last executing test programs: 3.005384698s ago: executing program 3 (id=253): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000a00000012000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000000906010200000c0000000000020000000900020073797a310000000005000100070000002c0007801800018014000240fe8000000000000000000000000000bb060004404e1f00000500070088"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000540)='kfree\x00', r2, 0x0, 0x6}, 0x18) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000030601010000000000000000010000000500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x8000) 2.868407382s ago: executing program 3 (id=257): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ac0)={0x6, 0x10, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000022bf0000000000000500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000db003000a0000000bf91000000000000b7020000000000008500000084000000b7000000000000009500"], &(0x7f0000000200)='syzkaller\x00', 0x3, 0xc8, &(0x7f0000000040)=""/200}, 0x94) 2.788016767s ago: executing program 3 (id=259): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) sendmmsg$inet6(r0, 0x0, 0x0, 0x20008050) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0x0) preadv(r4, &(0x7f0000000100), 0xa, 0x0, 0x0) 2.655000903s ago: executing program 1 (id=267): r0 = socket(0x2, 0x80805, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x19, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000540)='kfree\x00', r2}, 0x10) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) close_range(r4, r4, 0x0) syz_usb_connect(0x4, 0xb, &(0x7f0000000000)=ANY=[], 0x0) dup3(r0, r4, 0x0) 1.492384941s ago: executing program 1 (id=274): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000280)={0x5, 0xfe, 0x8006}) 1.492065459s ago: executing program 3 (id=275): setresuid(0xee00, 0xee00, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000002000000000000210d0000aaa8fa017242ba9380d440fe0000000000002900000003000000", 0xfe60) 1.429917793s ago: executing program 2 (id=277): syz_clone3(&(0x7f0000000340)={0x4000000, 0x0, 0x0, 0x0, {0x3c}, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[0xffffffffffffffff], 0x1}, 0x58) 1.401893726s ago: executing program 3 (id=278): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x24000004) 1.400968747s ago: executing program 1 (id=279): socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x3, 0x300) r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f00000007c0)=@hci={0x1f, 0x5863, 0x31}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000340)="b8b28225cc772f31e7e8c7c988fb", 0xe}], 0x1}, 0x44000) 1.359752045s ago: executing program 3 (id=281): syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x3800813, &(0x7f00000001c0)=ANY=[], 0x1, 0xa5c, &(0x7f0000001240)="$eJzs3c1vXeldB/DvubYT1xmSdBqGIZrGNxmSulPj2A6TEM2iJPZN4uIXZDvSRCya0jgoimGgA9J0hNRUQqw6AgnEAnYjVqxG6oayQLNBsKMrFkho/oWKVVi5OudeO9f2vb6Ox449mc8nur7n5Xee53fuOc95cl+f8MWydmrT3Npaddvj/N1/fgEZc4TdnP7s408+Km8/fpJj6cvbxb8kg0nqSX+S15OBqenFhbkeBT1O7if5NCmSHE/zflfup/jrvPJs/tMU/1jW29Wx3ZZML2t8qR32+QcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEdRMTU9Pj5RHMvM/N13601JfZup6cWFImtr29esb9P0s2rU7+Jn3epbH7q7SIrylsHB9aG+Xz/zLOy1JPULeaM590Y1IHkG8+GJ106/87X+2vr23bL5XI7vvtj3f/jh4++trq78oOPaotjHrI6Y5jlyuzE/s7QwM3fjdqM+s7RQv3716vjlO7eW6rdmZhtL95aWG3P1qcXGjeWFxfrI1DfrE9evX6k3xu4t3J2/PT0221hfeO03J8fHr9a/M/Z7jRuLSwvzl78ztjR1Z2Z2dmb+dhVTri5jrpUn4u/OLNeXGzfm6vWHj1ZXrmzJrC9bzt8yaKLX/pRBk72CJscnJycmJicnftwaPXtjwdW3r799bXy8f7zplbQmsi3igE5ajpavdD/MB3Mhhz2oNfv/ZDYzmc/dvJt6x39Tmc5iFjLXZX3Lev9/8XJjx2rT1v+3evn+tvVnyz8Xcq41O9il/++Sy/79K/dmp/Xv54f5MI/zvaxmNSv5wYFndLT+3U4j85nJUhYyk7ncqJbUW0vquZ6ruZrxfDd3Mpyl9OdWZjKbRpZyL0tZTqM6o6aymEZuZDkLWUw9I5nKN1PPRK7neq6knkbGci8LuZv53M50blSlPMyj6nG/skOOG0ETuwma3CFoW2ferf/fsHWTxtb/nPASqu14lA/gKg57s9bq/4/1Dh2ZehEJAQAAAPvu1/8zJ8+8+h//mxT5evW+/K2Z2cb4YacFAAAA7KPq43pvlHcD5dTXU3j+DwAAAC+bovqOXZFkKMPNqfVvQnkRAAAAAF4S1fv/51IMP1vg+T8AAAC8ZHr/xn7PiGI09eYP+9cfNCMftCKac8XQrZnZxtjUwuw7E7lU/cpA9U2DbaX1JcVA9fWDt3K+GXV+qHk/9KzEss7BMmpi7J2JvJULrR0ZebO8e3OkQ+RkM/IbzchvtEf2ZVPklTISAF52F3boj3fb/7+V0WbE6Nmqy+8/u6kP7qt61nE9KwAcFRtj7Px/a0izDv3/ueZvA5zr1v//1vrwPx2e/5cRr+bhcPMjBWP5ft7Lah5kNK1PHAx3KnV9NILmxxBGe7waMNT6yMLPr9Uyuu31gMGNfW2PXclkRju+ItBWbrGew5VmXN9BHQUAeLEu7NgPr/f/1YvkXfv/0Z2f/7f1uT5SCABHwcYI9s87Mbz74MPeRwBgM700AAAAAAAAAAAAAAAAAAAAAAAAAAAA7L9d/YD/f11KVldXkr0OFtBh4uf//q+/0jXmJyeSwefJcOeJWvYn56M/0ZfksGr/dp57q/IYH5WH7mWaKJ5UDfZzlXPIFyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABeiCLp67S8lhxPMp7k8ovP6uA8OewE9kt9b5sVT/M0H+TkfqcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBl1/r9/1qa9yeai9JfSy4muZ/k9w87x+cx2GP90xeUx9HzR9Xftt//ryUDWSvSn7W1tbWkGJiaXlyYK0+F4ni5/rOPP/movHUt8kfrE9tHVSgLKGvYNLhEq4a2JQObt/pqtdXQ9Mr7j//svT+pT9+sTsyby7dmp+duL/7Os8DXip82h0BoHwZhPd+/uPhvf9O2+Fir8p+mv9uObK33VlXv9PZ6f63T1l3q3YVHqyuTZU3LjXeX//yPa+2rXs355M2RZGRzTX9Y3sqaiu3Fnd/6eG5W/KL4q+Jk/j73q+NfPhrFWlEeolPV/n/l4aPVlbHvv7f6YCOnHz36oK2A0xlO8mBzK2vPqUOlw+mQaNOJqtaBstbxKqj8c6ZHeTtqK3Hi2eO6aR++Wp0yQ8+1D/Xu+1Dp8bi3MrqyNaO1spH87Z9+LZd2PNLHO5R4qUeNHRW/KP6nuJP/zl+2jf9RK4//xXRsnR2KqCKrM2VbYyo2Lak1I6s9n2xf8d2t23VtlRyAn+QP8tsbx79WXf/b281kl3azcT36dtvCLu1mvWl1aRfHN7fUbe2ipVe72N5S/+nUth5lc605s6VHal19um3TyvNMM6pLnr+abyX9Z5/rivKtHleUXtvvtf3/QzGS/8sT4/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABHX5H0dVpeSy4mOZ3kVDlfT9a2xjzZQ321oWIvae6bveT8xVN03dHiaZ7mg5x80RkBAAAAAAAAcDBuTn/28Scflbfq/fi+/Eattaae9Cc5XfzdwNT04sJcj4IGkvvrb+kPdg7psjj3yz+vPJv/tJx7vUd9h/vxAQD4QvtlAAAA///Ynm1o") setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x4d, 0x0, 0x8) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x8840) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000280), 0x0, 0x0) socket(0x10, 0x803, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400ee", @ANYBLOB], 0x3c}}, 0x0) 1.355714131s ago: executing program 0 (id=282): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000800), r0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000801}, 0x448c0) 1.317487865s ago: executing program 2 (id=283): prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r0 = syz_io_uring_setup(0x1104, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0xfffffffe, 0x160}, &(0x7f00000003c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1fc, 0x0, 0x1}) io_uring_enter(r0, 0x47fa, 0x0, 0x0, 0x0, 0x0) 1.313507486s ago: executing program 0 (id=284): capset(&(0x7f0000000400)={0x19980330}, &(0x7f00000003c0)={0xffc, 0x10ffff, 0xffffff88, 0x8000, 0x0, 0x1}) unshare(0x400) r0 = socket$nl_route(0x10, 0x3, 0x0) connect$netlink(r0, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) 1.268232727s ago: executing program 4 (id=285): syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x23500d8, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) 1.267742825s ago: executing program 1 (id=286): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) sendmmsg$inet6(r0, 0x0, 0x0, 0x20008050) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0x0) preadv(r4, &(0x7f0000000100), 0xa, 0x0, 0x0) 1.267154848s ago: executing program 0 (id=287): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@cgroup=r0, 0x32, 0x1, 0x0, &(0x7f0000000000)=[0x0], 0x1, 0x0, &(0x7f0000000040), &(0x7f00000000c0)=[0x0], &(0x7f0000000100)=[0x0, 0x0]}, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xe0000000, 