ 83.654090][ T50] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.706968][ T50] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.742313][ T9834] loop4: detected capacity change from 0 to 128 [ 83.751388][ T9834] netlink: 4 bytes leftover after parsing attributes in process `syz.4.960'. [ 83.751882][ T50] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.761564][ T9834] netlink: 4 bytes leftover after parsing attributes in process `syz.4.960'. [ 83.828821][ T9844] loop4: detected capacity change from 0 to 512 [ 83.842526][ T9839] loop3: detected capacity change from 0 to 1024 [ 83.846144][ T9844] EXT4-fs: Ignoring removed orlov option [ 83.864803][ T50] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.878596][ T9844] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.893395][ T9844] ext4 filesystem being mounted at /191/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 83.952133][ T3264] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.968288][ T50] bridge_slave_1: left allmulticast mode [ 83.974007][ T50] bridge_slave_1: left promiscuous mode [ 83.979682][ T50] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.987796][ T50] bridge_slave_0: left allmulticast mode [ 83.993540][ T50] bridge_slave_0: left promiscuous mode [ 83.999428][ T50] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.187161][ T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 84.208160][ T9905] 9pnet: Could not find request transport: 0xffffffffffffffff [ 84.208266][ T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 84.228886][ T50] bond0 (unregistering): Released all slaves [ 84.316595][ T9818] chnl_net:caif_netlink_parms(): no params data found [ 84.354782][ T50] IPVS: stopping master sync thread 7542 ... [ 84.373462][ T50] hsr_slave_0: left promiscuous mode [ 84.384731][ T50] hsr_slave_1: left promiscuous mode [ 84.385295][T10022] loop1: detected capacity change from 0 to 128 [ 84.396479][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 84.403972][ T50] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 84.411868][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 84.419441][ T50] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 84.428983][ T50] veth1_macvtap: left promiscuous mode [ 84.434525][ T50] veth0_macvtap: left promiscuous mode [ 84.440094][ T50] veth1_vlan: left promiscuous mode [ 84.445429][ T50] veth0_vlan: left promiscuous mode [ 84.523375][ T50] team0 (unregistering): Port device team_slave_1 removed [ 84.533838][ T50] team0 (unregistering): Port device team_slave_0 removed [ 84.588912][ T9818] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.596564][ T9818] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.605340][ T9818] bridge_slave_0: entered allmulticast mode [ 84.611816][ T9818] bridge_slave_0: entered promiscuous mode [ 84.621672][ T9818] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.628832][ T9818] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.636038][ T9818] bridge_slave_1: entered allmulticast mode [ 84.642559][ T9818] bridge_slave_1: entered promiscuous mode [ 84.665781][ T9818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.669621][T10095] loop3: detected capacity change from 0 to 256 [ 84.676448][ T9818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.698700][T10095] FAT-fs (loop3): Directory bread(block 64) failed [ 84.705563][T10095] FAT-fs (loop3): Directory bread(block 65) failed [ 84.712162][T10095] FAT-fs (loop3): Directory bread(block 66) failed [ 84.718914][T10095] FAT-fs (loop3): Directory bread(block 67) failed [ 84.719999][ T9818] team0: Port device team_slave_0 added [ 84.725551][T10095] FAT-fs (loop3): Directory bread(block 68) failed [ 84.737672][T10095] FAT-fs (loop3): Directory bread(block 69) failed [ 84.744271][T10095] FAT-fs (loop3): Directory bread(block 70) failed [ 84.750906][T10095] FAT-fs (loop3): Directory bread(block 71) failed [ 84.752162][ T9818] team0: Port device team_slave_1 added [ 84.757554][T10095] FAT-fs (loop3): Directory bread(block 72) failed [ 84.776206][T10095] FAT-fs (loop3): Directory bread(block 73) failed [ 84.794066][ T9818] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.794203][T10130] loop1: detected capacity change from 0 to 512 [ 84.801035][ T9818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.833454][ T9818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.839309][T10130] loop1: detected capacity change from 0 to 512 [ 84.849814][ T9818] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.857356][ T9818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.883323][ T9818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.898605][T10095] syz.3.974: attempt to access beyond end of device [ 84.898605][T10095] loop3: rw=2049, sector=1224, nr_sectors = 4 limit=256 [ 84.915427][T10130] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 84.925467][T10151] loop4: detected capacity change from 0 to 512 [ 84.927623][T10130] EXT4-fs (loop1): orphan cleanup on readonly fs [ 84.932165][T10151] EXT4-fs: Ignoring removed orlov option [ 84.944974][T10130] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm +÷h®F”-[Ö"õf€6Ú: bad orphan inode 15 [ 84.960632][T10151] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.970702][T10130] ext4_test_bit(bit=14, block=18) = 1 [ 84.975113][T10151] ext4 filesystem being mounted at /193/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 84.978480][T10130] is_bad_inode(inode)=0 [ 84.992874][T10130] NEXT_ORPHAN(inode)=1023 [ 84.997370][T10130] max_ino=32 [ 85.000650][T10130] i_nlink=0 [ 85.004787][T10162] smc: net device lo applied user defined pnetid SYZ1 [ 85.017229][T10130] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2978: inode #15: comm +÷h®F”-[Ö"õf€6Ú: corrupted xattr block 19: e_value size too large [ 85.034591][T10130] EXT4-fs warning (device loop1): ext4_evict_inode:271: xattr delete (err -117) [ 85.036686][T10188] smc: net device lo erased user defined pnetid SYZ1 [ 85.046224][T10130] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 85.055935][ T9818] hsr_slave_0: entered promiscuous mode [ 85.065894][T10189] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 85.085180][ T9818] hsr_slave_1: entered promiscuous mode [ 85.085231][ T3264] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.113060][ T9818] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.126365][ T9818] Cannot create hsr debugfs directory [ 85.136369][ T50] IPVS: stop unused estimator thread 0... [ 85.137528][T10198] loop2: detected capacity change from 0 to 128 [ 85.166614][T10198] __nla_validate_parse: 6 callbacks suppressed [ 85.166676][T10198] netlink: 4 bytes leftover after parsing attributes in process `syz.2.981'. [ 85.231624][T10198] netlink: 4 bytes leftover after parsing attributes in process `syz.2.981'. [ 85.261433][T10267] netlink: 4 bytes leftover after parsing attributes in process `syz.2.984'. [ 85.270682][T10267] netlink: 4 bytes leftover after parsing attributes in process `syz.2.984'. [ 85.435556][T10284] Cannot find add_set index 0 as target [ 85.511582][T10295] loop3: detected capacity change from 0 to 512 [ 85.518651][T10295] EXT4-fs: Ignoring removed orlov option [ 85.577382][T10295] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.590312][T10295] ext4 filesystem being mounted at /36/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 85.631260][ T8831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.653665][ T6145] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.673358][T10323] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 85.701642][T10327] loop3: detected capacity change from 0 to 2048 [ 85.754141][T10327] loop3: p1 p3 < > p4 < p5 > [ 85.758862][T10327] loop3: partition table partially beyond EOD, truncated [ 85.766005][T10327] loop3: p1 size 33024 extends beyond EOD, truncated [ 85.773857][T10327] loop3: p3 start 4284289 is beyond EOD, truncated [ 85.780874][T10327] loop3: p5 size 33024 extends beyond EOD, [ 85.780874][T10340] FAULT_INJECTION: forcing a failure. [ 85.780874][T10340] name failslab, interval 1, probability 0, space 0, times 0 [ 85.780897][T10340] CPU: 0 UID: 0 PID: 10340 Comm: syz.1.996 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 85.786827][T10327] truncated [ 85.799411][T10340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 85.799429][T10340] Call Trace: [ 85.799436][T10340] [ 85.799445][T10340] dump_stack_lvl+0xf2/0x150 [ 85.799471][T10340] dump_stack+0x15/0x20 [ 85.838511][T10340] should_fail_ex+0x229/0x230 [ 85.843276][T10340] ? security_netlbl_sid_to_secattr+0xc1/0x160 [ 85.849503][T10340] should_failslab+0x8f/0xb0 [ 85.854177][T10340] __kmalloc_node_track_caller_noprof+0xa6/0x380 [ 85.860501][T10340] kstrdup+0x3a/0x80 [ 85.864478][T10340] security_netlbl_sid_to_secattr+0xc1/0x160 [ 85.870453][T10340] selinux_netlbl_sock_genattr+0x87/0x230 [ 85.876224][T10340] selinux_netlbl_socket_post_create+0x52/0xd0 [ 85.882378][T10340] selinux_mptcp_add_subflow+0x93/0xa0 [ 85.887855][T10340] security_mptcp_add_subflow+0x42/0x70 [ 85.893410][T10340] mptcp_subflow_create_socket+0xe8/0x710 [ 85.899412][T10340] __mptcp_nmpc_sk+0xb4/0x3c0 [ 85.904173][T10340] mptcp_listen+0xbb/0x570 [ 85.908599][T10340] __sys_listen+0x13c/0x190 [ 85.913125][T10340] __x64_sys_listen+0x2d/0x40 [ 85.917795][T10340] x64_sys_call+0x258f/0x2d60 [ 85.922511][T10340] do_syscall_64+0xc9/0x1c0 [ 85.927099][T10340] ? clear_bhb_loop+0x55/0xb0 [ 85.931862][T10340] ? clear_bhb_loop+0x55/0xb0 [ 85.936612][T10340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.942599][T10340] RIP: 0033:0x7fa71837def9 [ 85.947004][T10340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.966599][T10340] RSP: 002b:00007fa716ff7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000032 [ 85.975008][T10340] RAX: ffffffffffffffda RBX: 00007fa718535f80 RCX: 00007fa71837def9 [ 85.983114][T10340] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 85.991191][T10340] RBP: 00007fa716ff7090 R08: 0000000000000000 R09: 0000000000000000 [ 85.999164][T10340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 86.007277][T10340] R13: 0000000000000000 R14: 00007fa718535f80 R15: 00007ffdfe8f8f18 [ 86.015280][T10340] [ 86.019566][ T9818] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.028677][ T9818] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.061579][ T9818] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.088908][ T9818] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.121396][T10364] loop3: detected capacity change from 0 to 128 [ 86.143632][T10364] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 86.164268][T10364] ext4 filesystem being mounted at /40/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 86.180352][ T9818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.195185][T10364] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:406: inode #2: comm syz.3.1001: No space for directory leaf checksum. Please run e2fsck -D. [ 86.210948][T10364] EXT4-fs error (device loop3): __ext4_find_entry:1652: inode #2: comm syz.3.1001: checksumming directory block 0 [ 86.233631][ T9818] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.246149][T10373] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 86.258498][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.265594][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.282040][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.289247][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.301155][ T8831] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 86.340589][ T9818] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 86.351053][ T9818] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 86.446145][T10412] netlink: 'syz.4.1007': attribute type 10 has an invalid length. [ 86.454033][T10412] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1007'. [ 86.465502][T10412] bridge0: port 3(ipvlan0) entered blocking state [ 86.472031][T10412] bridge0: port 3(ipvlan0) entered disabled state [ 86.478627][T10412] ipvlan0: entered allmulticast mode [ 86.483978][T10412] veth0_vlan: entered allmulticast mode [ 86.490640][T10412] ipvlan0: left allmulticast mode [ 86.495732][T10412] veth0_vlan: left allmulticast mode [ 86.501866][T10412] A link change request failed with some changes committed already. Interface ipvlan0 may have been left with an inconsistent configuration, please check. [ 86.525440][ T9818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.537813][T10412] loop4: detected capacity change from 0 to 2048 [ 86.555516][T10412] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.598914][ T9818] veth0_vlan: entered promiscuous mode [ 86.606384][ T3264] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.608191][ T9818] veth1_vlan: entered promiscuous mode [ 86.633482][ T9818] veth0_macvtap: entered promiscuous mode [ 86.641488][ T9818] veth1_macvtap: entered promiscuous mode [ 86.653475][ T9818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.664109][ T9818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.674022][ T9818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.684495][ T9818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.694612][ T9818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.705220][ T9818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.716282][ T9818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.726842][ T9818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.737482][ T9818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.747323][ T9818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.757818][ T9818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.767665][ T9818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.778369][ T9818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.790468][ T9818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.800262][ T9818] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.809197][ T9818] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.818001][ T9818] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.826858][ T9818] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.957300][T10452] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1010'. [ 87.201985][T10458] loop3: detected capacity change from 0 to 2048 [ 87.221421][T10458] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.225774][T10467] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 87.527631][ T8080] IPVS: starting estimator thread 0... [ 87.544053][T10482] xt_connbytes: Forcing CT accounting to be enabled [ 87.557732][T10510] loop1: detected capacity change from 0 to 512 [ 87.564916][T10510] EXT4-fs: Ignoring removed orlov option [ 87.573604][T10482] Cannot find add_set index 0 as target [ 87.590342][T10510] ext4 filesystem being mounted at /101/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 87.635768][T10509] IPVS: using max 2784 ests per chain, 139200 per kthread [ 87.699239][ T29] kauditd_printk_skb: 110 callbacks suppressed [ 87.699254][ T29] audit: type=1400 audit(1726282618.724:3601): avc: denied { watch } for pid=10513 comm="syz.4.1020" path="/203" dev="tmpfs" ino=1097 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 87.729367][ T29] audit: type=1400 audit(1726282618.764:3602): avc: denied { execute } for pid=10513 comm="syz.4.1020" name="file1" dev="tmpfs" ino=1102 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 87.755700][ T29] audit: type=1400 audit(1726282618.784:3603): avc: denied { execute_no_trans } for pid=10513 comm="syz.4.1020" path="/203/file1" dev="tmpfs" ino=1102 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 87.853241][ T29] audit: type=1326 audit(1726282618.874:3604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.1.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 87.876853][ T29] audit: type=1326 audit(1726282618.874:3605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.1.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 87.900392][ T29] audit: type=1326 audit(1726282618.874:3606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.1.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 87.924062][ T29] audit: type=1326 audit(1726282618.874:3607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.1.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 87.968882][ T29] audit: type=1326 audit(1726282618.984:3608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.1.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 87.993148][ T29] audit: type=1326 audit(1726282618.984:3609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.1.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 87.998577][T10535] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 88.016643][ T29] audit: type=1326 audit(1726282618.984:3610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.1.