0x5, 0xb7, 0x2, 0x1, 0x1, 0x4, 0x3, 0x1}}}}]}, 0x58}}, 0x4000) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newtfilter={0xa4, 0x2c, 0xd2b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0xb, 0x3}, {}, {0x1, 0x9}}, [@filter_kind_options=@f_u32={{0x8}, {0x70, 0x2, [@TCA_U32_SEL={0x14, 0x5, {0x0, 0x6, 0x0, 0x9, 0x401, 0x1000, 0x8a3, 0xd5}}, @TCA_U32_ACT={0x58, 0x7, [@m_skbmod={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x4cc0, 0x3, 0x4, 0x7, 0x400000}, 0xc}}]}, {0xe50}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x2, 0x7}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x81}, 0x800) 1.199281129s ago: executing program 4 (id=288): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r0 = dup(0xffffffffffffffff) write$P9_RLERRORu(r0, &(0x7f0000000500)=ANY=[@ANYBLOB='S\x00\x00\x00\a'], 0x53) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) 1.197495016s ago: executing program 4 (id=289): ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f0000000280)={0x5, 0xfe, 0x8006}) 1.122155977s ago: executing program 4 (id=290): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001840)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000002c0)='kmem_cache_free\x00', r0}, 0x10) r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x40) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000008000000070000000900000001"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfff}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x4, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) fcntl$setsig(r1, 0xa, 0x13) 1.121693459s ago: executing program 0 (id=291): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7}, 0x18) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000000)={r0, &(0x7f0000000240)="1b06972687cb7da0361b98dcb1c31b04028475c14aa6dc9b6471d06ca9830d37ee367dec07a9ac2103be3d4fea06aae54ff131ee9725f6dc21da79d2f6d27cbea15748", &(0x7f00000002c0)=""/174}, 0x20) 1.103097904s ago: executing program 2 (id=292): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fedbdf25fc0000000000000000f7ffffff000000ac1414bb00000000000000000000000000000004000000000a0060803b000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r2, 0x0, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0) 1.067433036s ago: executing program 0 (id=293): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffff001}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000840)=ANY=[@ANYBLOB="24010000", @ANYRES16=r3, @ANYBLOB="a183000000000000000005"], 0x124}}, 0x0) 1.050762134s ago: executing program 2 (id=294): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f00000017c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40dddb51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42553ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca000000000000000000000509619f5f0cbc72eebc653946d3552236f0dfe485cfa71bd69f4ded6e131128c3875b785875addfcbd5931c12adbef75535e694f3a19f28f9f99fa32e8ff66e7b1ff674434fb63ba0e28aadccf77d387525c98e81476058c958eaccfa7d251d0671222dc9d06485f7f690d3d4227bd21bd7ff8338617705b7faec47c86789a488b43d0fedf1b0ee05d65c677ced1e8214b2f6cb74d73886eb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, &(0x7f0000000140)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4) io_uring_enter(r1, 0x66a8, 0x4000, 0xf, 0x0, 0x18) 230.250494ms ago: executing program 0 (id=295): socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10002, 0x9, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) io_uring_enter(0xffffffffffffffff, 0x2ded, 0x3ffd, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000280), 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r3}}) 229.820939ms ago: executing program 1 (id=296): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="09000000040000000600000007"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x6e, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6100272400383afffc000000000000000000000000000004ff020000000000000000000000000001"], 0x0) 215.949353ms ago: executing program 2 (id=297): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00'}, 0x10) r2 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f0000005e40)={0x0, 0x0, &(0x7f0000005e00)={&(0x7f00000006c0)={0x30, r2, 0x21, 0x8d, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x8004) r3 = syz_io_uring_setup(0xbc3, &(0x7f0000000480)={0x0, 0x1568, 0x11080, 0x0, 0x264}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000000240)="5db5bd", 0x3}], 0x10000000000002a8, 0x8, 0x1, {0x2}}) io_uring_enter(r3, 0x47f8, 0x0, 0x0, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)={0x6c, r7, 0x1, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x6c}}, 0x0) 107.860133ms ago: executing program 4 (id=298): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f00000003c0), r0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800001965ba917c62e1e690e400210061010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket(0x10, 0x803, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0x3}}}, 0x24}}, 0x4080) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000ac0)=@newtfilter={0x104, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfb, {0x0, 0x0, 0x0, r4, {0xf}, {}, {0xe, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0xd8, 0x2, [@TCA_U32_SEL={0xd4, 0x5, {0x3, 0x8, 0xd, 0x4, 0x7ff, 0x365, 0x7, 0x6, [{0x1, 0xffff, 0x7706, 0x18}, {0x7fffffff, 0x8, 0xd7, 0x3}, {0x3, 0x2, 0xea9a, 0x6}, {0x7, 0x9, 0x1, 0x9}, {0x40, 0x2, 0x1000}, {0xf, 0x3a1, 0x8, 0x405}, {0x10000, 0x9, 0x6, 0x7fffffff}, {0x4, 0x0, 0x80, 0x40}, {0xfffffffb, 0x5, 0xff, 0x9}, {0x11, 0x7f, 0x1, 0x8}, {0x5, 0x6, 0x80, 0x3000}, {0x6, 0xc25a0, 0x3, 0x1000}]}}]}}]}, 0x104}}, 0x24040084) sendmsg$kcm(r2, &(0x7f0000000640)={&(0x7f0000000540)=@generic={0x6, "71b82cfd41747a1e08273ffa04602b672347d8f66660a347f6cf8616a11d7649e990dbba20dc4b7a1fcf4e3abcc81bef3cddd646349bbc2ba58ceea35a379ac1bfe65eaa3ce395f6e5ba53597ab7b1ce53ac9079c54b34f7c74d98a1d4b1068df71b59569c8e01b9ff90fec81727e35d7d700ab1ec648e4a18acd471e4de"}, 0x80, &(0x7f0000000600)=[{&(0x7f00000005c0)="db4332fcc589aca06ae8", 0xa}], 0x1, &(0x7f00000009c0)=[{0xa8, 0x103, 0x9, "096ab0886cf6790bfba85795be533453db641f77d3dc520923f991ece9f495845c3d1d258892bb133cdfa09972c063d883acdacbcb183513f77bce7ea8469beebd2fb6debd8d74f161178d9e67e0cb51e565d717a55a96f2e0c28b6a051b91bc92a9cb975cd86b7cc4e9f408e883b3c43bcb6ed040e076742bcf2c2ecf5c707057ee8c654edf39e44971d1c65d83ec4d7ca9c0"}, {0xb0, 0x6, 0x9b2c, "768cebb99a7b6a8b03dab2994e4ef64052dde029ed79733a0f04b36d6cf9364ee4d171ce252fefa4d08f41dd7ce8f122508da314914449809a3e3218c9ad74523c64291531d6b55ee6058e02404e796bbf94ce18a36d4bce709fe060c5fd90cbd26b507932c03a2774d6e841b0a728c09fbf98fc811f5e5e6b3a36d438ea8beea56f03cbcca0f506c808ad75ae51ffca0c52db9c8126af74ed927167e9c2"}, {0x80, 0x10a, 0x1, "34808bcfd4a21291efac11faaba216efdb621bec91582f79ac54465ede8cf4e5672f37aa16e539f2e3927b5b2fb900103b920681a169465081dd2f72b18a086836c23951893a2c0c2ac9431ebeeaa1a650112beae187835560893a2a5d323d36643e86bd4d02f321d7"}, {0xb0, 0x107, 0x825, "47151dd5c4149aa6a5707c837ed1769338315245fdd8f16c07e60a303289d44b6e08c36d03edfe211f03a07689ac3798fbae0e057f18520fadfb9281c2baa8cc3c1cc6f72f8fd889cbf50b5334d7458050e9468a1d1fcdde51b4edbf0bdf09fd40c99451c625f39d79b4fbfa3cf0d4c9e85305cc5260493daaa7f22c96f88e5a2671aeea773d00b4308bb81f8e36f19662d780b1b7776a66a0f1"}, {0xf8, 