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 88.179416][T10544] syz.2.1026[10544] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 88.179482][T10544] syz.2.1026[10544] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 88.292233][T10562] loop3: detected capacity change from 0 to 512 [ 88.323314][T10562] EXT4-fs: Ignoring removed oldalloc option [ 88.336852][T10568] loop4: detected capacity change from 0 to 512 [ 88.346308][T10562] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 88.361330][T10568] EXT4-fs: Ignoring removed orlov option [ 88.377867][T10562] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2862: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 88.403017][T10562] EXT4-fs (loop3): 1 truncate cleaned up [ 88.415553][T10568] ext4 filesystem being mounted at /206/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 88.460414][T10588] FAULT_INJECTION: forcing a failure. [ 88.460414][T10588] name failslab, interval 1, probability 0, space 0, times 0 [ 88.473191][T10588] CPU: 0 UID: 0 PID: 10588 Comm: syz.3.1035 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 88.483403][T10594] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 88.483938][T10588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 88.483960][T10588] Call Trace: [ 88.483967][T10588] [ 88.510895][T10588] dump_stack_lvl+0xf2/0x150 [ 88.515508][T10588] dump_stack+0x15/0x20 [ 88.519664][T10588] should_fail_ex+0x229/0x230 [ 88.524428][T10588] ? __alloc_skb+0x10b/0x310 [ 88.529114][T10588] should_failslab+0x8f/0xb0 [ 88.533721][T10588] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 88.539542][T10588] __alloc_skb+0x10b/0x310 [ 88.543978][T10588] audit_log_start+0x368/0x6b0 [ 88.549071][T10588] audit_seccomp+0x4b/0x130 [ 88.553660][T10588] __seccomp_filter+0x6fa/0x1180 [ 88.558633][T10588] ? strncpy_from_user+0x1b4/0x270 [ 88.563773][T10588] __secure_computing+0x9f/0x1c0 [ 88.568745][T10588] syscall_trace_enter+0xd1/0x1f0 [ 88.573824][T10588] ? fpregs_assert_state_consistent+0x83/0xa0 [ 88.579939][T10588] do_syscall_64+0xaa/0x1c0 [ 88.584534][T10588] ? clear_bhb_loop+0x55/0xb0 [ 88.589260][T10588] ? clear_bhb_loop+0x55/0xb0 [ 88.594008][T10588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.600010][T10588] RIP: 0033:0x7f96b4f4c93c [ 88.604498][T10588] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 88.624173][T10588] RSP: 002b:00007f96b3bc7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 88.632701][T10588] RAX: ffffffffffffffda RBX: 00007f96b5105f80 RCX: 00007f96b4f4c93c [ 88.640744][T10588] RDX: 000000000000000f RSI: 00007f96b3bc70a0 RDI: 0000000000000004 [ 88.648710][T10588] RBP: 00007f96b3bc7090 R08: 0000000000000000 R09: 0000000000000000 [ 88.656913][T10588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 88.664878][T10588] R13: 0000000000000000 R14: 00007f96b5105f80 R15: 00007ffd03c834c8 [ 88.672843][T10588] [ 88.791958][T10630] Cannot find add_set index 0 as target [ 88.806832][ T3972] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 88.954567][T10652] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1042'. [ 89.002026][T10654] serio: Serial port pts0 [ 89.026245][T10658] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1044'. [ 89.041406][T10652] loop1: detected capacity change from 0 to 1024 [ 89.065039][T10658] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1044'. [ 89.080656][T10660] loop3: detected capacity change from 0 to 128 [ 89.116247][T10660] ext4 filesystem being mounted at /47/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 89.162471][T10660] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:406: inode #2: comm syz.3.1043: No space for directory leaf checksum. Please run e2fsck -D. [ 89.177876][T10660] EXT4-fs error (device loop3): __ext4_find_entry:1652: inode #2: comm syz.3.1043: checksumming directory block 0 [ 89.195356][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1045'. [ 89.216322][T10660] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:406: inode #2: comm syz.3.1043: No space for directory leaf checksum. Please run e2fsck -D. [ 89.231925][T10660] EXT4-fs error (device loop3): __ext4_find_entry:1652: inode #2: comm syz.3.1043: checksumming directory block 0 [ 89.250236][T10672] loop2: detected capacity change from 0 to 512 [ 89.259850][T10672] EXT4-fs: Ignoring removed orlov option [ 89.301722][T10672] ext4 filesystem being mounted at /206/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 89.396900][T10691] loop2: detected capacity change from 0 to 2048 [ 90.003965][T10740] loop4: detected capacity change from 0 to 512 [ 90.018801][T10740] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 90.030014][T10745] loop3: detected capacity change from 0 to 128 [ 90.039543][T10740] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec01c, mo2=0002] [ 90.048652][T10745] ext4 filesystem being mounted at /48/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 90.073925][T10740] System zones: 1-12 [ 90.080023][T10740] EXT4-fs (loop4): 1 truncate cleaned up [ 90.352984][T10752] loop1: detected capacity change from 0 to 512 [ 90.362754][T10752] EXT4-fs (loop1): filesystem is read-only [ 90.384432][T10752] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 90.480788][T10752] EXT4-fs (loop1): filesystem is read-only [ 90.486690][T10752] EXT4-fs (loop1): orphan cleanup on readonly fs [ 90.580021][T10752] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1057: bg 0: block 64: padding at end of block bitmap is not set [ 90.621538][T10767] loop4: detected capacity change from 0 to 512 [ 90.628159][T10752] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 90.644045][T10752] EXT4-fs (loop1): 1 orphan inode deleted [ 90.650729][T10767] EXT4-fs: Ignoring removed orlov option [ 90.668924][T10752] __nla_validate_parse: 2 callbacks suppressed [ 90.668972][T10752] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1057'. [ 90.680558][T10767] ext4 filesystem being mounted at /213/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 90.745493][T10805] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1067'. [ 90.755253][T10805] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1067'. [ 90.773102][T10807] program syz.4.1068 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.793860][T10809] FAULT_INJECTION: forcing a failure. [ 90.793860][T10809] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 90.806999][T10809] CPU: 1 UID: 0 PID: 10809 Comm: +}[@ Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 90.817318][T10809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 90.827365][T10809] Call Trace: [ 90.830687][T10809] [ 90.833603][T10809] dump_stack_lvl+0xf2/0x150 [ 90.838182][T10809] dump_stack+0x15/0x20 [ 90.842323][T10809] should_fail_ex+0x229/0x230 [ 90.846983][T10809] should_fail+0xb/0x10 [ 90.851136][T10809] should_fail_usercopy+0x1a/0x20 [ 90.856227][T10809] _copy_to_iter+0xd3/0xb00 [ 90.860786][T10809] ? chacha_block_generic+0x24e/0x280 [ 90.866183][T10809] get_random_bytes_user+0x112/0x260 [ 90.871473][T10809] ? import_ubuf+0xe9/0x120 [ 90.876046][T10809] __x64_sys_getrandom+0xb5/0x190 [ 90.881152][T10809] x64_sys_call+0x2887/0x2d60 [ 90.885901][T10809] do_syscall_64+0xc9/0x1c0 [ 90.890417][T10809] ? clear_bhb_loop+0x55/0xb0 [ 90.895183][T10809] ? clear_bhb_loop+0x55/0xb0 [ 90.899911][T10809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.905957][T10809] RIP: 0033:0x7f4ebb58def9 [ 90.910415][T10809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.930075][T10809] RSP: 002b:00007f4eba201038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 90.938535][T10809] RAX: ffffffffffffffda RBX: 00007f4ebb745f80 RCX: 00007f4ebb58def9 [ 90.946543][T10809] RDX: 0000000000000000 RSI: 00000000ffffff9a RDI: 0000000020000240 [ 90.954493][T10809] RBP: 00007f4eba201090 R08: 0000000000000000 R09: 0000000000000000 [ 90.962479][T10809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 90.970704][T10809] R13: 0000000000000000 R14: 00007f4ebb745f80 R15: 00007ffcdc6de018 [ 90.978769][T10809] [ 91.037304][T10818] 9pnet_fd: Insufficient options for proto=fd [ 91.104130][T10818] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 91.104821][T10825] loop4: detected capacity change from 0 to 512 [ 91.125310][T10825] EXT4-fs: Ignoring removed orlov option [ 91.157113][T10825] ext4 