0x116, 0x2a, "349499232722b1e8afee7754192b409a41760f091a0d1742f6dfb0d404c6e47aedf22b4ca848a8c5828436b56b7fec78f75cc30987d193b04cb934ef790bb6326ce82d782e94c05013ffc2cf43a14f09949cec6f4262fa7f8341102cbf438d4fdf1383ed15a58a0fd1759daa53db42e6ea26bdb894dd12d6b578b7d18db67521c717c8b3c0e2a4c0f38ea2d9c303bd0137713bf9be1994bd9ab0d5441b10099e0c8ff9a6201d084cc4dafabec0a1d07ccf34bbb758424ebc8322442e9d87c7fb1f90573865576a3c1d13f22d12059d491b25b82fe28336fe9b90ad812fd64607c6e6057d"}, {0xb8, 0x190, 0x80000000, "8e15c81de92ef1fe284c3cda739a27d21509fa7d465a58acd3da039ceef4c2a6ee78f625cac77d40644dc8eaa69c34c6b7e371223cee895112bf0021c64325d12eb705c2844021fe0ae709d4033373aa9f271c50db0b64e6ac183c74d60d20b5357b2ff979598689fc782e68ca721cfb8fbfd417ad61acd39f61f0b360c73093780838d6fcdc156ef315f001d752c7b47c068ae3bb6e3df87728a003dd1d15e1f657cc2897"}], 0x438}, 0x800) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r5, 0x0, 0xffffffffffffffff}, 0x18) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380), 0x4001, 0x0) sendfile(r0, r0, 0x0, 0x800000009) 50.348748ms ago: executing program 1 (id=299): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x473, &(0x7f0000000bc0)="$eJzs289vFFUcAPDvTH8AIrQi/gBRq8Sk0djSgsrBi0YTYzCa6AGPtV1Iw0INrUaQSDHGk4kh0bPxaPQv8GZMjHoy8erJkyEhygXwVDOzM6UM/SF226ndzyeZ7nszb3bet29+vH1vN4CONRARsxFxZ0T8FhF9EZFUCwy0Xq5dOTd+/cq58STm5l7/M8nLXb1ybrwsWu63vcgMphHpR0lr54rpM2dPjDWbjdNFfnjm5NvD02fOPvnuybHjjeONU6OHDx86OPLM06NPtSXOLK6rez+Y2rfnpTcvvjJ+9OJbP32TFHFHJY52GcgC/2suV932WLsPVrMdC9JJd40V4bZ0RUTWXD359d8XXXGj8frixQ9rrRywprJn05alN8/OAZtYEnXXAKhH+aDPPv+Wyzp1PTaEy8+1PgBlcV8rltaW7kiLMj2Vz7ftNBARR2f//iJbYo3GIQAAFvpk/PMjvRHx/vWvX876Hn3zW9K4N3/9Pf+7s5hD6Y+IuyJiV0TcHRG7I+KeiLzsfRFx/yrrc2v/J720yrdcVtb/e7aY27q5/1f2/qK/q8jtyOPvSY5NNhsHiv/JYPRsyfIjyxzjuxd+/XSpbQv7f9mSHb/sCxb1uNRdGaCbGJsZyzulbXD5QsTe7sXiT+ZnApKI2BMRe2/vrXeWicnHv9q3VKGV419GG+aZ5r7MwpvN4p+NSvylZOH85OQt85PDW6PZODBcnhW3+vmXj19b6virir8NLjdarwvav1qkP1k4Xzvd3uP/x/M/7U3eyOeZe4t1743NzJweiehNjuT5m9aP3ti3zJfls/N/cP/i1/+uYp8s/gciIjuJH4yIhyLi4aLuj0TEoxGxf5kYf3x+5fgjran9L0RMLHr/mz//K+1/+4muEz98u9Tx/137H8pTg8Wa/P63gsWqk90uqhVczf8OAAAA/i/S/DvwSTo0n07ToaHWd/h3xx1pc2p65oljU++cmmh9V74/etJypKuvGA9tTjYbI8ls8Y6t8dHRYqy4HC89WIwbf9a1Lc8PjU81J2qOHTrd9iWu/8wfXXXXDlhj2xZdO9q77hUBalCdR09vzp5/NdwMYLPye23oXCtc/+l61QNYf57/0LkWu/7PV/LmAmBz8vyHzuX6hw6Vfl93DYAaef5DR1rN7/rXMLF1Y1SjnsRGbZQ8EVEm0g1RH4k1StR9ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGiPfwIAAP//SAfnAA==") 34.700154ms ago: executing program 2 (id=300): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01080000000000000000020000000900020073797a2a0000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x74}}, 0x0) 0s ago: executing program 4 (id=301): ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f0000000280)={0x5, 0xfe, 0x8006}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.66' (ED25519) to the list of known hosts. [ 24.948745][ T6517] cgroup: Unknown subsys name 'net' [ 25.072243][ T6517] cgroup: Unknown subsys name 'cpuset' [ 25.074267][ T6517] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 25.232020][ T6517] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 27.334305][ T6537] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 27.335560][ T6538] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 27.337106][ T6538] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 27.337387][ T6538] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 27.337545][ T6538] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 27.337848][ T6538] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 27.338037][ T6538] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 27.338627][ T6538] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 27.340877][ T6537] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 27.341075][ T6537] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 27.345443][ T6537] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 27.345704][ T6537] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 27.345861][ T6537] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 27.346480][ T6537] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 27.346672][ T6537] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 27.358456][ T6537] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 27.358682][ T6537] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 27.361833][ T6537] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 27.363425][ T6538] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 27.365150][ T6537] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 27.365344][ T6538] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 27.379406][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 27.380046][ T6533] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 27.386565][ T6533] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 27.388224][ T6533] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 27.519931][ T6530] chnl_net:caif_netlink_parms(): no params data found [ 27.551516][ T6531] chnl_net:caif_netlink_parms(): no params data found [ 27.566104][ T6534] chnl_net:caif_netlink_parms(): no params data found [ 27.598214][ T6528] chnl_net:caif_netlink_parms(): no params data found [ 27.604662][ T6540] chnl_net:caif_netlink_parms(): no params data found [ 27.622917][ T6530] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.624415][ T6530] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.625678][ T6530] bridge_slave_0: entered allmulticast mode [ 27.627152][ T6530] bridge_slave_0: entered promiscuous mode [ 27.639094][ T6531] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.639149][ T6531] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.639200][ T6531] bridge_slave_0: entered allmulticast mode [ 27.639597][ T6531] bridge_slave_0: entered promiscuous mode [ 27.647581][ T6530] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.648844][ T6530] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.650007][ T6530] bridge_slave_1: entered allmulticast mode [ 27.650432][ T6530] bridge_slave_1: entered promiscuous mode [ 27.655712][ T6531] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.655969][ T6531] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.656075][ T6531] bridge_slave_1: entered allmulticast mode [ 27.656511][ T6531] bridge_slave_1: entered promiscuous mode [ 27.665628][ T6534] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.665710][ T6534] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.665788][ T6534] bridge_slave_0: entered allmulticast mode [ 27.666210][ T6534] bridge_slave_0: entered promiscuous mode [ 27.667531][ T6534] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.667546][ T6534] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.667608][ T6534] bridge_slave_1: entered allmulticast mode [ 27.667996][ T6534] bridge_slave_1: entered promiscuous mode [ 27.677561][ T6530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.678518][ T6530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.691976][ T6531] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.702145][ T6530] team0: Port device team_slave_0 added [ 27.702906][ T6530] team0: Port device team_slave_1 added [ 27.706629][ T6531] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.733449][ T6534] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.733512][ T6540] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.736386][ T6540] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.737725][ T6540] bridge_slave_0: entered allmulticast mode [ 27.738159][ T6540] bridge_slave_0: entered promiscuous mode [ 27.738731][ T6528] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.738748][ T6528] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.738809][ T6528] bridge_slave_0: entered allmulticast mode [ 27.739190][ T6528] bridge_slave_0: entered promiscuous mode [ 27.740126][ T6540] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.740145][ T6540] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.740200][ T6540] bridge_slave_1: entered allmulticast mode [ 27.740978][ T6540] bridge_slave_1: entered promiscuous mode [ 27.742184][ T6530] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.742193][ T6530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.742209][ T6530] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.742955][ T6530] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.742962][ T6530] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.742974][ T6530] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.756857][ T6531] team0: Port device team_slave_0 added [ 27.758027][ T6531] team0: Port device team_slave_1 added [ 27.764649][ T6534] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.767695][ T6528] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.767990][ T6528] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.768088][ T6528] bridge_slave_1: entered allmulticast mode [ 27.768839][ T6528] bridge_slave_1: entered promiscuous mode [ 27.796459][ T6540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.797986][ T6540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.800019][ T6530] hsr_slave_0: entered promiscuous mode [ 27.800359][ T6530] hsr_slave_1: entered promiscuous mode [ 27.804207][ T6531] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.804229][ T6531] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.804247][ T6531] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.804805][ T6531] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.804812][ T6531] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.804823][ T6531] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.807645][ T6534] team0: Port device team_slave_0 added [ 27.808355][ T6534] team0: Port device team_slave_1 added [ 27.818441][ T6528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.820319][ T6528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.830343][ T6540] team0: Port device team_slave_0 added [ 27.844251][ T6540] team0: Port device team_slave_1 added [ 27.848810][ T6534] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.850488][ T6534] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.855082][ T6534] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.870368][ T6528] team0: Port device team_slave_0 added [ 27.871497][ T6528] team0: Port device team_slave_1 added [ 27.871876][ T6534] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.871882][ T6534] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.871894][ T6534] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.875083][ T6531] hsr_slave_0: entered promiscuous mode [ 27.875345][ T6531] hsr_slave_1: entered promiscuous mode [ 27.875512][ T6531] debugfs: 'hsr0' already exists in 'hsr' [ 27.875550][ T6531] Cannot create hsr debugfs directory [ 27.894580][ T6540] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.895816][ T6540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.896393][ T6540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.908300][ T6534] hsr_slave_0: entered promiscuous mode [ 27.908587][ T6534] hsr_slave_1: entered promiscuous mode [ 27.908761][ T6534] debugfs: 'hsr0' already exists in 'hsr' [ 27.908771][ T6534] Cannot create hsr debugfs directory [ 27.909405][ T6540] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.909417][ T6540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.909432][ T6540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.919426][ T6528] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.919448][ T6528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.919462][ T6528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.921586][ T6528] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.921592][ T6528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.921602][ T6528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.952155][ T6528] hsr_slave_0: entered promiscuous mode [ 27.953547][ T6528] hsr_slave_1: entered promiscuous mode [ 27.954814][ T6528] debugfs: 'hsr0' already exists in 'hsr' [ 27.955769][ T6528] Cannot create hsr debugfs directory [ 27.963441][ T6540] hsr_slave_0: entered promiscuous mode [ 27.963726][ T6540] hsr_slave_1: entered promiscuous mode [ 27.963887][ T6540] debugfs: 'hsr0' already exists in 'hsr' [ 27.963896][ T6540] Cannot create hsr debugfs directory [ 28.051267][ T6530] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 28.070886][ T6530] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 28.081958][ T6530] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 28.085803][ T6530] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 28.102944][ T6531] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 28.106661][ T6531] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 28.112264][ T6531] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 28.114680][ T6531] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 28.123313][ T6530] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.123365][ T6530] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.123558][ T6530] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.123588][ T6530] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.132863][ T6534] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 28.138460][ T6534] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 28.141300][ T6534] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 28.143788][ T6534] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 28.161555][ T6531] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.161602][ T6531] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.161668][ T6531] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.161694][ T6531] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.174036][ T6530] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.178482][ T6534] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.178517][ T6534] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.178589][ T6534] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.178611][ T6534] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.186707][ T6531] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.190085][ T4910] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.191969][ T4910] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.193516][ T4910] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.195217][ T4910] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.196706][ T4910] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.198298][ T4910] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.221102][ T6531] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.225222][ T4910] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.225265][ T4910] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.227935][ T4910] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.227964][ T4910] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.233222][ T6530] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.241517][ T4910] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.241562][ T4910] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.245633][ T6528] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 28.248183][ T6528] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 28.251145][ T6528] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 28.253332][ T6528] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 28.256831][ T4910] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.256865][ T4910] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.291701][ T6534] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.294854][ T6534] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.298169][ T6540] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 28.307583][ T6540] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 28.322465][ T6540] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 28.324933][ T4910] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.324974][ T4910] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.325655][ T4910] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.325669][ T4910] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.332412][ T6540] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 28.353177][ T6531] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.366224][ T6534] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 28.384074][ T6531] veth0_vlan: entered promiscuous mode [ 28.399392][ T6531] veth1_vlan: entered promiscuous mode [ 28.412436][ T6528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.424334][ T6528] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.436048][ T6534] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.444831][ T6530] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.446413][ T6531] veth0_macvtap: entered promiscuous mode [ 28.449545][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.449580][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.453553][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.453590][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.462436][ T6540] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.463495][ T6531] veth1_macvtap: entered promiscuous mode [ 28.470615][ T6528] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 28.472461][ T6528] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 28.494955][ T6534] veth0_vlan: entered promiscuous mode [ 28.498637][ T6534] veth1_vlan: entered promiscuous mode [ 28.502053][ T6540] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.509524][ T6534] veth0_macvtap: entered promiscuous mode [ 28.514437][ T789] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.514483][ T789] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.514970][ T789] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.514984][ T789] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.531558][ T6534] veth1_macvtap: entered promiscuous mode [ 28.535951][ T6540] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 28.541512][ T6531] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.543687][ T6531] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.546946][ T4910] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.547152][ T4910] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.547219][ T4910] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.547376][ T4910] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.559636][ T6530] veth0_vlan: entered promiscuous mode [ 28.563721][ T6530] veth1_vlan: entered promiscuous mode [ 28.581411][ T6534] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.583746][ T6534] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.588896][ T6528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.603140][ T14] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.603218][ T14] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.603241][ T14] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.603254][ T14] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.612756][ T6530] veth0_macvtap: entered promiscuous mode [ 28.627056][ T6528] veth0_vlan: entered promiscuous mode [ 28.630655][ T6530] veth1_macvtap: entered promiscuous mode [ 28.634814][ T6530] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.642482][ T4910] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 28.642513][ T4910] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 28.655684][ T6528] veth1_vlan: entered promiscuous mode [ 28.659188][ T789] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 28.659222][ T789] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 28.661564][ T6530] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.669896][ T6528] veth0_macvtap: entered promiscuous mode [ 28.672826][ T6528] veth1_macvtap: entered promiscuous mode [ 28.677212][ T6528] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.681199][ T789] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.681467][ T789] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.681493][ T789] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.681510][ T789] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.686203][ T6540] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.694139][ T6528] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.696745][ T4910] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.696805][ T4910] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.696829][ T4910] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.696846][ T4910] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.725903][ T6531] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 28.794165][ T2064] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 28.796176][ T2064] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 28.811320][ T14] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 28.811348][ T14] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 28.835556][ T4910] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 28.835579][ T4910] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 28.841130][ T31] audit: type=1326 audit(28.820:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9195c068 code=0x7ffc0000 [ 28.846553][ T6540] veth0_vlan: entered promiscuous mode [ 28.849435][ T31] audit: type=1326 audit(28.820:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=140 compat=0 ip=0xffff9195c068 code=0x7ffc0000 [ 28.854804][ T31] audit: type=1326 audit(28.830:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9195c068 code=0x7ffc0000 [ 28.858847][ T31] audit: type=1326 audit(28.830:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.7" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9195c068 