filesystem being mounted at /217/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 91.268132][T10840] block device autoloading is deprecated and will be removed. [ 91.269681][T10842] loop3: detected capacity change from 0 to 512 [ 91.275869][T10840] syz.4.1078: attempt to access beyond end of device [ 91.275869][T10840] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 91.295563][T10842] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 91.304769][T10842] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 91.319747][T10842] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 91.328228][T10842] System zones: 0-2, 18-18, 34-34 [ 91.334920][T10842] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 91.350615][T10842] EXT4-fs (loop3): 1 truncate cleaned up [ 91.460645][T10850] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1080'. [ 91.471516][T10850] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1080'. [ 91.897749][T10880] syz.0.1084[10880] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 91.897828][T10880] syz.0.1084[10880] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 91.938610][T10894] netlink: 'syz.1.1086': attribute type 21 has an invalid length. [ 91.980795][T10898] loop1: detected capacity change from 0 to 512 [ 91.995576][T10897] Cannot find set identified by id 0 to match [ 91.999976][T10898] EXT4-fs: Ignoring removed orlov option [ 92.017695][T10898] ext4 filesystem being mounted at /116/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 92.077780][T10913] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1092'. [ 92.087791][T10913] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1092'. [ 92.312922][T10932] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1099'. [ 92.336763][T10932] loop0: detected capacity change from 0 to 128 [ 92.347131][T10932] ext4 filesystem being mounted at /23/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 92.393250][T10936] Cannot find add_set index 0 as target [ 92.604684][T10946] netlink: 'syz.0.1103': attribute type 3 has an invalid length. [ 92.637545][T10946] loop0: detected capacity change from 0 to 512 [ 92.656416][T10946] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.738045][T10966] FAULT_INJECTION: forcing a failure. [ 92.738045][T10966] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 92.751467][T10966] CPU: 0 UID: 0 PID: 10966 Comm: syz.4.1108 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 92.762254][T10966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 92.772342][T10966] Call Trace: [ 92.775608][T10966] [ 92.778598][T10966] dump_stack_lvl+0xf2/0x150 [ 92.783185][T10966] dump_stack+0x15/0x20 [ 92.787327][T10966] should_fail_ex+0x229/0x230 [ 92.791995][T10966] should_fail+0xb/0x10 [ 92.796186][T10966] should_fail_usercopy+0x1a/0x20 [ 92.801237][T10966] _copy_from_user+0x1e/0xd0 [ 92.805818][T10966] kstrtouint_from_user+0x76/0xe0 [ 92.810870][T10966] proc_fail_nth_write+0x4f/0x160 [ 92.815886][T10966] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 92.821563][T10966] vfs_write+0x28b/0x900 [ 92.825912][T10966] ? __fget_files+0x1da/0x210 [ 92.830600][T10966] ksys_write+0xeb/0x1b0 [ 92.834835][T10966] __x64_sys_write+0x42/0x50 [ 92.839421][T10966] x64_sys_call+0x27dd/0x2d60 [ 92.844145][T10966] do_syscall_64+0xc9/0x1c0 [ 92.848689][T10966] ? clear_bhb_loop+0x55/0xb0 [ 92.853365][T10966] ? clear_bhb_loop+0x55/0xb0 [ 92.858027][T10966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.864179][T10966] RIP: 0033:0x7f628f94c9df [ 92.868581][T10966] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 92.888737][T10966] RSP: 002b:00007f628e5c1030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 92.897152][T10966] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f628f94c9df [ 92.905125][T10966] RDX: 0000000000000001 RSI: 00007f628e5c10a0 RDI: 0000000000000006 [ 92.913109][T10966] RBP: 00007f628e5c1090 R08: 0000000000000000 R09: 0000000000000000 [ 92.921510][T10966] R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001 [ 92.929469][T10966] R13: 0000000000000000 R14: 00007f628fb05f80 R15: 00007ffc0f53f9b8 [ 92.937526][T10966] [ 92.990349][T10979] loop2: detected capacity change from 0 to 512 [ 93.027839][T10979] ext4 filesystem being mounted at /214/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.050824][T10979] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.1111: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 93.067608][T10979] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 93.076743][T10979] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.1111: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 93.093040][T11012] loop3: detected capacity change from 0 to 512 [ 93.102587][T10979] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 93.121897][ T29] kauditd_printk_skb: 140 callbacks suppressed [ 93.121910][ T29] audit: type=1400 audit(1726282624.144:3749): avc: denied { read write } for pid=10978 comm="syz.2.1111" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 93.121908][T10979] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.1111: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 93.169918][T10979] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 93.180058][T10979] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.1111: bg 0: block 18: invalid block bitmap [ 93.185560][ T29] audit: type=1400 audit(1726282624.214:3750): avc: denied { open } for pid=10978 comm="syz.2.1111" path="/214/file0/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 93.194887][T10979] Quota error (device loop2): write_blk: dquota write failed [ 93.224249][T10979] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 93.234944][T10979] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.1111: Failed to acquire dquot type 1 [ 93.248075][T11029] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.1111: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 93.266485][T11027] tipc: Started in network mode [ 93.271467][T11027] tipc: Node identity , cluster identity 4711 [ 93.272683][T11012] ext4 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.277555][T11027] tipc: Failed to set node id, please configure manually [ 93.277565][T11027] tipc: Enabling of bearer rejected, failed to enable media [ 93.306095][T11029] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 93.328045][ T29] audit: type=1400 audit(1726282624.354:3751): avc: denied { setattr } for pid=10978 comm="syz.2.1111" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 93.351821][T11029] Quota error (device loop2): write_blk: dquota write failed [ 93.360004][T11029] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 93.372899][T11029] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.1111: Failed to acquire dquot type 1 [ 93.386484][T10979] syz.2.1111 (10979) used greatest stack depth: 9216 bytes left [ 93.389167][T11012] 9pnet_fd: Insufficient options for proto=fd [ 93.418115][T11012] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 93.479838][T11041] bond1: entered promiscuous mode [ 93.484995][T11041] bond1: entered allmulticast mode [ 93.500970][T11041] 8021q: adding VLAN 0 to HW filter on device bond1 [ 93.551151][T11041] bond1 (unregistering): Released all slaves [ 93.693076][ T29] audit: type=1400 audit(1726282624.714:3752): avc: denied { create } for pid=11120 comm="syz.2.1128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 93.747562][T11125] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1129'. [ 93.801257][T11125] loop3: detected capacity change from 0 to 128 [ 93.831021][T11125] ext4 filesystem being mounted at /61/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 94.051644][T11174] loop0: detected capacity change from 0 to 128 [ 94.080013][ T29] audit: type=1400 audit(1726282625.104:3753): avc: denied { ioctl } for pid=11171 comm="syz.3.1135" path="socket:[18461]" dev="sockfs" ino=18461 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 94.106939][T11172] loop2: detected capacity change from 0 to 2048 [ 94.214582][T11182] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 94.222782][T11182] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 94.239187][T11182] loop0: detected capacity change from 0 to 512 [ 94.268825][T11182] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.304402][ T29] audit: type=1400 audit(1726282625.324:3754): avc: denied { getopt } for pid=11188 comm="syz.1.1139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 94.336112][T11182] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 94.456361][T11203] loop0: detected capacity change from 0 to 512 [ 94.486978][T11203] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.537323][T11203] 9pnet_fd: Insufficient options for proto=fd [ 94.556530][T11203] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 94.668444][T11217] smc: net device lo applied user defined pnetid SYZ1 [ 94.694105][T11217] smc: net device lo erased user defined pnetid SYZ1 [ 94.739095][T11227] loop0: detected capacity change from 0 to 128 [ 94.816372][T11231] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1148'. [ 94.951372][ T8082] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x4 [ 94.959175][ T8082] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x2 [ 94.973831][ T8082] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x3 [ 94.982161][ T8082] hid-generic 0000:3000000:0000.0002: hidraw0: HID v0.00 Device [sy] on syz0 [ 95.455239][T11285] loop1: detected capacity change from 0 to 512 [ 95.511641][T11285] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.559494][T11296] loop2: detected capacity change from 0 to 128 [ 95.577814][T11285] 9pnet_fd: Insufficient options for proto=fd [ 95.678692][T11285] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 95.777368][ T6145] EXT4-fs unmount: 46 callbacks suppressed [ 95.777382][ T6145] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.842372][T11314] loop2: detected capacity change from 0 to 1024 [ 95.854046][T11314] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 95.886786][T11314] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 95.898999][T11329] __nla_validate_parse: 2 callbacks suppressed [ 95.899013][T11329] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1168'. [ 95.932705][T11314] EXT4-fs (loop2): too many log groups per flexible block group [ 95.940492][T11314] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 95.973367][T11357] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1168'. [ 95.974810][T11314] EXT4-fs (loop2): mount failed [ 96.043413][T11364] futex_wake_op: syz.4.1171 tries to shift op by -1; fix this program [ 96.058362][T11365] loop2: detected capacity change from 0 to 128 [ 96.068098][T11367] loop3: detected capacity change from 0 to 512 [ 96.075259][T11369] FAULT_INJECTION: forcing a failure. [ 96.075259][T11369] name failslab, interval 1, probability 0, space 0, times 0 [ 96.088030][T11369] CPU: 0 UID: 0 PID: 11369 Comm: syz.1.1173 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 96.099040][T11369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 96.099570][T11370] loop4: detected capacity change from 0 to 512 [ 96.109163][T11369] Call Trace: [ 96.109176][T11369] [ 96.109184][T11369] dump_stack_lvl+0xf2/0x150 [ 96.109211][T11369] dump_stack+0x15/0x20 [ 96.130370][T11369] should_fail_ex+0x229/0x230 [ 96.135134][T11369] ? shmem_alloc_inode+0x34/0x50 [ 96.140133][T11369] should_failslab+0x8f/0xb0 [ 96.140708][T11370] EXT4-fs: Ignoring removed oldalloc option [ 96.144756][T11369] kmem_cache_alloc_lru_noprof+0x51/0x2a0 [ 96.144788][T11369] shmem_alloc_inode+0x34/0x50 [ 96.161194][T11369] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 96.166660][T11369] alloc_inode+0x3c/0x160 [ 96.167787][T11370] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 96.171044][T11369] new_inode+0x1e/0x100 [ 96.185093][T11369] shmem_get_inode+0x258/0x740 [ 96.189965][T11369] __shmem_file_setup+0x127/0x1f0 [ 96.195085][T11369] shmem_file_setup+0x3b/0x50 [ 96.199813][T11369] __se_sys_memfd_create+0x31d/0x600 [ 96.205104][T11369] __x64_sys_memfd_create+0x31/0x40 [ 96.210310][T11369] x64_sys_call+0x2891/0x2d60 [ 96.214995][T11369] do_syscall_64+0xc9/0x1c0 [ 96.219651][T11369] ? clear_bhb_loop+0x55/0xb0 [ 96.224333][T11369] ? clear_bhb_loop+0x55/0xb0 [ 96.229012][T11369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.234949][T11369] RIP: 0033:0x7fa71837def9 [ 96.239361][T11369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.258983][T11369] RSP: 002b:00007fa716ff6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 96.267403][T11369] RAX: ffffffffffffffda RBX: 000000000000063f RCX: 00007fa71837def9 [ 96.275477][T11369] RDX: 00007fa716ff6ef0 RSI: 0000000000000000 RDI: 00007fa7183f1369 [ 96.283453][T11369] RBP: 0000000020001280 R08: 00007fa716ff6bb7 R09: 00007fa716ff6e40 [ 96.291466][T11369] R10: 000000000000000a R11: 0000000000000202 R12: 00000000200005c0 [ 96.299577][T11369] R13: 00007fa716ff6ef0 R14: 00007fa716ff6eb0 R15: 0000000020000040 [ 96.307572][T11369] [ 96.334230][T11370] EXT4-fs (loop4): 1 truncate cleaned up [ 96.340354][T11370] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.355440][T11367] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.360959][T11365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1172'. [ 96.415628][T11367] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.451590][T11380] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1176'. [ 96.461767][T11367] 9pnet_fd: Insufficient options for proto=fd [ 96.485500][T11380] loop2: detected capacity change from 0 to 128 [ 96.495126][T11367] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 96.508269][ T3264] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.534893][T11380] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 96.574110][T11380] ext4 filesystem being mounted at /226/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 96.608102][ T8831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.638160][ T3262] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 96.682081][T11399] 9pnet: Could not find request transport: 0xffffffffffffffff [ 96.892388][T11410] program syz.4.1182 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 97.167348][T11423] loop1: detected capacity change from 0 to 164 [ 97.178164][T11423] syz.1.1185: attempt to access beyond end of device [ 97.178164][T11423] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 97.194758][T11423] syz.1.1185: attempt to access beyond end of device [ 97.194758][T11423] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 97.208407][T11423] syz.1.1185: attempt to access beyond end of device [ 97.208407][T11423] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 97.222020][T11423] syz.1.1185: attempt to access beyond end of device [ 97.222020][T11423] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 97.235666][T11423] syz.1.1185: attempt to access beyond end of device [ 97.235666][T11423] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 97.249632][T11423] syz.1.1185: attempt to access beyond end of device [ 97.249632][T11423] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 97.263332][T11423] syz.1.1185: attempt to access beyond end of device [ 97.263332][T11423] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 97.287359][T11423] syz.1.1185: attempt to access beyond end of device [ 97.287359][T11423] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 97.301012][T11423] syz.1.1185: attempt to access beyond end of device [ 97.301012][T11423] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 97.314779][T11423] syz.1.1185: attempt to access beyond end of device [ 97.314779][T11423] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 97.462553][T11457] loop0: detected capacity change from 0 to 128 [ 97.469934][T11457] vfat: Unknown parameter 'AcXÞ#!ai]!5d Ë(' [ 97.505569][T11461] loop0: detected capacity change from 0 to 512 [ 97.548020][T11461] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.549279][T11464] smc: net device lo applied user defined pnetid SYZ1 [ 97.570999][T11461] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.585257][T11461] 9pnet_fd: Insufficient options for proto=fd [ 97.594315][T11461] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 97.594919][T11464] smc: net device lo erased user defined pnetid SYZ1 [ 97.647096][ T9818] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.681187][T11468] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1193'. [ 97.720054][T11468] loop4: detected capacity change from 0 to 128 [ 97.742164][T11468] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 97.777863][T11468] ext4 filesystem being mounted at /239/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 