code=0x7ffc0000 [ 28.863975][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 28.865317][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 28.869124][ T6540] veth1_vlan: entered promiscuous mode [ 28.874208][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 28.875598][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 28.884262][ T6540] veth0_macvtap: entered promiscuous mode [ 28.887523][ T6540] veth1_macvtap: entered promiscuous mode [ 28.894390][ T6540] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.896951][ T6540] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.913114][ T14] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.913210][ T14] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.913234][ T14] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.913248][ T14] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.917693][ T2064] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 28.917701][ T2064] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 28.943542][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 28.943570][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 28.954745][ T2064] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 28.954777][ T2064] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 29.013737][ T6656] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1'. [ 29.024286][ T6657] IPv4: Oversized IP packet from 127.202.26.0 [ 29.370805][ T6132] Bluetooth: hci4: command tx timeout [ 29.371026][ T6132] Bluetooth: hci2: command tx timeout [ 29.450268][ T6533] Bluetooth: hci0: command tx timeout [ 29.452264][ T6533] Bluetooth: hci3: command tx timeout [ 29.454263][ T6533] Bluetooth: hci1: command tx timeout [ 30.036383][ T6670] loop4: detected capacity change from 0 to 512 [ 30.036964][ T6670] ======================================================= [ 30.036964][ T6670] WARNING: The mand mount option has been deprecated and [ 30.036964][ T6670] and is ignored by this kernel. Remove the mand [ 30.036964][ T6670] option from the mount to silence this warning. [ 30.036964][ T6670] ======================================================= [ 30.046195][ T6669] loop2: detected capacity change from 0 to 8192 [ 30.056171][ T6666] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13'. [ 30.057820][ T6666] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13'. [ 30.093325][ T6670] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 30.098845][ T6670] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 30.099031][ T6670] EXT4-fs (loop4): orphan cleanup on readonly fs [ 30.106376][ T6670] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.12: Invalid block bitmap block 0 in block_group 0 [ 30.118885][ T6670] EXT4-fs (loop4): Remounting filesystem read-only [ 30.122390][ T6670] Quota error (device loop4): write_blk: dquota write failed [ 30.124036][ T6670] Quota error (device loop4): write_blk: dquota write failed [ 30.131050][ T6670] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 30.131410][ T6670] EXT4-fs (loop4): 1 orphan inode deleted [ 30.172227][ T6670] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 30.218687][ T6680] loop1: detected capacity change from 0 to 1024 [ 30.226952][ T6677] syzkaller0: entered promiscuous mode [ 30.226986][ T6677] syzkaller0: entered allmulticast mode [ 30.230247][ T6680] EXT4-fs: inline encryption not supported [ 30.236242][ T6670] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12'. [ 30.252545][ T6680] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 30.253686][ T6669] FAT-fs (loop2): error, clusters badly computed (775 != 1) [ 30.253697][ T6669] FAT-fs (loop2): Filesystem has been set read-only [ 30.254042][ T6669] FAT-fs (loop2): error, clusters badly computed (776 != 2) [ 30.313157][ T6540] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.315515][ T6684] netlink: 2 bytes leftover after parsing attributes in process `syz.3.16'. [ 30.319026][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.397323][ T6690] netlink: 8 bytes leftover after parsing attributes in process `syz.1.20'. [ 30.474179][ T6697] loop1: detected capacity change from 0 to 1024 [ 30.479481][ T6698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25'. [ 30.484562][ T6698] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25'. [ 30.490578][ T6697] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 30.512927][ T6697] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 30.517254][ T6697] capability: warning: `syz.1.24' uses deprecated v2 capabilities in a way that may be insecure [ 30.537796][ T6700] syz.2.26 uses obsolete (PF_INET,SOCK_PACKET) [ 30.543203][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.586424][ T6704] tipc: Started in network mode [ 30.586464][ T6704] tipc: Node identity 7ea4cdac336b, cluster identity 4711 [ 30.586584][ T6704] tipc: Enabled bearer , priority 0 [ 30.594469][ T6703] tipc: Resetting bearer [ 31.450131][ T6533] Bluetooth: hci4: command tx timeout [ 31.451456][ T6132] Bluetooth: hci2: command tx timeout [ 31.531258][ T6533] Bluetooth: hci3: command tx timeout [ 31.531296][ T6533] Bluetooth: hci0: command tx timeout [ 31.533272][ T6132] Bluetooth: hci1: command tx timeout [ 31.593187][ T6718] loop0: detected capacity change from 0 to 512 [ 31.596891][ T6718] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 31.606234][ T6718] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 31.606360][ T6718] EXT4-fs (loop0): orphan cleanup on readonly fs [ 31.606985][ T6718] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.31: Invalid block bitmap block 0 in block_group 0 [ 31.607881][ T6718] EXT4-fs (loop0): Remounting filesystem read-only [ 31.607989][ T6718] Quota error (device loop0): write_blk: dquota write failed [ 31.608019][ T6718] Quota error (device loop0): write_blk: dquota write failed [ 31.608036][ T6718] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 31.608091][ T6718] EXT4-fs (loop0): 1 orphan inode deleted [ 31.608988][ T6718] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 31.630901][ T6528] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.710115][ T6599] tipc: Node number set to 1305464236 [ 31.720786][ T6703] tipc: Disabling bearer [ 31.846668][ T6730] syzkaller0: entered promiscuous mode [ 31.846702][ T6730] syzkaller0: entered allmulticast mode [ 31.872151][ T6730] netlink: 2 bytes leftover after parsing attributes in process `syz.3.34'. [ 31.927257][ T6745] loop1: detected capacity change from 0 to 1024 [ 31.957678][ T6745] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 31.968211][ T6745] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.42: Allocating blocks 385-513 which overlap fs metadata [ 31.978740][ T6743] EXT4-fs (loop1): pa 00000000adf34eb9: logic 16, phys. 129, len 24 [ 31.978783][ T6743] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 32.009308][ T6761] netlink: 4 bytes leftover after parsing attributes in process `syz.4.50'. [ 32.015519][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.168274][ T6783] tmpfs: Bad value for 'mpol' [ 32.501960][ T6785] syz.2.52 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 32.724269][ T6812] loop0: detected capacity change from 0 to 1764 [ 33.337853][ T6851] syzkaller0: entered