97.893909][T11478] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1192'. [ 97.916331][T11478] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.916430][ T3264] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 97.925152][T11478] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.943141][T11478] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.951920][T11478] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 98.019477][T11478] vxlan0: entered promiscuous mode [ 98.069237][T11491] loop1: detected capacity change from 0 to 512 [ 98.097320][T11491] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.131359][T11491] ext4 filesystem being mounted at /132/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 98.278141][ T6145] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.292105][ T29] kauditd_printk_skb: 24 callbacks suppressed [ 98.292117][ T29] audit: type=1400 audit(1726282629.324:3779): avc: denied { listen } for pid=11505 comm="syz.3.1200" lport=20002 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 98.364654][ T29] audit: type=1400 audit(1726282629.394:3780): avc: denied { read } for pid=11511 comm="syz.1.1201" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 98.388317][ T29] audit: type=1400 audit(1726282629.394:3781): avc: denied { open } for pid=11511 comm="syz.1.1201" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 98.421802][T11515] loop3: detected capacity change from 0 to 512 [ 98.444008][ T29] audit: type=1400 audit(1726282629.444:3782): avc: denied { ioctl } for pid=11511 comm="syz.1.1201" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 98.454857][T11520] loop1: detected capacity change from 0 to 512 [ 98.477120][T11519] smc: net device lo applied user defined pnetid SYZ1 [ 98.484693][T11519] smc: net device lo erased user defined pnetid SYZ1 [ 98.497650][T11515] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.517082][T11520] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.535977][T11515] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.550083][T11520] ext4 filesystem being mounted at /134/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 98.606099][T11514] 9pnet_fd: Insufficient options for proto=fd [ 98.640829][T11514] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 98.704880][ T6145] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.741170][ T29] audit: type=1326 audit(1726282629.764:3783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11543 comm="syz.1.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 98.771300][T11537] loop2: detected capacity change from 0 to 128 [ 98.778458][ T8831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.795126][ T29] audit: type=1326 audit(1726282629.764:3784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11543 comm="syz.1.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 98.818822][ T29] audit: type=1326 audit(1726282629.764:3785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11543 comm="syz.1.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 98.842561][ T29] audit: type=1326 audit(1726282629.764:3786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11543 comm="syz.1.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 98.865962][ T11] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 98.866198][ T29] audit: type=1326 audit(1726282629.764:3787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11543 comm="syz.1.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 98.899527][ T29] audit: type=1326 audit(1726282629.764:3788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11543 comm="syz.1.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa71837def9 code=0x7ffc0000 [ 98.925278][T11537] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1210'. [ 99.187369][T11608] loop0: detected capacity change from 0 to 512 [ 99.227934][T11608] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.273818][T11608] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.294074][T11608] 9pnet_fd: Insufficient options for proto=fd [ 99.314012][T11608] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 99.382905][ T9818] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.421652][T11605] loop1: detected capacity change from 0 to 512 [ 99.428403][T11605] EXT4-fs: Ignoring removed bh option [ 99.444371][T11605] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 99.463584][T11605] EXT4-fs (loop1): 1 truncate cleaned up [ 99.483136][T11605] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.508800][T11628] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1227'. [ 99.510406][T11625] 9pnet: Could not find request transport: 0xffffffffffffffff [ 99.551417][T11628] loop4: detected capacity change from 0 to 128 [ 99.587277][T11628] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 99.627094][T11628] ext4 filesystem being mounted at /244/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 99.707832][ T3264] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 99.718249][ T6145] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.799005][T11647] loop2: detected capacity change from 0 to 164 [ 100.269740][T11674] loop1: detected capacity change from 0 to 128 [ 100.288048][T11674] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1239'. [ 100.292068][T11677] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1240'. [ 100.347290][T11677] loop4: detected capacity change from 0 to 128 [ 100.356191][T11677] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 100.368611][T11677] ext4 filesystem being mounted at /246/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 100.422081][ T3264] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 100.459947][ T11] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 100.522024][ T3972] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 100.568025][T11733] 9pnet: Could not find request transport: 0xffffffffffffffff [ 100.597002][T11737] xt_CT: You must specify a L4 protocol and not use inversions on it [ 100.630804][T11742] loop3: detected capacity change from 0 to 1024 [ 100.638981][T11742] EXT4-fs: Ignoring removed orlov option [ 100.645748][T11742] EXT4-fs: Ignoring removed nomblk_io_submit option [ 100.668216][T11742] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.673324][T11750] loop0: detected capacity change from 0 to 128 [ 100.691914][T11742] 9pnet_fd: Insufficient options for proto=fd [ 100.726894][T11755] loop0: detected capacity change from 0 to 128 [ 100.735647][T11755] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 100.749237][T11755] ext4 filesystem being mounted at /66/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 100.799408][ T9818] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 101.114640][T11765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 101.123372][T11765] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 101.237096][T11770] netlink: 'syz.2.1259': attribute type 4 has an invalid length. [ 101.314259][T11769] SELinux: failed to load policy [ 101.371052][ T8831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.418420][T11786] netlink: 'syz.4.1263': attribute type 29 has an invalid length. [ 101.427161][T11786] netlink: 'syz.4.1263': attribute type 29 has an invalid length. [ 101.464877][T11793] loop2: detected capacity change from 0 to 512 [ 101.487225][T11793] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.506087][T11793] ext4 filesystem being mounted at /249/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 101.518353][T11793] 9pnet_fd: Insufficient options for proto=fd [ 101.529532][T11793] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 101.549423][ T3262] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.728676][T11811] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 101.820213][T11818] 9pnet: Could not find request transport: 0xffffffffffffffff [ 101.981324][T11838] FAULT_INJECTION: forcing a failure. [ 101.981324][T11838] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 101.994648][T11838] CPU: 1 UID: 0 PID: 11838 Comm: syz.2.1278 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 102.005467][T11838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 102.015536][T11838] Call Trace: [ 102.018840][T11838] [ 102.021771][T11838] dump_stack_lvl+0xf2/0x150 [ 102.026372][T11838] dump_stack+0x15/0x20 [ 102.031049][T11838] should_fail_ex+0x229/0x230 [ 102.035740][T11838] should_fail+0xb/0x10 [ 102.039901][T11838] should_fail_usercopy+0x1a/0x20 [ 102.045092][T11838] _copy_to_user+0x1e/0xa0 [ 102.049507][T11838] simple_read_from_buffer+0xa0/0x110 [ 102.054991][T11838] proc_fail_nth_read+0xff/0x140 [ 102.060017][T11838] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 102.065654][T11838] vfs_read+0x1a2/0x6e0 [ 102.069810][T11838] ? selinux_file_ioctl+0x2f7/0x380 [ 102.075013][T11838] ksys_read+0xeb/0x1b0 [ 102.079296][T11838] __x64_sys_read+0x42/0x50 [ 102.083839][T11838] x64_sys_call+0x27d3/0x2d60 [ 102.088573][T11838] do_syscall_64+0xc9/0x1c0 [ 102.093179][T11838] ? clear_bhb_loop+0x55/0xb0 [ 102.097864][T11838] ? clear_bhb_loop+0x55/0xb0 [ 102.102574][T11838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.108481][T11838] RIP: 0033:0x7fca6f17c93c [ 102.112944][T11838] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 102.132934][T11838] RSP: 002b:00007fca6ddf7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 102.141400][T11838] RAX: ffffffffffffffda RBX: 00007fca6f335f80 RCX: 00007fca6f17c93c [ 102.149361][T11838] RDX: 000000000000000f RSI: 00007fca6ddf70a0 RDI: 0000000000000005 [ 102.157332][T11838] RBP: 00007fca6ddf7090 R08: 0000000000000000 R09: 0000000000000000 [ 102.165412][T11838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 102.173377][T11838] R13: 0000000000000000 R14: 00007fca6f335f80 R15: 00007ffc14c01108 [ 102.181346][T11838] [ 102.225300][T11840] __nla_validate_parse: 2 callbacks suppressed [ 102.225316][T11840] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1279'. [ 102.324548][T11853] 9pnet_virtio: no channels available for device 127.0.0.1 [ 102.389206][T11859] loop2: detected capacity change from 0 to 512 [ 102.652194][T11880] loop3: detected capacity change from 0 to 128 [ 102.679218][T11880] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1289'. [ 102.951045][T11884] loop4: detected capacity change from 0 to 2048 [ 102.976262][T11914] loop2: detected capacity change from 0 to 512 [ 103.010079][T11914] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 103.072495][T11914] EXT4-fs (loop2): 1 truncate cleaned up [ 103.082658][T11884] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.113121][T11884] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1291: bg 0: block 274: padding at end of block bitmap is not set [ 103.131439][T11884] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 117 [ 103.144638][T11884] EXT4-fs (loop4): This should not happen!! Data will be lost [ 103.144638][T11884] [ 103.156438][T11914] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.225704][ T3262] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.244313][T11884] syz.4.1291 (11884) used greatest stack depth: 9136 bytes left [ 103.286385][ T3264] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.301987][T11933] loop3: detected capacity change from 0 to 2048 [ 103.308534][T11931] 9pnet: Could not find request transport: 0xffffffffffffffff [ 103.330074][T11938] loop4: detected capacity change from 0 to 164 [ 103.354175][T11933] loop3: p1 < > p4 [ 103.358305][T11940] FAULT_INJECTION: forcing a failure. [ 103.358305][T11940] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 103.371445][T11940] CPU: 1 UID: 0 PID: 11940 Comm: syz.1.1303 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 103.375557][T11938] bio_check_eod: 8529 callbacks suppressed [ 103.375569][T11938] syz.4.1302: attempt to access beyond end of device [ 103.375569][T11938] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 103.382194][T11940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 103.382208][T11940] Call Trace: [ 103.382216][T11940] [ 103.388108][T11938] syz.4.1302: attempt to access beyond end of device [ 103.388108][T11938] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 103.401745][T11940] dump_stack_lvl+0xf2/0x150 [ 103.401774][T11940] dump_stack+0x15/0x20 [ 103.411937][T11938] syz.4.1302: attempt to access beyond end of device [ 103.411937][T11938] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 103.415116][T11940] should_fail_ex+0x229/0x230 [ 103.415142][T11940] should_fail+0xb/0x10 [ 103.415160][T11940] should_fail_usercopy+0x1a/0x20 [ 103.418433][T11938] syz.4.1302: attempt to access beyond end of device [ 103.418433][T11938] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 103.431443][T11940] _copy_from_user+0x1e/0xd0 [ 103.431533][T11940] kstrtouint_from_user+0x76/0xe0 [ 103.431568][T11940] proc_fail_nth_write+0x4f/0x160 [ 103.431615][T11940] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 103.431643][T11940] vfs_write+0x28b/0x900 [ 103.436526][T11933] loop3: p4 size 8388608 extends beyond EOD, [ 103.440380][T11940] ? __fget_files+0x1da/0x210 [ 103.453765][T11933] truncated [ 103.458370][T11940] ksys_write+0xeb/0x1b0 [ 103.523630][T11940] __x64_sys_write+0x42/0x50 [ 103.528262][T11940] x64_sys_call+0x27dd/0x2d60 [ 103.532952][T11940] do_syscall_64+0xc9/0x1c0 [ 103.537535][T11940] ? clear_bhb_loop+0x55/0xb0 [ 103.542208][T11940] ? clear_bhb_loop+0x55/0xb0 [ 103.546868][T11940] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.552757][T11940] RIP: 0033:0x7fa71837c9df [ 103.557230][T11940] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 103.576898][T11940] RSP: 002b:00007fa716ff7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 103.585348][T11940] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa71837c9df [ 103.593389][T11940] RDX: 0000000000000001 RSI: 00007fa716ff70a0 RDI: 0000000000000004 [ 103.601351][T11940] RBP: 00007fa716ff7090 R08: 0000000000000000 R09: 0000000000000000 [ 103.609382][T11940] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 103.617346][T11940] R13: 0000000000000000 R14: 00007fa718535f80 R15: 00007ffdfe8f8f18 [ 103.625308][T11940] [ 103.648013][T11949] loop1: detected capacity change from 0 to 512 [ 103.655855][T11949] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 103.666992][T11949] EXT4-fs (loop1): 1 truncate cleaned up [ 103.673212][T11949] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.710734][T11949] FAULT_INJECTION: forcing a failure. [ 103.710734][T11949] name failslab, interval 1, probability 0, space 0, times 0 [ 103.723404][T11949] CPU: 0 UID: 0 PID: 11949 Comm: syz.1.1304 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 103.734245][T11949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 103.744372][T11949] Call Trace: [ 103.747649][T11949] [ 103.750579][T11949] dump_stack_lvl+0xf2/0x150 [ 103.755209][T11949] dump_stack+0x15/0x20 [ 103.759370][T11949] should_fail_ex+0x229/0x230 [ 103.764089][T11949] ? __es_insert_extent+0x575/0xf60 [ 103.769353][T11949] should_failslab+0x8f/0xb0 [ 103.773980][T11949] kmem_cache_alloc_noprof+0x4c/0x290 [ 103.779367][T11949] __es_insert_extent+0x575/0xf60 [ 103.784407][T11949] ext4_es_insert_extent+0x3e5/0x1c10 [ 103.789829][T11949] ext4_map_blocks+0xa93/0xf50 [ 103.794660][T11949] ext4_iomap_begin+0x4a9/0x5d0 [ 103.799518][T11949] iomap_iter+0x3cc/0x800 [ 103.803841][T11949] ? __pfx_ext4_iomap_begin+0x10/0x10 [ 103.809256][T11949] __iomap_dio_rw+0xb4f/0x1090 [ 103.814066][T11949] ? __pfx_ext4_xattr_security_get+0x10/0x10 [ 103.820048][T11949] iomap_dio_rw+0x40/0x90 [ 103.824386][T11949] ext4_file_write_iter+0xaa4/0xe30 [ 103.829586][T11949] vfs_write+0x78f/0x900 [ 103.833819][T11949] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 103.839571][T11949] ksys_write+0xeb/0x1b0 [ 103.843806][T11949] __x64_sys_write+0x42/0x50 [ 103.848384][T11949] x64_sys_call+0x27dd/0x2d60 [ 103.853100][T11949] do_syscall_64+0xc9/0x1c0 [ 103.857711][T11949] ? clear_bhb_loop+0x55/0xb0 [ 103.862377][T11949] ? clear_bhb_loop+0x55/0xb0 [ 103.867038][T11949] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.872929][T11949] RIP: 0033:0x7fa71837def9 [ 103.877359][T11949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.896967][T11949] RSP: 002b:00007fa716ff7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 103.905380][T11949] RAX: ffffffffffffffda RBX: 00007fa718535f80 RCX: 00007fa71837def9 [ 103.913382][T11949] RDX: 000000000000f000 RSI: 0000000020000200 RDI: 0000000000000008 [ 103.921355][T11949] RBP: 00007fa716ff7090 R08: 0000000000000000 R09: 0000000000000000 [ 103.929352][T11949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 103.937310][T11949] R13: 0000000000000000 R14: 00007fa718535f80 R15: 00007ffdfe8f8f18 [ 