promiscuous mode [ 33.338894][ T6851] syzkaller0: entered allmulticast mode [ 33.342156][ T6855] loop2: detected capacity change from 0 to 128 [ 33.347006][ T6855] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 33.394434][ T6530] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 33.468874][ T6858] loop2: detected capacity change from 0 to 8192 [ 33.477228][ T6858] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1) [ 33.477264][ T6858] FAT-fs (loop2): Filesystem has been set read-only [ 33.514583][ T6868] loop1: detected capacity change from 0 to 256 [ 33.529884][ T52] Bluetooth: hci2: command tx timeout [ 33.530472][ T52] Bluetooth: hci4: command tx timeout [ 33.611178][ T52] Bluetooth: hci0: command tx timeout [ 33.611214][ T52] Bluetooth: hci3: command tx timeout [ 33.613216][ T6132] Bluetooth: hci1: command tx timeout [ 33.665475][ T6884] loop2: detected capacity change from 0 to 128 [ 33.673025][ T6884] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 33.690811][ T6884] EXT4-fs warning (device loop2): verify_group_input:156: Last group not full [ 33.718387][ T6530] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 34.763586][ T6918] rdma_op 000000007e3938b6 conn xmit_rdma 0000000000000000 [ 34.794347][ T31] kauditd_printk_skb: 15 callbacks suppressed [ 34.794388][ T31] audit: type=1326 audit(34.770:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6922 comm="syz.4.117" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c15c068 code=0x7ffc0000 [ 34.794415][ T31] audit: type=1326 audit(34.770:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6922 comm="syz.4.117" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c15c068 code=0x7ffc0000 [ 34.794433][ T31] audit: type=1326 audit(34.770:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6922 comm="syz.4.117" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=144 compat=0 ip=0xffff9c15c068 code=0x7ffc0000 [ 34.794449][ T31] audit: type=1326 audit(34.770:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6922 comm="syz.4.117" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9c15c068 code=0x7ffc0000 [ 34.875958][ T6933] __nla_validate_parse: 1 callbacks suppressed [ 34.882319][ T6933] netlink: 4 bytes leftover after parsing attributes in process `syz.4.121'. [ 34.895679][ T6933] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.924966][ T6933] bridge_slave_0 (unregistering): left allmulticast mode [ 34.926303][ T6933] bridge_slave_0 (unregistering): left promiscuous mode [ 34.926368][ T6933] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.042354][ T6950] bridge0: entered allmulticast mode [ 35.042701][ T6950] netlink: 4 bytes leftover after parsing attributes in process `syz.4.125'. [ 35.042765][ T6950] bridge_slave_1: left allmulticast mode [ 35.042777][ T6950] bridge_slave_1: left promiscuous mode [ 35.042871][ T6950] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.078454][ T6950] bridge0 (unregistering): left allmulticast mode [ 35.345398][ T6968] netlink: 4 bytes leftover after parsing attributes in process `syz.0.136'. [ 35.415506][ T6976] loop2: detected capacity change from 0 to 1024 [ 35.416483][ T6976] EXT4-fs: Ignoring removed bh option [ 35.417288][ T6976] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 35.432954][ T6976] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.440781][ T6976] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 35.454036][ T6530] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.541945][ T6989] loop3: detected capacity change from 0 to 1024 [ 35.542509][ T6989] EXT4-fs: Ignoring removed orlov option [ 35.551018][ T6989] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.555857][ T31] audit: type=1326 audit(35.530:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6990 comm="syz.0.145" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb295c068 code=0x7ffc0000 [ 35.555899][ T31] audit: type=1326 audit(35.530:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6990 comm="syz.0.145" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb295c068 code=0x7ffc0000 [ 35.565811][ T31] audit: type=1326 audit(35.540:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6990 comm="syz.0.145" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=4 compat=0 ip=0xffffb295c068 code=0x7ffc0000 [ 35.569519][ T31] audit: type=1326 audit(35.540:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6990 comm="syz.0.145" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb295c068 code=0x7ffc0000 [ 35.594980][ T6996] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 35.608937][ T6531] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.610658][ T6132] Bluetooth: hci4: command tx timeout [ 35.610679][ T6132] Bluetooth: hci2: command tx timeout [ 35.699953][ T6533] Bluetooth: hci1: command tx timeout [ 35.699992][ T6533] Bluetooth: hci3: command tx timeout [ 35.700020][ T6533] Bluetooth: hci0: command tx timeout [ 35.752465][ T7004] netlink: 4 bytes leftover after parsing attributes in process `syz.3.150'. [ 35.825167][ T31] audit: type=1326 audit(35.800:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7008 comm="syz.1.152" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8eb5c068 code=0x7ffc0000 [ 35.825228][ T31] audit: type=1326 audit(35.800:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7008 comm="syz.1.152" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8eb5c068 code=0x7ffc0000 [ 36.126766][ T7027] tipc: Started in network mode [ 36.126801][ T7027] tipc: Node identity 6e95460e0d19, cluster identity 4711 [ 36.127331][ T7027] tipc: Enabled bearer , priority 0 [ 36.128637][ T7027] netlink: 2 bytes leftover after parsing attributes in process `syz.4.161'. [ 36.129673][ T7027] tipc: Resetting bearer [ 36.141531][ T7026] tipc: Disabling bearer [ 36.168995][ T7032] netlink: 132 bytes leftover after parsing attributes in process `syz.0.164'. [ 36.494952][ T7071] skbuff: bad partial csum: csum=65506/2 headroom=178 headlen=65526 [ 36.554979][ T7076] netlink: 'syz.0.184': attribute type 10 has an invalid length. [ 36.556482][ T7076] netlink: 40 bytes leftover after parsing attributes in process `syz.0.184'. [ 36.599364][ T7076] team0: Port device geneve0 added [ 36.922654][ T7107] Zero length message leads to an empty skb [ 36.924255][ T7107] netlink: 4 bytes leftover after parsing attributes in process `syz.3.198'. [ 37.027155][ T7118] netlink: 176 bytes leftover after parsing attributes in process `syz.3.203'. [ 37.056304][ T7122] netlink: 4 bytes leftover after parsing attributes in process `syz.3.205'. [ 37.092893][ T7128] loop3: detected capacity change from 0 to 1024 [ 37.094133][ T7128] EXT4-fs: Ignoring removed nobh option [ 37.113154][ T7128] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.125412][ T6531] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.192581][ T7137] loop2: detected capacity change from 0 to 1764 [ 37.494388][ T7155] loop4: detected capacity change from 0 to 2048 [ 37.547976][ T6545] loop4: p2 p3 p7 [ 37.652854][ T7155] loop4: p2 p3 p7 [ 37.713566][ T7159] 9pnet: p9_errstr2errno: server reported unknown error [ 37.823751][ T6544] udevd[6544]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 37.825970][ T6769] udevd[6769]: inotify_add_watch(7, /dev/loop4p7, 10) failed: No such file or directory [ 37.828364][ T6545] udevd[6545]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 37.842191][ T6769] udevd[6769]: inotify_add_watch(7, /dev/loop4p7, 10) failed: No such file or directory [ 37.844923][ T6544] udevd[6544]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 37.851947][ T6545] udevd[6545]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 38.036532][ T7181] loop1: detected capacity change from 0 to 2048 [ 38.067559][ T7181] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.206839][ T7193] Driver unsupported XDP return value 0 on prog (id 11) dev N/A, expect packet loss! [ 38.229238][ T7191] netlink: 'syz.1.231': attribute type 10 has an invalid length. [ 38.241098][ T7191] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.248721][ T7191] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 38.295358][ T7197] loop3: detected capacity change from 0 to 1024 [ 38.303060][ T7197] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.326596][ T6531] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.359199][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.445330][ T7212] loop4: detected capacity change from 0 to 1764 [ 38.450988][ T7210] hub 2-0:1.0: USB hub found [ 38.452518][ T7210] hub 2-0:1.0: 8 ports detected [ 38.600180][ T7223] hub 9-0:1.0: USB hub found [ 38.601266][ T7223] hub 9-0:1.0: 8 ports detected [ 38.860065][ T7242] loop1: detected capacity change from 0 to 512 [ 38.860423][ T7242] EXT4-fs: Ignoring removed nobh option [ 38.961131][ T7242] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 38.961172][ T7242] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 38.961197][ T7242] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.254: Corrupt directory, running e2fsck is recommended [ 38.970761][ T7242] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 38.974369][ T7242] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.254: corrupted in-inode xattr: invalid ea_ino [ 38.977963][ T7242] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.254: couldn't read orphan inode 15 (err -117) [ 38.981434][ T7242] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.993274][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.343723][ T7283] tipc: Enabled bearer , priority 0 [ 39.345542][ T7283] syzkaller0: entered promiscuous mode [ 39.346693][ T7283] syzkaller0: entered allmulticast mode [ 39.354548][ T7282] tipc: Resetting bearer [ 39.363213][ T7282] tipc: Disabling bearer [ 40.443900][ T7301] __nla_validate_parse: 8 callbacks suppressed [ 40.443940][ T7301] netlink: 108 bytes leftover after parsing attributes in process `syz.4.280'. [ 40.443956][ T7301] netlink: 108 bytes leftover after parsing attributes in process `syz.4.280'. [ 40.443968][ T7301] netlink: 108 bytes leftover after parsing attributes in process `syz.4.280'. [ 40.479133][ T7305] loop3: detected capacity change from 0 to 1764 [ 40.502061][ T7308] capability: warning: `syz.0.284' uses 32-bit capabilities (legacy support in use) [ 40.587343][ T7318] 9pnet_fd: Insufficient options for proto=fd [ 40.756750][ T7331] netlink: 272 bytes leftover after parsing attributes in process `syz.0.293'. [ 41.745163][ T7343] loop4: detected capacity change from 0 to 1024 [ 41.754817][ T7341] tipc: Started in network mode [ 41.754859][ T7341] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 41.755090][ T7341] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 41.755394][ T7341] tipc: Enabled bearer , priority 10 [ 41.763157][ T7347] 9pnet_fd: Insufficient options for proto=fd [ 41.787450][ T7343] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.796066][ T7346] loop1: detected capacity change from 0 to 512 [ 41.798366][ T6540] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.809012][ T7346] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.299: bg 0: block 127: padding at end of block bitmap is not set [ 42.439271][ T7346] ------------[ cut here ]------------ [ 42.439304][ T7346] EA inode 11 i_nlink=2 [ 42.443057][ T7346] WARNING: CPU: 1 PID: 7346 at fs/ext4/xattr.c:1053 ext4_xattr_inode_update_ref+0x444/0x488 [ 42.445299][ T7346] Modules linked in: [ 42.445887][ T7346] CPU: 1 UID: 0 PID: 7346 Comm: syz.1.299 Not tainted syzkaller #0 PREEMPT [ 42.447274][ T7346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 42.448937][ T7346] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 42.450144][ T7346] pc : ext4_xattr_inode_update_ref+0x444/0x488 [ 42.451126][ T7346] lr : ext4_xattr_inode_update_ref+0x444/0x488 [ 42.452084][ T7346] sp : ffff8000a2126f80 [ 42.452658][ T7346] x29: ffff8000a2127000 x28: 0000000000000000 x27: 1fffe0001e76868b [ 42.453899][ T7346] x26: dfff800000000000 x25: ffff8000a2126f80 x24: ffff700014424df0 [ 42.455229][ T7346] x23: ffff800092e12000 x22: ffff0000f3b432a8 x21: 0000000000000002 [ 42.456632][ T7346] x20: 0000000000000001 x19: ffff0000f3b43268 x18: 1fffe0003379be88 [ 42.457973][ T7346] x17: ffff80008f7de000 x16: ffff80008b0141e8 x15: 0000000000000001 [ 42.459227][ T7346] x14: 1fffe0003379e908 x13: 0000000000000000 x12: 0000000000000000 [ 42.460508][ T7346] x11: 0000000000080000 x10: 0000000000000003 x9 : 2ff331dc15c2e200 [ 42.461775][ T7346] x8 : 2ff331dc15c2e200 x7 : ffff800080491290 x6 : 0000000000000000 [ 42.462956][ T7346] x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000010 [ 42.464148][ T7346] x2 : 0000000000000006 x1 : ffff80008b668440 x0 : 0000000000000001 [ 42.465352][ T7346] Call trace: [ 42.465823][ T7346] ext4_xattr_inode_update_ref+0x444/0x488 (P) [ 42.466709][ T7346] ext4_xattr_inode_dec_ref_all+0x76c/0xbfc [ 42.467647][ T7346] ext4_xattr_delete_inode+0x8b0/0xa40 [ 42.468486][ T7346] ext4_evict_inode+0xb98/0x1084 [ 42.469310][ T7346] evict+0x414/0x928 [ 42.469971][ T7346] iput+0x6e4/0x83c [ 42.470562][ T7346] ext4_process_orphan+0x240/0x2b4 [ 42.471474][ T7346] ext4_orphan_cleanup+0x930/0x107c [ 42.472309][ T7346] ext4_fill_super+0x4724/0x4ea4 [ 42.473073][ T7346] get_tree_bdev_flags+0x360/0x414 [ 42.473823][ T7346] get_tree_bdev+0x2c/0x3c [ 42.474552][ T7346] ext4_get_tree+0x28/0x38 [ 42.475191][ T7346] vfs_get_tree+0x90/0x28c [ 42.475904][ T7346] do_new_mount+0x278/0x7f4 [ 42.476654][ T7346] path_mount+0x5b4/0xde0 [ 42.477345][ T7346] __arm64_sys_mount+0x3e8/0x468 [ 42.478139][ T7346] invoke_syscall+0x98/0x2b8 [ 42.478894][ T7346] el0_svc_common+0x130/0x23c [ 42.479676][ T7346] do_el0_svc+0x48/0x58 [ 42.480396][ T7346] el0_svc+0x58/0x180 [ 42.481082][ T7346] el0t_64_sync_handler+0x84/0x12c [ 42.481902][ T7346] el0t_64_sync+0x198/0x19c [ 42.482634][ T7346] irq event stamp: 7974 [ 42.483318][ T7346] hardirqs last enabled at (7973): [] finish_lock_switch+0xb0/0x1c0 [ 42.484940][ T7346] hardirqs last disabled at (7974): [] el1_brk64+0x1c/0x48 [ 42.486194][ T7346] softirqs last enabled at (6872): [] handle_softirqs+0xaf8/0xc88 [ 42.487794][ T7346] softirqs last disabled at (6853): [] __do_softirq+0x14/0x20 [ 42.489264][ T7346] ---[ end trace 0000000000000000 ]--- [ 42.634734][ T7346] EXT4-fs (loop1): 1 orphan inode deleted [ 42.636382][ T7346] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.678815][ T6534] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.871565][ T6611] tipc: Node number set to 1