103.945342][T11949] [ 104.005702][ T6145] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.090198][ T3972] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 104.150067][T11980] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 104.261014][T11987] audit_log_lost: 140 callbacks suppressed [ 104.261028][T11987] audit: audit_lost=6 audit_rate_limit=0 audit_backlog_limit=64 [ 104.274529][T11987] audit: out of memory in audit_log_start [ 104.824168][ T3972] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 104.954619][T12052] loop0: detected capacity change from 0 to 128 [ 104.990542][T12052] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1319'. [ 105.037140][ T3972] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 105.086304][T12078] loop0: detected capacity change from 0 to 512 [ 105.096428][T12078] EXT4-fs: Ignoring removed orlov option [ 105.118728][T12078] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.132238][T12078] ext4 filesystem being mounted at /81/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 105.174005][T12095] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1328'. [ 105.189393][ T9818] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.208070][T12095] loop3: detected capacity change from 0 to 128 [ 105.245197][T12107] Cannot find add_set index 0 as target [ 105.251889][T12095] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 105.278550][T12095] ext4 filesystem being mounted at /94/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 105.363616][T12114] loop2: detected capacity change from 0 to 512 [ 105.374178][ T8831] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 105.400092][T12114] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.405765][T12120] FAULT_INJECTION: forcing a failure. [ 105.405765][T12120] name failslab, interval 1, probability 0, space 0, times 0 [ 105.413134][T12114] ext4 filesystem being mounted at /270/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 105.425197][T12120] CPU: 1 UID: 0 PID: 12120 Comm: syz.1.1335 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 105.441015][ T29] audit: type=1326 audit(1726282636.464:3929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12111 comm="syz.2.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca6f17def9 code=0x7ffc0000 [ 105.446100][T12120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 105.446114][T12120] Call Trace: [ 105.446121][T12120] [ 105.446128][T12120] dump_stack_lvl+0xf2/0x150 [ 105.477208][ T29] audit: type=1326 audit(1726282636.464:3930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12111 comm="syz.2.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7fca6f17def9 code=0x7ffc0000 [ 105.479577][T12120] dump_stack+0x15/0x20 [ 105.482870][ T29] audit: type=1326 audit(1726282636.464:3931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12111 comm="syz.2.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca6f17def9 code=0x7ffc0000 [ 105.485755][T12120] should_fail_ex+0x229/0x230 [ 105.490331][ T29] audit: type=1326 audit(1726282636.464:3932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12111 comm="syz.2.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7fca6f17def9 code=0x7ffc0000 [ 105.513736][T12120] ? p9_client_create+0x57/0xa80 [ 105.513760][T12120] should_failslab+0x8f/0xb0 [ 105.513820][T12120] __kmalloc_cache_noprof+0x4b/0x2a0 [ 105.517969][ T29] audit: type=1326 audit(1726282636.464:3933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12111 comm="syz.2.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca6f17def9 code=0x7ffc0000 [ 105.541360][T12120] p9_client_create+0x57/0xa80 [ 105.541386][T12120] ? v9fs_session_init+0x79/0xda0 [ 105.541409][T12120] ? should_failslab+0x8f/0xb0 [ 105.541455][T12120] ? __kmalloc_node_track_caller_noprof+0x17e/0x380 [ 105.541482][T12120] v9fs_session_init+0xf9/0xda0 [ 105.541505][T12120] ? __rcu_read_unlock+0x4e/0x70 [ 105.541527][T12120] ? strcmp+0x21/0x50 [ 105.602043][ T3984] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 105.607813][T12120] ? __rcu_read_unlock+0x4e/0x70 [ 105.607842][T12120] ? v9fs_mount+0x53/0x560 [ 105.661973][T12120] ? should_failslab+0x8f/0xb0 [ 105.666798][T12120] v9fs_mount+0x69/0x560 [ 105.671046][T12120] ? __pfx_v9fs_mount+0x10/0x10 [ 105.675926][T12120] legacy_get_tree+0x77/0xd0 [ 105.680523][T12120] vfs_get_tree+0x56/0x1e0 [ 105.684985][T12120] do_new_mount+0x227/0x690 [ 105.685645][T12136] Cannot find add_set index 0 as target [ 105.689527][T12120] path_mount+0x49b/0xb30 [ 105.689556][T12120] __se_sys_mount+0x27c/0x2d0 [ 105.704108][T12120] __x64_sys_mount+0x67/0x80 [ 105.708778][T12120] x64_sys_call+0x203e/0x2d60 [ 105.713449][T12120] do_syscall_64+0xc9/0x1c0 [ 105.717930][T12120] ? clear_bhb_loop+0x55/0xb0 [ 105.722604][T12120] ? clear_bhb_loop+0x55/0xb0 [ 105.727269][T12120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.733176][T12120] RIP: 0033:0x7fa71837def9 [ 105.737581][T12120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.757185][T12120] RSP: 002b:00007fa716ff7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 105.765585][T12120] RAX: ffffffffffffffda RBX: 00007fa718535f80 RCX: 00007fa71837def9 [ 105.773632][T12120] RDX: 00000000200002c0 RSI: 0000000020000280 RDI: 0000000020000100 [ 105.781809][T12120] RBP: 00007fa716ff7090 R08: 0000000020000300 R09: 0000000000000000 [ 105.789793][T12120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 105.797822][T12120] R13: 0000000000000000 R14: 00007fa718535f80 R15: 00007ffdfe8f8f18 [ 105.805775][T12120] [ 105.809577][ T3262] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.015813][T12157] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 106.046531][T12159] loop4: detected capacity change from 0 to 512 [ 106.073117][T12159] EXT4-fs: Ignoring removed orlov option [ 106.078624][T12162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1342'. [ 106.089067][T12162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1342'. [ 106.107786][T12159] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.123930][T12159] ext4 filesystem being mounted at /260/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 106.181371][ T3264] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.211315][ T3264] ================================================================== [ 106.219426][ T3264] BUG: KCSAN: data-race in mlock_new_folio / need_mlock_drain [ 106.226902][ T3264] [ 106.229221][ T3264] read-write to 0xffff888237c2b370 of 1 bytes by task 12142 on cpu 0: [ 106.237362][ T3264] mlock_new_folio+0x114/0x200 [ 106.242136][ T3264] folio_add_lru_vma+0x5d/0x60 [ 106.246913][ T3264] handle_mm_fault+0x246c/0x2a30 [ 106.251857][ T3264] __get_user_pages+0x499/0x10d0 [ 106.256797][ T3264] __mm_populate+0x25b/0x3b0 [ 106.261389][ T3264] __se_sys_mlockall+0x2c5/0x370 [ 106.266329][ T3264] __x64_sys_mlockall+0x1f/0x30 [ 106.271181][ T3264] x64_sys_call+0x1e3a/0x2d60 [ 106.275861][ T3264] do_syscall_64+0xc9/0x1c0 [ 106.280357][ T3264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.286274][ T3264] [ 106.288673][ T3264] read to 0xffff888237c2b370 of 1 bytes by task 3264 on cpu 1: [ 106.296388][ T3264] need_mlock_drain+0x30/0x50 [ 106.301084][ T3264] __lru_add_drain_all+0x235/0x410 [ 106.306205][ T3264] lru_add_drain_all+0x10/0x20 [ 106.310988][ T3264] invalidate_bdev+0x47/0x70 [ 106.315616][ T3264] ext4_put_super+0x571/0x840 [ 106.320291][ T3264] generic_shutdown_super+0xde/0x210 [ 106.325586][ T3264] kill_block_super+0x2a/0x70 [ 106.330351][ T3264] ext4_kill_sb+0x44/0x80 [ 106.334689][ T3264] deactivate_locked_super+0x7d/0x1c0 [ 106.340065][ T3264] deactivate_super+0x9f/0xb0 [ 106.344742][ T3264] cleanup_mnt+0x268/0x2e0 [ 106.349261][ T3264] __cleanup_mnt+0x19/0x20 [ 106.353688][ T3264] task_work_run+0x13a/0x1a0 [ 106.358288][ T3264] syscall_exit_to_user_mode+0xbe/0x130 [ 106.363946][ T3264] do_syscall_64+0xd6/0x1c0 [ 106.368540][ T3264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.374533][ T3264] [ 106.376851][ T3264] value changed: 0x06 -> 0x0b [ 106.381518][ T3264] [ 106.383836][ T3264] Reported by Kernel Concurrency Sanitizer on: [ 106.389977][ T3264] CPU: 1 UID: 0 PID: 3264 Comm: syz-executor Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 106.400819][ T3264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 106.410871][ T3264] ==================================================================